Chromium Code Reviews Chromium Code Reviews
Issue 730203007:
CSP: Permit exempting schemes only for certain policy areas. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| (Empty) | |
| 1 <!DOCTYPE html> | |
| 2 <html> | |
| 3 <head> | |
| 4 <meta http-equiv="Content-Security-Policy" content="default-src https:; script-s rc 'unsafe-inline'"> | |
| 5 <script> | |
| 6 if (window.testRunner) { | |
| 7 testRunner.waitUntilDone(); | |
| 8 testRunner.dumpAsText(); | |
| 9 } | |
| 10 | |
| 11 var testIndex = 1; | |
| 12 var testCount = 12; | |
| 13 function produceOutput(promise) { | |
| 14 var suffix = ' (' + testIndex++ + '/' + testCount + ')'; | |
| 15 return promise.then(function() { console.log('PASS' + suffix); }, | |
| 16 function() { console.log('FAIL' + suffix); }); | |
| 17 } | |
| 18 | |
| 19 | |
| 20 function expectImageLoad(shouldLoad) { | |
| 21 return produceOutput(new Promise(function(resolve, reject) { | |
| 22 var img = document.createElement('img'); | |
| 23 var pass = function() { resolve(); }; | |
| 24 var fail = function() { reject(new Error()); }; | |
| 25 img.onload = shouldLoad ? pass : fail; | |
| 26 img.onerror = shouldLoad ? fail : pass; | |
| 27 img.src = '../resources/abe.png'; | |
| 28 })); | |
| 29 } | |
| 30 | |
| 31 function expectStyleLoad(shouldLoad) { | |
| 32 // onerror doesn't seem to work on <link>. | |
| 33 // setTimeout is bad, so hopefully this isn't flaky. | |
| 34 return produceOutput(new Promise(function(resolve, reject) { | |
| 35 var link = document.createElement('link'); | |
| 36 link.rel = 'stylesheet'; | |
| 37 link.href = '../resources/cssStyle.css'; | |
| 38 link.onload = function() { shouldLoad ? resolve() : reject(new Error ()) }; | |
| 39 document.head.appendChild(link); | |
| 40 setTimeout(function() { | |
|
Tom Sepez
2014/11/18 19:35:54
We may have to leave <link> uncovered rather than
jbroman
2014/11/18 20:02:04
A way to deflake this just occurred to me. It invo
| |
| 41 (shouldLoad == !!link.sheet) ? resolve() : reject(new Error()); | |
| 42 link.remove(); | |
| 43 }, 100); | |
| 44 })); | |
| 45 } | |
| 46 | |
| 47 window.onload = function() { | |
| 48 Promise.resolve() | |
| 49 .then(function() { | |
| 50 return expectImageLoad(false).then(function() { return expectSty leLoad(false); }); | |
| 51 }) | |
| 52 .then(function() { | |
| 53 internals.registerURLSchemeAsBypassingContentSecurityPolicy('htt p'); | |
| 54 return expectImageLoad(true).then(function() { return expectStyl eLoad(true); }); | |
| 55 }) | |
| 56 .then(function() { | |
| 57 internals.removeURLSchemeRegisteredAsBypassingContentSecurityPol icy('http'); | |
| 58 internals.registerURLSchemeAsBypassingContentSecurityPolicy('htt p', []); | |
| 59 return expectImageLoad(false).then(function() { return expectSty leLoad(false); }); | |
| 60 }) | |
| 61 .then(function() { | |
| 62 internals.removeURLSchemeRegisteredAsBypassingContentSecurityPol icy('http'); | |
| 63 internals.registerURLSchemeAsBypassingContentSecurityPolicy('htt p', ['img']); | |
| 64 return expectImageLoad(true).then(function() { return expectStyl eLoad(false); }); | |
| 65 }) | |
| 66 .then(function() { | |
| 67 internals.removeURLSchemeRegisteredAsBypassingContentSecurityPol icy('http'); | |
| 68 internals.registerURLSchemeAsBypassingContentSecurityPolicy('htt p', ['style']); | |
| 69 return expectImageLoad(false).then(function() { return expectSty leLoad(true); }); | |
| 70 }) | |
| 71 .then(function() { | |
| 72 internals.removeURLSchemeRegisteredAsBypassingContentSecurityPol icy('http'); | |
| 73 return expectImageLoad(false).then(function() { return expectSty leLoad(false); }); | |
| 74 }) | |
| 75 .then(function() { if (window.testRunner) testRunner.notifyDone(); } ); | |
| 76 }; | |
| 77 </script> | |
| 78 </head> | |
| 79 <body> | |
| 80 <p> | |
| 81 This test ensures that registering a scheme as bypassing CSP actually by passes CSP. | |
| 82 This test passes if only PASSes are generated. | |
| 83 </p> | |
| 84 </body> | |
| 85 </html> | |
| OLD | NEW |
