Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled.html

Issue 2972073002: Mitigate the pushState IPC storm DoS. (Closed)
Patch Set: Add a LayoutTest; give the bikeshed a bit o' wainscoting Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled-expected.txt » ('j') | third_party/WebKit/Source/core/frame/History.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled.html
diff --git a/third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled.html b/third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled.html
new file mode 100644
index 0000000000000000000000000000000000000000..36fbdd23f4d6cfea2fd3e860fe909e3856c72d8e
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled.html
@@ -0,0 +1,51 @@
+<html>
+<head>
+<script>
+
+if (window.testRunner) {
+ testRunner.clearBackForwardList();
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(txt)
dcheng 2017/07/07 23:28:38 It's generally preferred to write tests using the
+{
+ document.getElementById("logger").innerText += txt + "\n";
+}
+
+function runTest()
+{
+ // This value must match that in Source/core/frame/History.cpp.
+ const kStateUpdateLimit = 50;
+ for (let i = 0; i < kStateUpdateLimit; ++i) {
+ history.pushState("SpammyHistoryItem", "" + i);
+ }
+ log("History length is " + history.length);
+
+ history.pushState("DiscardedSpamItem", "51");
+ log("History length is " + history.length);
+ history.back();
+}
+
+onpopstate = function(event)
+{
+ log("State popped - " + event.state + " (type " + typeof event.state + ")");
+ if (event.state == "OriginalHistoryItem")
+ history.forward();
+ else if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+</script>
+<body onload="runTest();">
+<pre>
+This test does the following:
+-Makes kStateUpdateLimit calls to pushState()
dcheng 2017/07/07 23:28:38 Dare I suggest <ul><li></li></ul> =P
kinuko 2017/07/10 05:10:49 Maybe we should make it clear that it's UA-specifi
palmer 2017/07/10 19:42:25 But it tests behavior in History, which is core to
+-Makes sure the history length is correct
+-Makes another call to pushState()
+-Makes sure the history length is correct
+-Goes back, and makes sure the popstate event is correct
+</pre><br>
+<pre id="logger"></pre>
+</body>
+</html>
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/fast/loader/stateobjects/spam-pushstate-then-throttled-expected.txt » ('j') | third_party/WebKit/Source/core/frame/History.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698