LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js - Issue 91353002: CSP 1.1: Implement the 'frame-ancestors' directive. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(97)

My Issues | Starred Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

Issue 91353002: CSP 1.1: Implement the 'frame-ancestors' directive. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Ugh. Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors.pl ('k') | Source/core/frame/ContentSecurityPolicy.h » ('j') | Source/core/loader/FrameLoader.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 var SAME_ORIGIN = true;

	2 var CROSS_ORIGIN = false;

	3

	4 var EXPECT_BLOCK = true;

	5 var EXPECT_LOAD = false;

	6

	7 var CROSSORIGIN_ORIGIN = "http://localhost:8080";

	8

	9 window.jsTestIsAsync = true;

	10 window.wasPostTestScriptParsed = true;

	11

	12 if (window.testRunner)

	13 testRunner.dumpChildFramesAsText();

	14

	15 window.addEventListener("message", function (e) {

	16 debug("Message received: " + e.data);

	17 });

	18

	19 function injectIFrame(policy, sameOrigin, expectBlock) {

	20 var iframe = document.createElement("iframe");

	21 iframe.addEventListener("load", iframeLoaded(expectBlock));

	22 iframe.addEventListener("error", iframeLoaded(expectBlock));

	23

	24 var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?poli cy=" + policy;

	25 if (!sameOrigin)

	26 url = CROSSORIGIN_ORIGIN + url;

	27

	28 iframe.src = url;

	29 document.body.appendChild(iframe);

	30 }

	31

	32 function iframeLoaded(expectBlock) {

	33 return function(ev) {

	34 try {

	35 console.log("IFrame load event fired: the IFrame's location is '" + ev.target.contentWindow.location.href + "'.");

	36 if (expectBlock)

	37 testFailed("The IFrame should have been blocked. It wasn't.");

	38 else

	39 testPassed("The IFrame should not have been blocked. It wasn't." );

	40 } catch (ex) {

	41 debug("IFrame load event fired: the IFrame is cross-origin (or was b locked).");

	42 if (expectBlock)

	43 testPassed("The IFrame should have been blocked. It was.");

	44 else

	45 testFailed("The IFrame should not have been blocked. It was.");

	46 }

	47 finishJSTest();

	48 };

	49 }

	50

	51 function crossOriginFrameShouldBeBlocked(policy) {

	52 window.onload = function () {

	53 injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);

	54 };

	55 }

	56

	57 function crossOriginFrameShouldBeAllowed(policy) {

	58 window.onload = function () {

	59 injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);

	60 };

	61 }

	62

	63 function sameOriginFrameShouldBeBlocked(policy) {

	64 window.onload = function () {

	65 injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);

	66 };

	67 }

	68

	69 function sameOriginFrameShouldBeAllowed(policy) {

	70 window.onload = function () {

	71 injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);

	72 };

	73 }

OLD	NEW

« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors.pl ('k') | Source/core/frame/ContentSecurityPolicy.h » ('j') | Source/core/loader/FrameLoader.cpp » ('J')

Powered by Google App Engine

This is Rietveld 408576698