| OLD | NEW |
|---|
| (Empty) | |
| 1 var SAME_ORIGIN = true; |
| 2 var CROSS_ORIGIN = false; |
| 3 |
| 4 var EXPECT_BLOCK = true; |
| 5 var EXPECT_LOAD = false; |
| 6 |
| 7 var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000"; |
| 8 var CROSSORIGIN_ORIGIN = "http://localhost:8080"; |
| 9 |
| 10 window.jsTestIsAsync = true; |
| 11 window.wasPostTestScriptParsed = true; |
| 12 |
| 13 if (window.testRunner) |
| 14 testRunner.dumpChildFramesAsText(); |
| 15 |
| 16 window.addEventListener("message", function (e) { |
| 17 if (window.parent != window) { |
| 18 window.parent.postMessage(e.data, "*"); |
| 19 } else { |
| 20 if (e.data) |
| 21 testFailed("The inner IFrame failed."); |
| 22 else |
| 23 testPassed("The inner IFrame passed."); |
| 24 |
| 25 finishJSTest(); |
| 26 } |
| 27 }); |
| 28 |
| 29 function injectNestedIframe(policy, parent, child, expectation) { |
| 30 var iframe = document.createElement("iframe"); |
| 31 |
| 32 var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?" |
| 33 + "policy=" + policy |
| 34 + "&parent=" + parent |
| 35 + "&child=" + child |
| 36 + "&expectation=" + expectation; |
| 37 url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url; |
| 38 |
| 39 iframe.src = url; |
| 40 document.body.appendChild(iframe); |
| 41 } |
| 42 |
| 43 function injectIFrame(policy, sameOrigin, expectBlock) { |
| 44 var iframe = document.createElement("iframe"); |
| 45 iframe.addEventListener("load", iframeLoaded(expectBlock)); |
| 46 iframe.addEventListener("error", iframeLoaded(expectBlock)); |
| 47 |
| 48 var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?poli
cy=" + policy; |
| 49 if (!sameOrigin) |
| 50 url = CROSSORIGIN_ORIGIN + url; |
| 51 |
| 52 iframe.src = url; |
| 53 document.body.appendChild(iframe); |
| 54 } |
| 55 |
| 56 function iframeLoaded(expectBlock) { |
| 57 return function(ev) { |
| 58 var failed = true; |
| 59 try { |
| 60 console.log("IFrame load event fired: the IFrame's location is '" +
ev.target.contentWindow.location.href + "'."); |
| 61 if (expectBlock) { |
| 62 testFailed("The IFrame should have been blocked (or cross-origin
). It wasn't."); |
| 63 failed = true; |
| 64 } else { |
| 65 testPassed("The IFrame should not have been blocked. It wasn't."
); |
| 66 failed = false; |
| 67 } |
| 68 } catch (ex) { |
| 69 debug("IFrame load event fired: the IFrame is cross-origin (or was b
locked)."); |
| 70 if (expectBlock) { |
| 71 testPassed("The IFrame should have been blocked (or cross-origin
). It was."); |
| 72 failed = false; |
| 73 } else { |
| 74 testFailed("The IFrame should not have been blocked. It was."); |
| 75 failed = true; |
| 76 } |
| 77 } |
| 78 if (window.parent != window) |
| 79 window.parent.postMessage(failed, '*'); |
| 80 else |
| 81 finishJSTest(); |
| 82 }; |
| 83 } |
| 84 |
| 85 function crossOriginFrameShouldBeBlocked(policy) { |
| 86 window.onload = function () { |
| 87 injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK); |
| 88 }; |
| 89 } |
| 90 |
| 91 function crossOriginFrameShouldBeAllowed(policy) { |
| 92 window.onload = function () { |
| 93 injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD); |
| 94 }; |
| 95 } |
| 96 |
| 97 function sameOriginFrameShouldBeBlocked(policy) { |
| 98 window.onload = function () { |
| 99 injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK); |
| 100 }; |
| 101 } |
| 102 |
| 103 function sameOriginFrameShouldBeAllowed(policy) { |
| 104 window.onload = function () { |
| 105 injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD); |
| 106 }; |
| 107 } |
| 108 |
| 109 function testNestedIFrame(policy, parent, child, expectation) { |
| 110 window.onload = function () { |
| 111 injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", chi
ld == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "Allowed" : "
Blocked"); |
| 112 }; |
| 113 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 91353002:
CSP 1.1: Implement the 'frame-ancestors' directive. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk