LayoutTests/http/tests/security/isolatedWorld/resources/bypass-main-world-csp-for-inline-style.js - Issue 341443003: Isolated world injected inline styles should bypass main world CSP. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(252)

My Issues | Starred Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/isolatedWorld/resources/bypass-main-world-csp-for-inline-style.js

Issue 341443003: Isolated world injected inline styles should bypass main world CSP. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt ('k') | Source/core/dom/StyleElement.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 if (window.testRunner) {

	2 testRunner.dumpAsText();

	3 testRunner.waitUntilDone();

	4 }

	5

	6 tests = 4;

	7 window.addEventListener("message", function(message) {

	8 tests -= 1;

	9 test();

	10 }, false);

	11

	12 function test() {

	13 function injectInlineStyle(shouldSucceed, tests) {

	14 var id = 'div' + tests;

	15 var div = document.createElement('div');

	16 div.id = id;

	17 document.body.appendChild(div);

	18 var style = document.createElement('style');

	19 style.innerText = '#' + id + ' { color: red; }';

	20 document.body.appendChild(style);

	21 var success = window.getComputedStyle(document.getElementById(id)).color === "rgb(255, 0, 0)";

	22 if (shouldSucceed) {

	23 if (success)

	24 console.log("PASS: Style assignment in test " + tests + " was bl ocked by CSP.");

	25 else

	26 console.log("FAIL: Style assignment in test " + tests + " was no t blocked by CSP.");

	27 } else {

	28 if (success)

	29 console.log("FAIL: Style assignment in test " + tests + " was bl ocked by CSP.");

	30 else

	31 console.log("PASS: Style assignment in test " + tests + " was no t blocked by CSP.");

	32 }

	33 window.postMessage("next", "*");

	34 }

	35

	36 switch (tests) {

	37 case 4:

	38 console.log("Injecting in main world: this should fail.");

	39 injectInlineStyle(false, tests);

	40 break;

	41 case 3:

	42 console.log("Injecting into isolated world without bypass: this shou ld fail.");

	43 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("injectInlin eStyle")) + "\ninjectInlineStyle(false," + tests + ");");

	44 break;

	45 case 2:

	46 console.log("Starting to bypass main world's CSP: this should pass!" );

	47 testRunner.setIsolatedWorldContentSecurityPolicy(1, 'style-src \'uns afe-inline\' *');

	48 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("injectInlin eStyle")) + "\ninjectInlineStyle(true," + tests + ");");

	49 break;

	50 case 1:

	51 console.log("Injecting into main world again: this should fail.");

	52 injectInlineStyle(false, tests);

	53 break;

	54 case 0:

	55 testRunner.setIsolatedWorldContentSecurityPolicy(1, '');

	56 testRunner.notifyDone();

	57 break;

	58 }

	59 }

	60

	61 document.addEventListener('DOMContentLoaded', test);

OLD	NEW

« no previous file with comments | « LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt ('k') | Source/core/dom/StyleElement.cpp » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698