Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/notifications/desktop_notifications_unittest.cc

Issue 386035: Escape javascript going into text notifications. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/notifications/desktop_notification_service.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/notifications/desktop_notifications_unittest.h" 5 #include "chrome/browser/notifications/desktop_notifications_unittest.h"
6 6
7 // static 7 // static
8 const int MockBalloonCollection::kMockBalloonSpace = 5; 8 const int MockBalloonCollection::kMockBalloonSpace = 5;
9 9
10 // static 10 // static
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
243 // Create some toasts and then prematurely delete the notification service, 243 // Create some toasts and then prematurely delete the notification service,
244 // just to make sure nothing crashes/leaks. 244 // just to make sure nothing crashes/leaks.
245 for (int id = 0; id <= 3; ++id) { 245 for (int id = 0; id <= 3; ++id) {
246 EXPECT_TRUE(service_->ShowDesktopNotificationText( 246 EXPECT_TRUE(service_->ShowDesktopNotificationText(
247 GURL("http://www.google.com"), 247 GURL("http://www.google.com"),
248 GURL("/icon.png"), ASCIIToUTF16("Title"), ASCIIToUTF16("Text"), 248 GURL("/icon.png"), ASCIIToUTF16("Title"), ASCIIToUTF16("Text"),
249 0, 0, DesktopNotificationService::PageNotification, id)); 249 0, 0, DesktopNotificationService::PageNotification, id));
250 } 250 }
251 service_.reset(NULL); 251 service_.reset(NULL);
252 } 252 }
253
254 TEST_F(DesktopNotificationsTest, TestUserInputEscaping) {
255 // Create a test script with some HTML; assert that it doesn't get into the
256 // data:// URL that's produced for the balloon.
257 EXPECT_TRUE(service_->ShowDesktopNotificationText(
258 GURL("http://www.google.com"),
259 GURL("/icon.png"), ASCIIToUTF16("<script>window.alert('uh oh');</script>") ,
260 ASCIIToUTF16("<i>this text is in italics</i>"),
261 0, 0, DesktopNotificationService::PageNotification, 1));
262
263 MessageLoopForUI::current()->RunAllPending();
264 EXPECT_EQ(1, balloon_collection_->count());
265 Balloon* balloon = (*balloon_collection_->balloons().begin());
266 GURL data_url = balloon->notification().content_url();
267 EXPECT_EQ(std::string::npos, data_url.spec().find("<script>"));
268 EXPECT_EQ(std::string::npos, data_url.spec().find("<i>"));
269 }
270
OLDNEW
« no previous file with comments | « chrome/browser/notifications/desktop_notification_service.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698