Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(369)

Unified Diff: third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp

Issue 2797813002: Replicate feature policy container policies. (Closed)
Patch Set: Addressing comments from PS#6 Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp
index 2df838ca7e857bb3c30a276aee042b220dfd6e83..30053b2158045fe602ce4555bfaeb3f6374403f1 100644
--- a/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp
@@ -29,4 +29,80 @@ TEST(HTMLIFrameElementTest, SetAllowAttributeJS) {
EXPECT_EQ("fullscreen", iframe->getAttribute(HTMLNames::allowAttr));
}
+// Test that the correct origin is used when constructing the container policy,
+// and that frames which should inherit their parent document's origin do so.
+TEST(HTMLIFrameElementTest, FramesUseCorrectOrigin) {
+ Document* document = Document::Create();
+ document->UpdateSecurityOrigin(
+ SecurityOrigin::Create(KURL(KURL(), "http://example.com")));
+
+ HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document);
+
+ frame_element->setAttribute(HTMLNames::srcAttr, "about:blank");
+ RefPtr<SecurityOrigin> effective_origin =
+ frame_element->GetOriginForFeaturePolicy();
+ EXPECT_TRUE(
+ effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin()));
+
+ frame_element->setAttribute(HTMLNames::srcAttr, "http://example.net/");
+ effective_origin = frame_element->GetOriginForFeaturePolicy();
+ EXPECT_FALSE(
+ effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin()));
+}
+
+// Test that a unique origin is used when constructing the container policy in a
+// sandboxed iframe.
+TEST(HTMLIFrameElementTest, SandboxFramesUseCorrectOrigin) {
+ Document* document = Document::Create();
+ document->UpdateSecurityOrigin(
+ SecurityOrigin::Create(KURL(KURL(), "http://example.com")));
+
+ HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document);
+
+ frame_element->setAttribute(HTMLNames::sandboxAttr, "sandbox");
+ frame_element->setAttribute(HTMLNames::srcAttr, "http://example.com/");
+ RefPtr<SecurityOrigin> effective_origin =
+ frame_element->GetOriginForFeaturePolicy();
+ EXPECT_FALSE(
+ effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin()));
alexmos 2017/04/13 02:09:15 nit: I'd also check that effective_origin->IsUniqu
iclelland 2017/04/13 19:05:31 Done. (And I'd added that to the ContainerPolicy t
+
+ frame_element->setAttribute(HTMLNames::srcAttr, "http://example.net/");
+ effective_origin = frame_element->GetOriginForFeaturePolicy();
+ EXPECT_FALSE(
+ effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin()));
+}
+
+// Test that the parent document's origin is used when constructing the
+// container policy in a srcdoc iframe.
+TEST(HTMLIFrameElementTest, SrcdocFramesUseCorrectOrigin) {
+ Document* document = Document::Create();
+ document->UpdateSecurityOrigin(
+ SecurityOrigin::Create(KURL(KURL(), "http://example.com")));
+
+ HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document);
+
+ frame_element->setAttribute(HTMLNames::srcdocAttr, "<title>title</title>");
+ RefPtr<SecurityOrigin> effective_origin =
+ frame_element->GetOriginForFeaturePolicy();
+ EXPECT_TRUE(
+ effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin()));
+}
+
+// Test that a unique origin is used when constructing the container policy in a
+// sandboxed iframe with a srcdoc.
+TEST(HTMLIFrameElementTest, SandboxedSrcdocFramesUseCorrectOrigin) {
+ Document* document = Document::Create();
+ document->UpdateSecurityOrigin(
+ SecurityOrigin::Create(KURL(KURL(), "http://example.com")));
+
+ HTMLIFrameElement* frame_element = HTMLIFrameElement::Create(*document);
+
+ frame_element->setAttribute(HTMLNames::sandboxAttr, "sandbox");
+ frame_element->setAttribute(HTMLNames::srcdocAttr, "<title>title</title>");
+ RefPtr<SecurityOrigin> effective_origin =
+ frame_element->GetOriginForFeaturePolicy();
+ EXPECT_FALSE(
+ effective_origin->IsSameSchemeHostPort(document->GetSecurityOrigin()));
+}
+
} // namespace blink

Powered by Google App Engine
This is Rietveld 408576698