Make most of CSP code work with non-Document ExecutionContext

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/csp/ContentSecurityPolicy.h"
 
-#include "core/dom/Document.h"
 #include "core/frame/csp/CSPDirectiveList.h"
 #include "core/html/HTMLScriptElement.h"
-#include "core/loader/DocumentLoader.h"
-#include "core/testing/DummyPageHolder.h"
+#include "core/testing/NullExecutionContext.h"
 #include "platform/Crypto.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/loader/fetch/IntegrityMetadata.h"
 #include "platform/loader/fetch/ResourceRequest.h"
 #include "platform/network/ContentSecurityPolicyParsers.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "public/platform/WebAddressSpace.h"
 #include "public/platform/WebInsecureRequestPolicy.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace blink {
 
 class ContentSecurityPolicyTest : public ::testing::Test {
  public:
   ContentSecurityPolicyTest()
       : csp(ContentSecurityPolicy::Create()),
         secure_url(kParsedURLString, "https://example.test/image.png"),
         secure_origin(SecurityOrigin::Create(secure_url)) {}
 
  protected:
-  virtual void SetUp() {
-    document = Document::Create();
-    document->SetSecurityOrigin(secure_origin);
+  virtual void SetUp() { execution_context = CreateExecutionContext(); }
+
+  NullExecutionContext* CreateExecutionContext() {
+    NullExecutionContext* context = new NullExecutionContext();
+    context->SetUpSecurityContext();
+    context->SetSecurityOrigin(secure_origin);
+    return context;
   }
 
   Persistent<ContentSecurityPolicy> csp;
   KURL secure_url;
   RefPtr<SecurityOrigin> secure_origin;
-  Persistent<Document> document;
+  Persistent<NullExecutionContext> execution_context;
 };
 
 TEST_F(ContentSecurityPolicyTest, ParseInsecureRequestPolicy) {
   struct TestCase {
     const char* header;
     WebInsecureRequestPolicy expected_policy;
   } cases[] = {{"default-src 'none'", kLeaveInsecureRequestsAlone},
                {"upgrade-insecure-requests", kUpgradeInsecureRequests},
                {"block-all-mixed-content", kBlockAllMixedContent},
                {"upgrade-insecure-requests; block-all-mixed-content",
                 kUpgradeInsecureRequests | kBlockAllMixedContent},
                {"upgrade-insecure-requests, block-all-mixed-content",
                 kUpgradeInsecureRequests | kBlockAllMixedContent}};
 
   // Enforced
   for (const auto& test : cases) {
     SCOPED_TRACE(testing::Message() << "[Enforce] Header: `" << test.header
                                     << "`");
     csp = ContentSecurityPolicy::Create();
     csp->DidReceiveHeader(test.header, kContentSecurityPolicyHeaderTypeEnforce,
                           kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(test.expected_policy, csp->GetInsecureRequestPolicy());
 
-    document = Document::Create();
-    document->SetSecurityOrigin(secure_origin);
-    document->SetURL(secure_url);
-    csp->BindToExecutionContext(document.Get());
-    EXPECT_EQ(test.expected_policy, document->GetInsecureRequestPolicy());
+    execution_context = CreateExecutionContext();
+    execution_context->SetSecurityOrigin(secure_origin);
+    execution_context->SetURL(secure_url);
+    csp->BindToExecutionContext(execution_context.Get());
+    EXPECT_EQ(test.expected_policy,
+              execution_context->GetInsecureRequestPolicy());
     bool expect_upgrade = test.expected_policy & kUpgradeInsecureRequests;
     EXPECT_EQ(expect_upgrade,
-              document->InsecureNavigationsToUpgrade()->Contains(
-                  document->Url().Host().Impl()->GetHash()));
+              execution_context->InsecureNavigationsToUpgrade()->Contains(
+                  execution_context->Url().Host().Impl()->GetHash()));
   }
 
   // Report-Only
   for (const auto& test : cases) {
     SCOPED_TRACE(testing::Message() << "[Report-Only] Header: `" << test.header
                                     << "`");
     csp = ContentSecurityPolicy::Create();
     csp->DidReceiveHeader(test.header, kContentSecurityPolicyHeaderTypeReport,
                           kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(kLeaveInsecureRequestsAlone, csp->GetInsecureRequestPolicy());
 
-    document = Document::Create();
-    document->SetSecurityOrigin(secure_origin);
-    csp->BindToExecutionContext(document.Get());
+    execution_context = CreateExecutionContext();
+    execution_context->SetSecurityOrigin(secure_origin);
+    csp->BindToExecutionContext(execution_context.Get());
     EXPECT_EQ(kLeaveInsecureRequestsAlone,
-              document->GetInsecureRequestPolicy());
-    EXPECT_FALSE(document->InsecureNavigationsToUpgrade()->Contains(
+              execution_context->GetInsecureRequestPolicy());
+    EXPECT_FALSE(execution_context->InsecureNavigationsToUpgrade()->Contains(
         secure_origin->Host().Impl()->GetHash()));
   }
 }
 
 TEST_F(ContentSecurityPolicyTest, ParseEnforceTreatAsPublicAddressDisabled) {
   RuntimeEnabledFeatures::setCorsRFC1918Enabled(false);
-  document->SetAddressSpace(kWebAddressSpacePrivate);
-  EXPECT_EQ(kWebAddressSpacePrivate, document->AddressSpace());
+  execution_context->SetAddressSpace(kWebAddressSpacePrivate);
+  EXPECT_EQ(kWebAddressSpacePrivate, execution_context->AddressSpace());
 
   csp->DidReceiveHeader("treat-as-public-address",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
-  csp->BindToExecutionContext(document.Get());
-  EXPECT_EQ(kWebAddressSpacePrivate, document->AddressSpace());
+  csp->BindToExecutionContext(execution_context.Get());
+  EXPECT_EQ(kWebAddressSpacePrivate, execution_context->AddressSpace());
 }
 
 TEST_F(ContentSecurityPolicyTest, ParseEnforceTreatAsPublicAddressEnabled) {
   RuntimeEnabledFeatures::setCorsRFC1918Enabled(true);
-  document->SetAddressSpace(kWebAddressSpacePrivate);
-  EXPECT_EQ(kWebAddressSpacePrivate, document->AddressSpace());
+  execution_context->SetAddressSpace(kWebAddressSpacePrivate);
+  EXPECT_EQ(kWebAddressSpacePrivate, execution_context->AddressSpace());
 
   csp->DidReceiveHeader("treat-as-public-address",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
-  csp->BindToExecutionContext(document.Get());
-  EXPECT_EQ(kWebAddressSpacePublic, document->AddressSpace());
+  csp->BindToExecutionContext(execution_context.Get());
+  EXPECT_EQ(kWebAddressSpacePublic, execution_context->AddressSpace());
 }
 
 TEST_F(ContentSecurityPolicyTest, CopyStateFrom) {
   csp->DidReceiveHeader("script-src 'none'; plugin-types application/x-type-1",
                         kContentSecurityPolicyHeaderTypeReport,
                         kContentSecurityPolicyHeaderSourceHTTP);
   csp->DidReceiveHeader("img-src http://example.com",
                         kContentSecurityPolicyHeaderTypeReport,
                         kContentSecurityPolicyHeaderSourceHTTP);
 
@@ skipping 67 matching lines @@
 
   csp->DidReceiveHeader("frame-ancestors 'self'",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_TRUE(csp->IsFrameAncestorsEnforced());
 }
 
 // Tests that frame-ancestors directives are discarded from policies
 // delivered in <meta> elements.
 TEST_F(ContentSecurityPolicyTest, FrameAncestorsInMeta) {
-  csp->BindToExecutionContext(document.Get());
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("frame-ancestors 'none';",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_FALSE(csp->IsFrameAncestorsEnforced());
   csp->DidReceiveHeader("frame-ancestors 'none';",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_TRUE(csp->IsFrameAncestorsEnforced());
 }
 
 // Tests that sandbox directives are discarded from policies
 // delivered in <meta> elements.
 TEST_F(ContentSecurityPolicyTest, SandboxInMeta) {
-  csp->BindToExecutionContext(document.Get());
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("sandbox;", kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceMeta);
-  EXPECT_FALSE(document->GetSecurityOrigin()->IsUnique());
+  EXPECT_FALSE(execution_context->GetSecurityOrigin()->IsUnique());
   csp->DidReceiveHeader("sandbox;", kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
-  EXPECT_TRUE(document->GetSecurityOrigin()->IsUnique());
+  EXPECT_TRUE(execution_context->GetSecurityOrigin()->IsUnique());
 }
 
 // Tests that report-uri directives are discarded from policies
 // delivered in <meta> elements.
 TEST_F(ContentSecurityPolicyTest, ReportURIInMeta) {
   String policy = "img-src 'none'; report-uri http://foo.test";
   Vector<UChar> characters;
   policy.AppendTo(characters);
   const UChar* begin = characters.data();
   const UChar* end = begin + characters.size();
   CSPDirectiveList* directive_list(CSPDirectiveList::Create(
       csp, begin, end, kContentSecurityPolicyHeaderTypeEnforce,
       kContentSecurityPolicyHeaderSourceMeta));
   EXPECT_TRUE(directive_list->ReportEndpoints().IsEmpty());
   directive_list = CSPDirectiveList::Create(
       csp, begin, end, kContentSecurityPolicyHeaderTypeEnforce,
       kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_FALSE(directive_list->ReportEndpoints().IsEmpty());
 }
 
 // Tests that object-src directives are applied to a request to load a
 // plugin, but not to subresource requests that the plugin itself
 // makes. https://crbug.com/603952
 TEST_F(ContentSecurityPolicyTest, ObjectSrc) {
   KURL url(KURL(), "https://example.test");
-  csp->BindToExecutionContext(document.Get());
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("object-src 'none';",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_FALSE(
       csp->AllowRequest(WebURLRequest::kRequestContextObject, url, String(),
                         IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_FALSE(
       csp->AllowRequest(WebURLRequest::kRequestContextEmbed, url, String(),
                         IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(
       csp->AllowRequest(WebURLRequest::kRequestContextPlugin, url, String(),
                         IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
 }
 
 TEST_F(ContentSecurityPolicyTest, ConnectSrc) {
   KURL url(KURL(), "https://example.test");
-  csp->BindToExecutionContext(document.Get());
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("connect-src 'none';",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_FALSE(
       csp->AllowRequest(WebURLRequest::kRequestContextSubresource, url,
                         String(), IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_FALSE(
       csp->AllowRequest(WebURLRequest::kRequestContextXMLHttpRequest, url,
@@ skipping 15 matching lines @@
                         IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
 }
 // Tests that requests for scripts and styles are blocked
 // if `require-sri-for` delivered in HTTP header requires integrity be present
 TEST_F(ContentSecurityPolicyTest, RequireSRIForInHeaderMissingIntegrity) {
   KURL url(KURL(), "https://example.test");
   // Enforce
   Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeEnforce,
                            kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_FALSE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(),
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_FALSE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(),
@@ skipping 20 matching lines @@
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImage, url, String(),
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   // Report
   policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeReport,
                            kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(),
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(),
@@ skipping 27 matching lines @@
       SecurityViolationReportingPolicy::kSuppressReporting));
 }
 
 // Tests that requests for scripts and styles are allowed
 // if `require-sri-for` delivered in HTTP header requires integrity be present
 TEST_F(ContentSecurityPolicyTest, RequireSRIForInHeaderPresentIntegrity) {
   KURL url(KURL(), "https://example.test");
   IntegrityMetadataSet integrity_metadata;
   integrity_metadata.insert(
       IntegrityMetadata("1234", kHashAlgorithmSha384).ToPair());
-  csp->BindToExecutionContext(document.Get());
+  csp->BindToExecutionContext(execution_context.Get());
   // Enforce
   Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeEnforce,
                            kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
@@ skipping 16 matching lines @@
       WebURLRequest::kRequestContextWorker, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImage, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   // Content-Security-Policy-Report-Only is not supported in meta element,
   // so nothing should be blocked
   policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeReport,
                            kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
@@ skipping 21 matching lines @@
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
 }
 
 // Tests that requests for scripts and styles are blocked
 // if `require-sri-for` delivered in meta tag requires integrity be present
 TEST_F(ContentSecurityPolicyTest, RequireSRIForInMetaMissingIntegrity) {
   KURL url(KURL(), "https://example.test");
   // Enforce
   Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeEnforce,
                            kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_FALSE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(),
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_FALSE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(),
@@ skipping 21 matching lines @@
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImage, url, String(),
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   // Content-Security-Policy-Report-Only is not supported in meta element,
   // so nothing should be blocked
   policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeReport,
                            kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(),
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(),
@@ skipping 27 matching lines @@
       SecurityViolationReportingPolicy::kSuppressReporting));
 }
 
 // Tests that requests for scripts and styles are allowed
 // if `require-sri-for` delivered meta tag requires integrity be present
 TEST_F(ContentSecurityPolicyTest, RequireSRIForInMetaPresentIntegrity) {
   KURL url(KURL(), "https://example.test");
   IntegrityMetadataSet integrity_metadata;
   integrity_metadata.insert(
       IntegrityMetadata("1234", kHashAlgorithmSha384).ToPair());
-  csp->BindToExecutionContext(document.Get());
+  csp->BindToExecutionContext(execution_context.Get());
   // Enforce
   Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeEnforce,
                            kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
@@ skipping 16 matching lines @@
       WebURLRequest::kRequestContextWorker, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImage, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   // Content-Security-Policy-Report-Only is not supported in meta element,
   // so nothing should be blocked
   policy = ContentSecurityPolicy::Create();
-  policy->BindToExecutionContext(document.Get());
+  policy->BindToExecutionContext(execution_context.Get());
   policy->DidReceiveHeader("require-sri-for script style",
                            kContentSecurityPolicyHeaderTypeReport,
                            kContentSecurityPolicyHeaderSourceMeta);
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextScript, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
   EXPECT_TRUE(policy->AllowRequest(
       WebURLRequest::kRequestContextImport, url, String(), integrity_metadata,
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
@@ skipping 42 matching lines @@
   for (const auto& test : cases) {
     SCOPED_TRACE(testing::Message() << "Policy: `" << test.policy << "`, URL: `"
                                     << test.url << "`, Nonce: `" << test.nonce
                                     << "`");
     KURL resource = KURL(KURL(), test.url);
 
     unsigned expected_reports = test.allowed ? 0u : 1u;
 
     // Single enforce-mode policy should match `test.expected`:
     Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(execution_context.Get());
     policy->DidReceiveHeader(test.policy,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(test.allowed, policy->AllowScriptFromSource(
                                 resource, String(test.nonce),
                                 IntegrityMetadataSet(), kParserInserted));
     // If this is expected to generate a violation, we should have sent a
     // report.
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Single report-mode policy should always be `true`:
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(execution_context.Get());
     policy->DidReceiveHeader(test.policy,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_TRUE(policy->AllowScriptFromSource(
         resource, String(test.nonce), IntegrityMetadataSet(), kParserInserted,
         ResourceRequest::RedirectStatus::kNoRedirect,
         SecurityViolationReportingPolicy::kReport,
         ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly));
     // If this is expected to generate a violation, we should have sent a
     // report, even though we don't deny access in `allowScriptFromSource`:
@@ skipping 11 matching lines @@
       {"'unsafe-inline'", "yay", true},
       {"'nonce-yay'", "", false},
       {"'nonce-yay'", "yay", true},
       {"'unsafe-inline' 'nonce-yay'", "", false},
       {"'unsafe-inline' 'nonce-yay'", "yay", true},
   };
 
   String context_url;
   String content;
   WTF::OrdinalNumber context_line;
+
+  // We need document for HTMLScriptElement tests.
+  Document* document = Document::Create();
+  document->SetSecurityOrigin(secure_origin);
+
   for (const auto& test : cases) {
     SCOPED_TRACE(testing::Message() << "Policy: `" << test.policy
                                     << "`, Nonce: `" << test.nonce << "`");
 
     unsigned expected_reports = test.allowed ? 0u : 1u;
     HTMLScriptElement* element = HTMLScriptElement::Create(*document, true);
 
     // Enforce 'script-src'
     Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(document);
     policy->DidReceiveHeader(String("script-src ") + test.policy,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(test.allowed, policy->AllowInlineScript(element, context_url,
                                                       String(test.nonce),
                                                       context_line, content));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Enforce 'style-src'
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(document);
     policy->DidReceiveHeader(String("style-src ") + test.policy,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(test.allowed,
               policy->AllowInlineStyle(element, context_url, String(test.nonce),
                                        context_line, content));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Report 'script-src'
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(document);
     policy->DidReceiveHeader(String("script-src ") + test.policy,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_TRUE(policy->AllowInlineScript(
         element, context_url, String(test.nonce), context_line, content));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Report 'style-src'
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(document);
     policy->DidReceiveHeader(String("style-src ") + test.policy,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_TRUE(policy->AllowInlineStyle(
         element, context_url, String(test.nonce), context_line, content));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
   }
 }
 
 TEST_F(ContentSecurityPolicyTest, NonceMultiplePolicy) {
@@ skipping 48 matching lines @@
     SCOPED_TRACE(testing::Message() << "Policy: `" << test.policy1 << "`/`"
                                     << test.policy2 << "`, URL: `" << test.url
                                     << "`, Nonce: `" << test.nonce << "`");
     KURL resource = KURL(KURL(), test.url);
 
     unsigned expected_reports =
         test.allowed1 != test.allowed2 ? 1u : (test.allowed1 ? 0u : 2u);
 
     // Enforce / Report
     Persistent<ContentSecurityPolicy> policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(execution_context.Get());
     policy->DidReceiveHeader(test.policy1,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     policy->DidReceiveHeader(test.policy2,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(test.allowed1,
               policy->AllowScriptFromSource(
                   resource, String(test.nonce), IntegrityMetadataSet(),
                   kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
                   SecurityViolationReportingPolicy::kReport,
                   ContentSecurityPolicy::CheckHeaderType::kCheckEnforce));
     EXPECT_TRUE(policy->AllowScriptFromSource(
         resource, String(test.nonce), IntegrityMetadataSet(), kParserInserted,
         ResourceRequest::RedirectStatus::kNoRedirect,
         SecurityViolationReportingPolicy::kReport,
         ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Report / Enforce
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(execution_context.Get());
     policy->DidReceiveHeader(test.policy1,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     policy->DidReceiveHeader(test.policy2,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_TRUE(policy->AllowScriptFromSource(
         resource, String(test.nonce), IntegrityMetadataSet(), kParserInserted,
         ResourceRequest::RedirectStatus::kNoRedirect,
         SecurityViolationReportingPolicy::kReport,
         ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly));
     EXPECT_EQ(test.allowed2,
               policy->AllowScriptFromSource(
                   resource, String(test.nonce), IntegrityMetadataSet(),
                   kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
                   SecurityViolationReportingPolicy::kReport,
                   ContentSecurityPolicy::CheckHeaderType::kCheckEnforce));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Enforce / Enforce
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(execution_context.Get());
     policy->DidReceiveHeader(test.policy1,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     policy->DidReceiveHeader(test.policy2,
                              kContentSecurityPolicyHeaderTypeEnforce,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_EQ(test.allowed1 && test.allowed2,
               policy->AllowScriptFromSource(
                   resource, String(test.nonce), IntegrityMetadataSet(),
                   kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
                   SecurityViolationReportingPolicy::kReport,
                   ContentSecurityPolicy::CheckHeaderType::kCheckEnforce));
     EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
 
     // Report / Report
     policy = ContentSecurityPolicy::Create();
-    policy->BindToExecutionContext(document.Get());
+    policy->BindToExecutionContext(execution_context.Get());
     policy->DidReceiveHeader(test.policy1,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     policy->DidReceiveHeader(test.policy2,
                              kContentSecurityPolicyHeaderTypeReport,
                              kContentSecurityPolicyHeaderSourceHTTP);
     EXPECT_TRUE(policy->AllowScriptFromSource(
         resource, String(test.nonce), IntegrityMetadataSet(), kParserInserted,
         ResourceRequest::RedirectStatus::kNoRedirect,
         SecurityViolationReportingPolicy::kReport,
@@ skipping 130 matching lines @@
 
   // `other` is stricter than `this`.
   other->DidReceiveHeader("default-src https://example.com;",
                           kContentSecurityPolicyHeaderTypeEnforce,
                           kContentSecurityPolicyHeaderSourceHTTP);
   EXPECT_TRUE(csp->Subsumes(*other));
 }
 
 TEST_F(ContentSecurityPolicyTest, RequestsAllowedWhenBypassingCSP) {
   KURL base;
-  document = Document::Create();
-  document->SetSecurityOrigin(secure_origin);  // https://example.com
-  document->SetURL(secure_url);                // https://example.com
-  csp->BindToExecutionContext(document.Get());
+  execution_context = CreateExecutionContext();
+  execution_context->SetSecurityOrigin(secure_origin);  // https://example.com
+  execution_context->SetURL(secure_url);                // https://example.com
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("default-src https://example.com",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
 
   EXPECT_TRUE(csp->AllowRequest(
       WebURLRequest::kRequestContextObject, KURL(base, "https://example.com/"),
       String(), IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
 
@@ skipping 16 matching lines @@
       WebURLRequest::kRequestContextObject,
       KURL(base, "https://not-example.com/"), String(), IntegrityMetadataSet(),
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
 
   SchemeRegistry::RemoveURLSchemeRegisteredAsBypassingContentSecurityPolicy(
       "https");
 }
 TEST_F(ContentSecurityPolicyTest, FilesystemAllowedWhenBypassingCSP) {
   KURL base;
-  document = Document::Create();
-  document->SetSecurityOrigin(secure_origin);  // https://example.com
-  document->SetURL(secure_url);                // https://example.com
-  csp->BindToExecutionContext(document.Get());
+  execution_context = CreateExecutionContext();
+  execution_context->SetSecurityOrigin(secure_origin);  // https://example.com
+  execution_context->SetURL(secure_url);                // https://example.com
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("default-src https://example.com",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
 
   EXPECT_FALSE(
       csp->AllowRequest(WebURLRequest::kRequestContextObject,
                         KURL(base, "filesystem:https://example.com/file.txt"),
                         String(), IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
@@ skipping 21 matching lines @@
       IntegrityMetadataSet(), kParserInserted,
       ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
 
   SchemeRegistry::RemoveURLSchemeRegisteredAsBypassingContentSecurityPolicy(
       "https");
 }
 
 TEST_F(ContentSecurityPolicyTest, BlobAllowedWhenBypassingCSP) {
   KURL base;
-  document = Document::Create();
-  document->SetSecurityOrigin(secure_origin);  // https://example.com
-  document->SetURL(secure_url);                // https://example.com
-  csp->BindToExecutionContext(document.Get());
+  execution_context = CreateExecutionContext();
+  execution_context->SetSecurityOrigin(secure_origin);  // https://example.com
+  execution_context->SetURL(secure_url);                // https://example.com
+  csp->BindToExecutionContext(execution_context.Get());
   csp->DidReceiveHeader("default-src https://example.com",
                         kContentSecurityPolicyHeaderTypeEnforce,
                         kContentSecurityPolicyHeaderSourceHTTP);
 
   EXPECT_FALSE(csp->AllowRequest(
       WebURLRequest::kRequestContextObject,
       KURL(base, "blob:https://example.com/"), String(), IntegrityMetadataSet(),
       kParserInserted, ResourceRequest::RedirectStatus::kNoRedirect,
       SecurityViolationReportingPolicy::kSuppressReporting));
 
@@ skipping 18 matching lines @@
                         KURL(base, "blob:https://not-example.com/"), String(),
                         IntegrityMetadataSet(), kParserInserted,
                         ResourceRequest::RedirectStatus::kNoRedirect,
                         SecurityViolationReportingPolicy::kSuppressReporting));
 
   SchemeRegistry::RemoveURLSchemeRegisteredAsBypassingContentSecurityPolicy(
       "https");
 }
 
 }  // namespace blink