search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Webview should only allow resources loading from the extension that embedded it.
[chromium-blink-merge.git] / chrome / common / extensions / manifest_tests / extension_manifests_webview_accessible_resources_unittest.cc
blob86c20aa3bc6adaa24a6d9475882fda19c80e4d7c
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/strings/string_number_conversions.h"
6 #include "chrome/common/extensions/manifest_tests/chrome_manifest_test.h"
7 #include "extensions/common/error_utils.h"
8 #include "extensions/common/manifest_constants.h"
9 #include "extensions/common/manifest_handlers/webview_info.h"
10
11 using extensions::ErrorUtils;
12 using extensions::Extension;
13 using extensions::WebviewInfo;
14 namespace errors = extensions::manifest_errors;
15
16 class WebviewAccessibleResourcesManifestTest : public ChromeManifestTest {
17 };
18
19 TEST_F(WebviewAccessibleResourcesManifestTest, WebviewAccessibleResources) {
20 // Manifest version 2 with webview accessible resources specified.
21 scoped_refptr<Extension> extension1(
22 LoadAndExpectSuccess("webview_accessible_resources_1.json"));
23 scoped_refptr<Extension> extension2(
24 LoadAndExpectSuccess("webview_accessible_resources_2.json"));
25 DCHECK(extension1->id() != extension2->id());
26 const WebviewInfo* webview_info1 =
27 static_cast<const WebviewInfo*>(extension1->GetManifestData(
28 extensions::manifest_keys::kWebviewAccessibleResources));
29 const WebviewInfo* webview_info2 =
30 static_cast<const WebviewInfo*>(extension2->GetManifestData(
31 extensions::manifest_keys::kWebviewAccessibleResources));
32
33 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
34 "fail", "a.html"));
35 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
36 "fail", "b.html"));
37 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
38 "fail", "c.html"));
39 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
40 "fail", "d.html"));
41
42 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
43 "foo", "a.html"));
44 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
45 "foo", "b.html"));
46 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
47 "foo", "c.html"));
48 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
49 "foo", "d.html"));
50
51 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
52 "bar", "a.html"));
53 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
54 "bar", "b.html"));
55 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
56 "bar", "c.html"));
57 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
58 "bar", "d.html"));
59
60 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
61 "foobar", "a.html"));
62 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
63 "foobar", "b.html"));
64 EXPECT_TRUE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
65 "foobar", "c.html"));
66 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension1.get(),
67 "foobar", "d.html"));
68
69 // Check that if the owner extension doesn't match the request extension
70 // the resource will not be accessible.
71 EXPECT_FALSE(webview_info2->IsResourceWebviewAccessible(extension1.get(),
72 "foobar", "a.html"));
73 EXPECT_FALSE(webview_info1->IsResourceWebviewAccessible(extension2.get(),
74 "foobar", "a.html"));
75 EXPECT_TRUE(webview_info2->IsResourceWebviewAccessible(extension2.get(),
76 "foobar", "a.html"));
77 EXPECT_FALSE(
78 webview_info1->IsResourceWebviewAccessible(nullptr, "foobar", "a.html"));
79 EXPECT_FALSE(
80 webview_info2->IsResourceWebviewAccessible(nullptr, "foobar", "a.html"));
81 }
82
83 TEST_F(WebviewAccessibleResourcesManifestTest, InvalidManifest) {
84 LoadAndExpectError("webview_accessible_resources_invalid1.json",
85 errors::kInvalidWebview);
86 LoadAndExpectError("webview_accessible_resources_invalid2.json",
87 errors::kInvalidWebviewPartitionsList);
88 LoadAndExpectError("webview_accessible_resources_invalid3.json",
89 errors::kInvalidWebviewPartitionsList);
90 LoadAndExpectError("webview_accessible_resources_invalid4.json",
91 ErrorUtils::FormatErrorMessage(
92 errors::kInvalidWebviewPartition, base::IntToString(0)));
93 LoadAndExpectError("webview_accessible_resources_invalid5.json",
94 errors::kInvalidWebviewPartitionName);
95 LoadAndExpectError("webview_accessible_resources_invalid6.json",
96 errors::kInvalidWebviewAccessibleResourcesList);
97 LoadAndExpectError("webview_accessible_resources_invalid7.json",
98 errors::kInvalidWebviewAccessibleResourcesList);
99 LoadAndExpectError("webview_accessible_resources_invalid8.json",
100 ErrorUtils::FormatErrorMessage(
101 errors::kInvalidWebviewAccessibleResource, base::IntToString(0)));
102 }