| Index: content/browser/frame_host/frame_tree_browsertest.cc
|
| diff --git a/content/browser/frame_host/frame_tree_browsertest.cc b/content/browser/frame_host/frame_tree_browsertest.cc
|
| index e0d790fdb06c0e277e4420ec3356ded1494fef2b..fdda23fcef7a09afd8092e192a3939f6f7d7c984 100644
|
| --- a/content/browser/frame_host/frame_tree_browsertest.cc
|
| +++ b/content/browser/frame_host/frame_tree_browsertest.cc
|
| @@ -223,6 +223,48 @@ IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, OriginSetOnNavigation) {
|
| main_url.GetOrigin().spec());
|
| }
|
|
|
| +// Ensure that sandbox flags are correctly set when child frames are created.
|
| +IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, SandboxFlagsSetForChildFrames) {
|
| + GURL main_url(embedded_test_server()->GetURL("/sandboxed_frames.html"));
|
| + EXPECT_TRUE(NavigateToURL(shell(), main_url));
|
| +
|
| + // It is safe to obtain the root frame tree node here, as it doesn't change.
|
| + FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents())
|
| + ->GetFrameTree()->root();
|
| +
|
| + // Verify that sandbox flags are set properly for all FrameTreeNodes.
|
| + // First frame is completely sandboxed; second frame uses "allow-scripts",
|
| + // which resets both SandboxFlags::Scripts and
|
| + // SandboxFlags::AutomaticFeatures bits per blink::parseSandboxPolicy(), and
|
| + // third frame has "allow-scripts allow-same-origin".
|
| + EXPECT_EQ(root->current_replication_state().sandbox_flags,
|
| + SandboxFlags::NONE);
|
| + EXPECT_EQ(root->child_at(0)->current_replication_state().sandbox_flags,
|
| + SandboxFlags::ALL);
|
| + EXPECT_EQ(root->child_at(1)->current_replication_state().sandbox_flags,
|
| + SandboxFlags::ALL & ~SandboxFlags::SCRIPTS &
|
| + ~SandboxFlags::AUTOMATIC_FEATURES);
|
| + EXPECT_EQ(root->child_at(2)->current_replication_state().sandbox_flags,
|
| + SandboxFlags::ALL & ~SandboxFlags::SCRIPTS &
|
| + ~SandboxFlags::AUTOMATIC_FEATURES & ~SandboxFlags::ORIGIN);
|
| +
|
| + // Sandboxed frames should set a unique origin unless they have the
|
| + // "allow-same-origin" directive.
|
| + EXPECT_EQ(root->child_at(0)->current_replication_state().origin.string(),
|
| + "null");
|
| + EXPECT_EQ(root->child_at(1)->current_replication_state().origin.string(),
|
| + "null");
|
| + EXPECT_EQ(
|
| + root->child_at(2)->current_replication_state().origin.string() + "/",
|
| + main_url.GetOrigin().spec());
|
| +
|
| + // Navigating to a different URL should not clear sandbox flags.
|
| + GURL frame_url(embedded_test_server()->GetURL("/title1.html"));
|
| + NavigateFrameToURL(root->child_at(0), frame_url);
|
| + EXPECT_EQ(root->child_at(0)->current_replication_state().sandbox_flags,
|
| + SandboxFlags::ALL);
|
| +}
|
| +
|
| class CrossProcessFrameTreeBrowserTest : public ContentBrowserTest {
|
| public:
|
| CrossProcessFrameTreeBrowserTest() {}
|
|
|
Chromium Code Reviews
Issue 797813006:
Replicate sandbox flags for OOPIF (Chromium part 2) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@iframe-sandbox-flags-part1