Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / content / child / site_isolation_policy_unittest.cc
blob041b7c624b75c6732c48dd5ca4b01eaf476e3641
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/strings/string_piece.h"
6 #include "base/strings/utf_string_conversions.h"
7 #include "content/child/site_isolation_policy.h"
8 #include "content/public/common/context_menu_params.h"
9 #include "testing/gtest/include/gtest/gtest.h"
10 #include "third_party/WebKit/public/platform/WebURLResponse.h"
11 #include "ui/gfx/range/range.h"
13 using base::StringPiece;
15 namespace content {
17 TEST(SiteIsolationPolicyTest, IsBlockableScheme) {
18 GURL data_url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA==");
19 GURL ftp_url("ftp://google.com");
20 GURL mailto_url("mailto:google@google.com");
21 GURL about_url("about:chrome");
22 GURL http_url("http://google.com");
23 GURL https_url("https://google.com");
25 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(data_url));
26 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(ftp_url));
27 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(mailto_url));
28 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(about_url));
29 EXPECT_TRUE(SiteIsolationPolicy::IsBlockableScheme(http_url));
30 EXPECT_TRUE(SiteIsolationPolicy::IsBlockableScheme(https_url));
33 TEST(SiteIsolationPolicyTest, IsSameSite) {
34 GURL a_com_url0("https://mock1.a.com:8080/page1.html");
35 GURL a_com_url1("https://mock2.a.com:9090/page2.html");
36 GURL a_com_url2("https://a.com/page3.html");
37 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url0, a_com_url1));
38 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url1, a_com_url2));
39 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url2, a_com_url0));
41 GURL b_com_url0("https://mock1.b.com/index.html");
42 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, b_com_url0));
44 GURL about_blank_url("about:blank");
45 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, about_blank_url));
47 GURL chrome_url("chrome://extension");
48 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, chrome_url));
50 GURL empty_url("");
51 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0, empty_url));
54 TEST(SiteIsolationPolicyTest, IsValidCorsHeaderSet) {
55 GURL frame_origin("http://www.google.com");
56 GURL site_origin("http://www.yahoo.com");
58 EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet(
59 frame_origin, site_origin, "*"));
60 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
61 frame_origin, site_origin, "\"*\""));
62 EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet(
63 frame_origin, site_origin, "http://mail.google.com"));
64 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
65 frame_origin, site_origin, "https://mail.google.com"));
66 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
67 frame_origin, site_origin, "http://yahoo.com"));
68 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
69 frame_origin, site_origin, "www.google.com"));
72 TEST(SiteIsolationPolicyTest, SniffForHTML) {
73 StringPiece html_data(" \t\r\n <HtMladfokadfkado");
74 StringPiece comment_html_data(" <!-- this is comment --> <html><body>");
75 StringPiece two_comments_html_data(
76 "<!-- this is comment -->\n<!-- this is comment --><html><body>");
77 StringPiece mixed_comments_html_data(
78 "<!-- this is comment <!-- --> <script></script>");
79 StringPiece non_html_data(" var name=window.location;\nadfadf");
80 StringPiece comment_js_data(" <!-- this is comment -> document.write(1); ");
81 StringPiece empty_data("");
83 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(html_data));
84 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(comment_html_data));
85 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(two_comments_html_data));
86 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(mixed_comments_html_data));
87 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(non_html_data));
88 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(comment_js_data));
90 // Basic bounds check.
91 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(empty_data));
94 TEST(SiteIsolationPolicyTest, SniffForXML) {
95 StringPiece xml_data(" \t \r \n <?xml version=\"1.0\"?>\n <catalog");
96 StringPiece non_xml_data(" var name=window.location;\nadfadf");
97 StringPiece empty_data("");
99 EXPECT_TRUE(SiteIsolationPolicy::SniffForXML(xml_data));
100 EXPECT_FALSE(SiteIsolationPolicy::SniffForXML(non_xml_data));
102 // Basic bounds check.
103 EXPECT_FALSE(SiteIsolationPolicy::SniffForXML(empty_data));
106 TEST(SiteIsolationPolicyTest, SniffForJSON) {
107 StringPiece json_data("\t\t\r\n { \"name\" : \"chrome\", ");
108 StringPiece non_json_data0("\t\t\r\n { name : \"chrome\", ");
109 StringPiece non_json_data1("\t\t\r\n foo({ \"name\" : \"chrome\", ");
110 StringPiece empty_data("");
112 EXPECT_TRUE(
113 SiteIsolationPolicy::SniffForJSON(json_data));
114 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(non_json_data0));
115 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(non_json_data1));
117 // Basic bounds check.
118 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(empty_data));
121 TEST(SiteIsolationPolicyTest, SniffForJS) {
122 StringPiece basic_js_data("var a = 4");
123 StringPiece js_data("\t\t\r\n var a = 4");
124 StringPiece json_data("\t\t\r\n { \"name\" : \"chrome\", ");
125 StringPiece empty_data("");
127 EXPECT_TRUE(SiteIsolationPolicy::SniffForJS(js_data));
128 EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(json_data));
130 // Basic bounds check.
131 EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(empty_data));
134 } // namespace content