| Index: extensions/common/csp_validator_unittest.cc
|
| diff --git a/extensions/common/csp_validator_unittest.cc b/extensions/common/csp_validator_unittest.cc
|
| index 693a79106764e2870c816a588ecc7b92c86563f5..354bbd8531886898169101e75ecb8bf9ce018621 100644
|
| --- a/extensions/common/csp_validator_unittest.cc
|
| +++ b/extensions/common/csp_validator_unittest.cc
|
| @@ -99,11 +99,26 @@ TEST(ExtensionCSPValidator, IsSecure) {
|
| EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| "default-src 'self' *:*/path", Manifest::TYPE_EXTENSION));
|
| EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| + "default-src 'self' https://", Manifest::TYPE_EXTENSION));
|
| + EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| "default-src 'self' https://*:*", Manifest::TYPE_EXTENSION));
|
| EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| "default-src 'self' https://*:*/", Manifest::TYPE_EXTENSION));
|
| EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| "default-src 'self' https://*:*/path", Manifest::TYPE_EXTENSION));
|
| + EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| + "default-src 'self' https://*.com", Manifest::TYPE_EXTENSION));
|
| + EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| + "default-src 'self' https://*.*.google.com/", Manifest::TYPE_EXTENSION));
|
| + EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| + "default-src 'self' https://*.*.google.com:*/",
|
| + Manifest::TYPE_EXTENSION));
|
| + EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| + "default-src 'self' https://www.*.google.com/",
|
| + Manifest::TYPE_EXTENSION));
|
| + EXPECT_FALSE(ContentSecurityPolicyIsSecure(
|
| + "default-src 'self' https://www.*.google.com:*/",
|
| + Manifest::TYPE_EXTENSION));
|
|
|
| EXPECT_TRUE(ContentSecurityPolicyIsSecure(
|
| "default-src 'self' https://*.google.com", Manifest::TYPE_EXTENSION));
|
|
|
Chromium Code Reviews
Issue 481643002:
Disallow non-subdomain wildcards in the extension's CSP (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master