Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js

Issue 91353002: CSP 1.1: Implement the 'frame-ancestors' directive. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Ugh. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors.pl ('k') | Source/core/frame/ContentSecurityPolicy.h » ('j') | Source/core/loader/FrameLoader.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js
new file mode 100644
index 0000000000000000000000000000000000000000..74a231e0c8bbfd8b2e8b9f0d191464586be4c0ce
--- /dev/null
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-test.js
@@ -0,0 +1,73 @@
+var SAME_ORIGIN = true;
+var CROSS_ORIGIN = false;
+
+var EXPECT_BLOCK = true;
+var EXPECT_LOAD = false;
+
+var CROSSORIGIN_ORIGIN = "http://localhost:8080";
+
+window.jsTestIsAsync = true;
+window.wasPostTestScriptParsed = true;
+
+if (window.testRunner)
+ testRunner.dumpChildFramesAsText();
+
+window.addEventListener("message", function (e) {
+ debug("Message received: " + e.data);
+});
+
+function injectIFrame(policy, sameOrigin, expectBlock) {
+ var iframe = document.createElement("iframe");
+ iframe.addEventListener("load", iframeLoaded(expectBlock));
+ iframe.addEventListener("error", iframeLoaded(expectBlock));
+
+ var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy;
+ if (!sameOrigin)
+ url = CROSSORIGIN_ORIGIN + url;
+
+ iframe.src = url;
+ document.body.appendChild(iframe);
+}
+
+function iframeLoaded(expectBlock) {
+ return function(ev) {
+ try {
+ console.log("IFrame load event fired: the IFrame's location is '" + ev.target.contentWindow.location.href + "'.");
+ if (expectBlock)
+ testFailed("The IFrame should have been blocked. It wasn't.");
+ else
+ testPassed("The IFrame should not have been blocked. It wasn't.");
+ } catch (ex) {
+ debug("IFrame load event fired: the IFrame is cross-origin (or was blocked).");
+ if (expectBlock)
+ testPassed("The IFrame should have been blocked. It was.");
+ else
+ testFailed("The IFrame should not have been blocked. It was.");
+ }
+ finishJSTest();
+ };
+}
+
+function crossOriginFrameShouldBeBlocked(policy) {
+ window.onload = function () {
+ injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
+ };
+}
+
+function crossOriginFrameShouldBeAllowed(policy) {
+ window.onload = function () {
+ injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
+ };
+}
+
+function sameOriginFrameShouldBeBlocked(policy) {
+ window.onload = function () {
+ injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
+ };
+}
+
+function sameOriginFrameShouldBeAllowed(policy) {
+ window.onload = function () {
+ injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
+ };
+}
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors.pl ('k') | Source/core/frame/ContentSecurityPolicy.h » ('j') | Source/core/loader/FrameLoader.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698