LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js - Issue 91353002: CSP 1.1: Implement the 'frame-ancestors' directive.

Unified Diff: LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

Issue 91353002: CSP 1.1: Implement the 'frame-ancestors' directive. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Rebase. Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors.pl ('k') | LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-in-frame.pl » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

new file mode 100644

index 0000000000000000000000000000000000000000..e467a9d83e58ce2ad2eea0b6f90eb18f40d67a5d

--- /dev/null

+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

@@ -0,0 +1,113 @@

+var SAME_ORIGIN = true;

+var CROSS_ORIGIN = false;

+var EXPECT_BLOCK = true;

+var EXPECT_LOAD = false;

+var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000";

+var CROSSORIGIN_ORIGIN = "http://localhost:8080";

+window.jsTestIsAsync = true;

+window.wasPostTestScriptParsed = true;

+if (window.testRunner)

+ testRunner.dumpChildFramesAsText();

+window.addEventListener("message", function (e) {

+ if (window.parent != window) {

+ window.parent.postMessage(e.data, "*");

+ } else {

+ if (e.data)

+ testFailed("The inner IFrame failed.");

+ else

+ testPassed("The inner IFrame passed.");

+ finishJSTest();

+ }

+});

+function injectNestedIframe(policy, parent, child, expectation) {

+ var iframe = document.createElement("iframe");

+ var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?"

+ + "policy=" + policy

+ + "&parent=" + parent

+ + "&child=" + child

+ + "&expectation=" + expectation;

+ url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;

+ iframe.src = url;

+ document.body.appendChild(iframe);

+function injectIFrame(policy, sameOrigin, expectBlock) {

+ var iframe = document.createElement("iframe");

+ iframe.addEventListener("load", iframeLoaded(expectBlock));

+ iframe.addEventListener("error", iframeLoaded(expectBlock));

+ var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy;

+ if (!sameOrigin)

+ url = CROSSORIGIN_ORIGIN + url;

+ iframe.src = url;

+ document.body.appendChild(iframe);

+function iframeLoaded(expectBlock) {

+ return function(ev) {

+ var failed = true;

+ try {

+ console.log("IFrame load event fired: the IFrame's location is '" + ev.target.contentWindow.location.href + "'.");

+ if (expectBlock) {

+ testFailed("The IFrame should have been blocked (or cross-origin). It wasn't.");

+ failed = true;

+ } else {

+ testPassed("The IFrame should not have been blocked. It wasn't.");

+ failed = false;

+ }

+ } catch (ex) {

+ debug("IFrame load event fired: the IFrame is cross-origin (or was blocked).");

+ if (expectBlock) {

+ testPassed("The IFrame should have been blocked (or cross-origin). It was.");

+ failed = false;

+ } else {

+ testFailed("The IFrame should not have been blocked. It was.");

+ failed = true;

+ }

+ if (window.parent != window)

+ window.parent.postMessage(failed, '*');

+ else

+ finishJSTest();

+ };

+function crossOriginFrameShouldBeBlocked(policy) {