Chromium Code Reviews Chromium Code Reviews
Issue
302043002:
Add testRunner callbacks for better handling of view-source frames (Closed)
DescriptiontestRunner.setViewSorceForFrame() allows us test an interaction between the
view-souce feature and the XSSAuditor in blink. The current technique for testing
view-source pages is to use a hack in the content_shell's dump-render-tree mode
to turn on view-source for the main page when the path /viewsource/ is
present in the URL.
To test XSS reflections, however, there needs to be a query string containing
the reflection (because putting it in the path would lead to horribly named
files). To get a query string, we traditionally load a main page which then
loads the more complex URL in a iframe. Presently, there's no way to make
that iframe a view-source frame (since some guy removed the viewsource="true"
attribute from HTML because it was dangerous).
There are also two other methods that are exposed to javascript: dumpAsMarkup()
and dumpChildFramesAsMarkup(). These give the test scripts the ability to control
the format of the output. This is needed to simplify diffing the results
of these kinds of tests.
CL https://codereview.chromium.org/301813002/ is blocked on this.
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=274304
Patch Set 1 #Patch Set 2 : Fix "enabled" #Patch Set 3 : Add DumpChildFramesAsMarkup for recursive dumps. #Patch Set 4 : Consolidate frame header dumping. #Patch Set 5 : Rebase #
Messages
Total messages: 9 (0 generated)
|
|||||||||||||||||||||||||||||||||||||
