Chromium Code Reviews Chromium Code Reviews
Issue 2797813002:
Replicate feature policy container policies. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/html/HTMLIFrameElement.h" | 5 #include "core/html/HTMLIFrameElement.h" |
| 6 | 6 |
| 7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
| 8 #include "testing/gtest/include/gtest/gtest.h" | 8 #include "testing/gtest/include/gtest/gtest.h" |
| 9 | 9 |
| 10 namespace blink { | 10 namespace blink { |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 22 | 22 |
| 23 // Test setting feature policy via the DOMTokenList (JS codepath). | 23 // Test setting feature policy via the DOMTokenList (JS codepath). |
| 24 TEST(HTMLIFrameElementTest, SetAllowAttributeJS) { | 24 TEST(HTMLIFrameElementTest, SetAllowAttributeJS) { |
| 25 Document* document = Document::Create(); | 25 Document* document = Document::Create(); |
| 26 HTMLIFrameElement* iframe = HTMLIFrameElement::Create(*document); | 26 HTMLIFrameElement* iframe = HTMLIFrameElement::Create(*document); |
| 27 | 27 |
| 28 iframe->allow()->setValue("fullscreen"); | 28 iframe->allow()->setValue("fullscreen"); |
| 29 EXPECT_EQ("fullscreen", iframe->getAttribute(HTMLNames::allowAttr)); | 29 EXPECT_EQ("fullscreen", iframe->getAttribute(HTMLNames::allowAttr)); |
| 30 } | 30 } |
| 31 | 31 |
| 32 // Test that the correct origin is used when constructing the container policy, | |
| 33 // and that frames which should inherit their parent document's origin do so. | |
| 34 TEST(HTMLIFrameElementTest, FramesUseCorrectOrigin) { | |
| 35 Document* document = Document::Create(); | |
| 36 document->UpdateSecurityOrigin( | |
| 37 SecurityOrigin::Create(KURL(KURL(), "http://example.com"))); | |
| 38 | |
| 39 HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document); | |
| 40 | |
| 41 frame_element->setAttribute(HTMLNames::srcAttr, "about:blank"); | |
| 42 RefPtr<SecurityOrigin> effective_origin = | |
| 43 frame_element->GetOriginForFeaturePolicy(); | |
| 44 EXPECT_TRUE( | |
| 45 effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin())); | |
| 46 | |
| 47 frame_element->setAttribute(HTMLNames::srcAttr, "http://example.net/"); | |
| 48 effective_origin = frame_element->GetOriginForFeaturePolicy(); | |
| 49 EXPECT_FALSE( | |
| 50 effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin())); | |
| 51 } | |
| 52 | |
| 53 // Test that a unique origin is used when constructing the container policy in a | |
| 54 // sandboxed iframe. | |
| 55 TEST(HTMLIFrameElementTest, SandboxFramesUseCorrectOrigin) { | |
| 56 Document* document = Document::Create(); | |
| 57 document->UpdateSecurityOrigin( | |
| 58 SecurityOrigin::Create(KURL(KURL(), "http://example.com"))); | |
| 59 | |
| 60 HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document); | |
| 61 | |
| 62 frame_element->setAttribute(HTMLNames::sandboxAttr, "sandbox"); | |
| 63 frame_element->setAttribute(HTMLNames::srcAttr, "http://example.com/"); | |
| 64 RefPtr<SecurityOrigin> effective_origin = | |
| 65 frame_element->GetOriginForFeaturePolicy(); | |
| 66 EXPECT_FALSE( | |
| 67 effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin())); | |
|
alexmos
2017/04/13 02:09:15
nit: I'd also check that effective_origin->IsUniqu
iclelland
2017/04/13 19:05:31
Done. (And I'd added that to the ContainerPolicy t
| |
| 68 | |
| 69 frame_element->setAttribute(HTMLNames::srcAttr, "http://example.net/"); | |
| 70 effective_origin = frame_element->GetOriginForFeaturePolicy(); | |
| 71 EXPECT_FALSE( | |
| 72 effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin())); | |
| 73 } | |
| 74 | |
| 75 // Test that the parent document's origin is used when constructing the | |
| 76 // container policy in a srcdoc iframe. | |
| 77 TEST(HTMLIFrameElementTest, SrcdocFramesUseCorrectOrigin) { | |
| 78 Document* document = Document::Create(); | |
| 79 document->UpdateSecurityOrigin( | |
| 80 SecurityOrigin::Create(KURL(KURL(), "http://example.com"))); | |
| 81 | |
| 82 HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document); | |
| 83 | |
| 84 frame_element->setAttribute(HTMLNames::srcdocAttr, "<title>title</title>"); | |
| 85 RefPtr<SecurityOrigin> effective_origin = | |
| 86 frame_element->GetOriginForFeaturePolicy(); | |
| 87 EXPECT_TRUE( | |
| 88 effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin())); | |
| 89 } | |
| 90 | |
| 91 // Test that a unique origin is used when constructing the container policy in a | |
| 92 // sandboxed iframe with a srcdoc. | |
| 93 TEST(HTMLIFrameElementTest, SandboxedSrcdocFramesUseCorrectOrigin) { | |
| 94 Document* document = Document::Create(); | |
| 95 document->UpdateSecurityOrigin( | |
| 96 SecurityOrigin::Create(KURL(KURL(), "http://example.com"))); | |
| 97 | |
| 98 HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document); | |
| 99 | |
| 100 frame_element->setAttribute(HTMLNames::sandboxAttr, "sandbox"); | |
| 101 frame_element->setAttribute(HTMLNames::srcdocAttr, "<title>title</title>"); | |
| 102 RefPtr<SecurityOrigin> effective_origin = | |
| 103 frame_element->GetOriginForFeaturePolicy(); | |
| 104 EXPECT_FALSE( | |
| 105 effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin())); | |
| 106 } | |
| 107 | |
| 32 } // namespace blink | 108 } // namespace blink |
| OLD | NEW |
