Chromium Code Reviews| Index: content/test/data/cross_site_iframe_factory.html |
| diff --git a/content/test/data/cross_site_iframe_factory.html b/content/test/data/cross_site_iframe_factory.html |
| index e4e808b041461eda169f7f0d7944ba1233d43be1..25b9f4226a30901c9acf9528f94b62cd0197360e 100644 |
| --- a/content/test/data/cross_site_iframe_factory.html |
| +++ b/content/test/data/cross_site_iframe_factory.html |
| @@ -17,6 +17,23 @@ Inside of which, then, are created the two leaf iframes: |
| <iframe src="http://c.com:1234/cross_site_iframe_factory.html?c()"> |
| <iframe src="http://d.com:1234/cross_site_iframe_factory.html?d()"> |
| +Add iframe options by enclosing them in '{' and '}' characters after the |
| +hostname (multiple options can be separated with ';' characters): |
| + |
| + cross_site_iframe_factory.html?a(b{allowfullscreen}(),c{sandbox-allow-scripts}(d)) |
|
alexmos
2017/05/04 21:47:00
Awesome, this can also simplify some of our other
ncarter (slow)
2017/05/04 22:06:56
I'm okay with either of these options.
iclelland
2017/05/05 14:54:27
Right, we would still need to write it as {sandbox
|
| + |
| +Will create two iframes: |
| + |
| + <iframe src="http://a.com:1234/cross_site_iframe_factory.html?b()" allowfullscreen> |
| + <iframe src="http://c.com:1234/cross_site_iframe_factory.html?c{sandbox-allow-scripts}(d())" sandbox="allow-scripts"> |
| + |
| +These options are supported: |
| + |
| + allowfullscreen |
| + allowpaymentrequest |
| + allow-{featurename} - Adds {featurename} to the "allow" attribute |
| + sandbox-{flagname} - Adds {flagname} to the "sandbox" attribute |
| + |
| To make this page work, your browsertest needs a MockHostResolver, like: |
| void SetUpOnMainThread() override { |
| @@ -81,6 +98,25 @@ function borderColorForSite(site) { |
| } |
| /** |
| + * Splits a hostname string with optional arguments, like "a" or |
| + * "a.com{allowfullscreen}", into a hostname and an argument list, and returns |
| + * both as a 2-element array. |
| + */ |
| +function splitSiteAndArgs(siteAndArgsString) { |
|
ncarter (slow)
2017/05/04 22:06:56
Would it make more sense to do the parsing of the
iclelland
2017/05/05 14:54:27
Maybe -- I wasn't sure how generic TreeParserUtil
|
| + var startOfArgs = siteAndArgsString.indexOf('{'); |
| + if (startOfArgs > -1 && siteAndArgsString.endsWith('}')) { |
| + site = siteAndArgsString.slice(0, startOfArgs); |
| + argsString = siteAndArgsString.slice(startOfArgs+1,-1); |
| + args = argsString.split(';'); |
| + } |
| + else { |
| + site = siteAndArgsString; |
| + args = []; |
| + } |
| + return [site, args]; |
| +} |
| + |
| +/** |
| * Adds ".com" to an argument if it doesn't already have a top level domain. |
| * This cuts down on noise in the query string, letting you use single-letter |
| * names. |
| @@ -92,6 +128,35 @@ function canonicalizeSite(siteString) { |
| } |
| /** |
| + * Parses the list of iframe options and applies them to the provided element. |
| + */ |
| +function applyIFrameOptions(element, options) { |
| + var sandboxArguments = []; |
| + var allowFeatures = []; |
| + for (var option of options) { |
| + if (option == "allowfullscreen") { |
| + element.allowFullscreen = true; |
| + } |
| + if (option == "allowpaymentrequest") { |
| + element.allowPaymentRequest = true; |
| + } |
| + if (option.startsWith("sandbox-")) { |
|
ncarter (slow)
2017/05/04 22:06:56
I think this means that a(b{sandbox-}) will work l
iclelland
2017/05/05 14:54:28
It should work like that -- It's a good hack :) I
ncarter (slow)
2017/05/05 22:37:03
I think in practice folks are likely going to want
|
| + sandboxArguments.push(option.slice(8)); |
| + } |
| + if (option.startsWith("allow-")) { |
| + allowFeatures.push(option.slice(6)) |
| + } |
| + |
|
alexmos
2017/05/04 21:46:59
nit: no blank line, or move it one line down?
|
| + } |
| + if (sandboxArguments.length) { |
| + element.sandbox = sandboxArguments.join(" "); |
| + } |
| + if (allowFeatures.length) { |
| + element.allow = allowFeatures.join(" "); |
| + } |
| +} |
| + |
| +/** |
| * Simple recursive layout heuristic, since frames can't size themselves. |
| * This scribbles .layoutX and .layoutY properties into |tree|. |
| */ |
| @@ -132,7 +197,7 @@ function main() { |
| var goCrossSite = !window.location.protocol.startsWith('file'); |
| var queryString = decodeURIComponent(window.location.search.substring(1)); |
| var frameTree = TreeParserUtil.parse(queryString); |
| - var currentSite = canonicalizeSite(frameTree.value); |
| + var currentSite = canonicalizeSite(splitSiteAndArgs(frameTree.value)[0]); |
| // Apply style to the current document. |
| document.getElementById('siteNameHeading').appendChild( |
| @@ -143,8 +208,10 @@ function main() { |
| layout(frameTree); |
| for (var i = 0; i < frameTree.children.length; i++) { |
| - // Compute the URL for this iframe . |
| - var site = canonicalizeSite(frameTree.children[i].value); |
| + // Compute the URL for this iframe. |
| + var siteAndArgs = splitSiteAndArgs(frameTree.children[i].value); |
| + var site = canonicalizeSite(siteAndArgs[0]); |
| + var args = siteAndArgs[1]; |
| var subtreeString = TreeParserUtil.flatten(frameTree.children[i]); |
| var url = ''; |
| url += window.location.protocol + '//'; // scheme (preserved) |
| @@ -154,13 +221,17 @@ function main() { |
| url += window.location.pathname; // path (preserved) |
| url += '?' + encodeURIComponent(subtreeString); // query |
| - // Add the iframe to the document. |
| + // Construct the iframe. |
| var iframe = document.createElement('iframe'); |
| iframe.src = url; |
| iframe.id = "child-" + i; |
| iframe.style.borderColor = borderColorForSite(site); |
| iframe.width = frameTree.children[i].layoutX; |
| iframe.height = frameTree.children[i].layoutY; |
| + // Apply any additional attributes. |
| + applyIFrameOptions(iframe, args); |
| + |
| + // Add the iframe to the document. |
| document.body.appendChild(iframe); |
| } |
| } |