third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html - Issue 2895953002: Update dangling markup mitigations.

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html

Issue 2895953002: Update dangling markup mitigations. (Closed)

Patch Set: Test. Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/LayoutTests/external/wpt/fetch/dangling-markup-mitigation.tentative.html ('K') | « third_party/WebKit/LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html b/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html

deleted file mode 100644

index 3c03d5137d548a53f78367ed19a6867a5d42ac38..0000000000000000000000000000000000000000

--- a/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html

+++ /dev/null

@@ -1,73 +0,0 @@

-<!DOCTYPE html>

-<script src="/resources/testharness.js"></script>

-<script src="/resources/testharnessreport.js"></script>

-<script src="./resources/helper.js"></script>

-<body>

-<script>

- // We're injecting markup via `srcdoc` so, confusingly, we need to

- // entity-escape the "raw" content, and double-escape the "escaped"

- // content.

- var rawBrace = "<";

- var escapedBrace = "&lt;";

- var rawNewline = "
";

- var escapedNewline = "&#10;";

- var abeSizedPng = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEwAAABnAQMAAACQMjadAAAAA1BMVEX///+nxBvIAAAAEUlEQVQ4y2MYBaNgFIwCegAABG0AAd5G4RkAAAAASUVORK5CYII=";

- var abeSizedPngWithNewline = abeSizedPng.replace("i", "i\n");

- var should_block = [

- `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?data=1${rawNewline}b">`,

- `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?img=2${rawNewline}b${rawBrace}c">`,

- `

- <img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?img=3

- b${rawBrace}c

- ">

- `,

- `<img id="dangling" src="${abeSizedPngWithNewline}">`,

- ];

- should_block.forEach(markup => {

- async_test(t => {

- var i = createFrame(`${markup}`);

- assert_img_not_loaded(t, i);

- }, markup.replace(/[\n\r]/g, ''));

- });

- var should_load = [

- // Brace alone doesn't block:

- `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?4&img=${rawBrace}b">`,

- // Entity-escaped characters don't trigger blocking:

- `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?5&data=${escapedNewline}b">`,

- `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?6&img=${escapedBrace}b">`,

- `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?7&img=${escapedNewline}b${escapedBrace}c">`,

- // Leading and trailing whitespace is stripped:

- `

- <img id="dangling" src="

- http://127.0.0.1:8000/security/resources/abe.png?8

- ">

- <input type=hidden name=csrf value=sekrit>

- `,

- `

- <img id="dangling" src="

- http://127.0.0.1:8000/security/resources/abe.png?9&img=${escapedBrace}

- ">

- <input type=hidden name=csrf value=sekrit>

- `,

- `

- <img id="dangling" src="

- http://127.0.0.1:8000/security/resources/abe.png?10&img=${escapedNewline}

- ">

- <input type=hidden name=csrf value=sekrit>

- `,

- ];

- should_load.forEach(markup => {

- async_test(t => {

- var i = createFrame(`${markup} <element attr="" another=''>`);

- assert_img_loaded(t, i);

- }, markup.replace(/[\n\r]/g, ''));

- });

-</script>