1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/strings/string_piece.h"
6 #include "base/strings/utf_string_conversions.h"
7 #include "content/child/site_isolation_policy.h"
8 #include "content/public/common/context_menu_params.h"
9 #include "testing/gtest/include/gtest/gtest.h"
10 #include "third_party/WebKit/public/platform/WebURLResponse.h"
11 #include "ui/gfx/range/range.h"
13 using base::StringPiece
;
17 TEST(SiteIsolationPolicyTest
, IsBlockableScheme
) {
18 GURL
data_url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA==");
19 GURL
ftp_url("ftp://google.com");
20 GURL
mailto_url("mailto:google@google.com");
21 GURL
about_url("about:chrome");
22 GURL
http_url("http://google.com");
23 GURL
https_url("https://google.com");
25 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(data_url
));
26 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(ftp_url
));
27 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(mailto_url
));
28 EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(about_url
));
29 EXPECT_TRUE(SiteIsolationPolicy::IsBlockableScheme(http_url
));
30 EXPECT_TRUE(SiteIsolationPolicy::IsBlockableScheme(https_url
));
33 TEST(SiteIsolationPolicyTest
, IsSameSite
) {
34 GURL
a_com_url0("https://mock1.a.com:8080/page1.html");
35 GURL
a_com_url1("https://mock2.a.com:9090/page2.html");
36 GURL
a_com_url2("https://a.com/page3.html");
37 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url0
, a_com_url1
));
38 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url1
, a_com_url2
));
39 EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(a_com_url2
, a_com_url0
));
41 GURL
b_com_url0("https://mock1.b.com/index.html");
42 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0
, b_com_url0
));
44 GURL
about_blank_url("about:blank");
45 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0
, about_blank_url
));
47 GURL
chrome_url("chrome://extension");
48 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0
, chrome_url
));
51 EXPECT_FALSE(SiteIsolationPolicy::IsSameSite(a_com_url0
, empty_url
));
54 TEST(SiteIsolationPolicyTest
, IsValidCorsHeaderSet
) {
55 GURL
frame_origin("http://www.google.com");
56 GURL
site_origin("http://www.yahoo.com");
58 EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet(
59 frame_origin
, site_origin
, "*"));
60 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
61 frame_origin
, site_origin
, "\"*\""));
62 EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet(
63 frame_origin
, site_origin
, "http://mail.google.com"));
64 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
65 frame_origin
, site_origin
, "https://mail.google.com"));
66 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
67 frame_origin
, site_origin
, "http://yahoo.com"));
68 EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
69 frame_origin
, site_origin
, "www.google.com"));
72 TEST(SiteIsolationPolicyTest
, SniffForHTML
) {
73 StringPiece
html_data(" \t\r\n <HtMladfokadfkado");
74 StringPiece
comment_html_data(" <!-- this is comment --> <html><body>");
75 StringPiece
two_comments_html_data(
76 "<!-- this is comment -->\n<!-- this is comment --><html><body>");
77 StringPiece
mixed_comments_html_data(
78 "<!-- this is comment <!-- --> <script></script>");
79 StringPiece
non_html_data(" var name=window.location;\nadfadf");
80 StringPiece
comment_js_data(" <!-- this is comment -> document.write(1); ");
81 StringPiece
empty_data("");
83 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(html_data
));
84 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(comment_html_data
));
85 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(two_comments_html_data
));
86 EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(mixed_comments_html_data
));
87 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(non_html_data
));
88 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(comment_js_data
));
90 // Basic bounds check.
91 EXPECT_FALSE(SiteIsolationPolicy::SniffForHTML(empty_data
));
94 TEST(SiteIsolationPolicyTest
, SniffForXML
) {
95 StringPiece
xml_data(" \t \r \n <?xml version=\"1.0\"?>\n <catalog");
96 StringPiece
non_xml_data(" var name=window.location;\nadfadf");
97 StringPiece
empty_data("");
99 EXPECT_TRUE(SiteIsolationPolicy::SniffForXML(xml_data
));
100 EXPECT_FALSE(SiteIsolationPolicy::SniffForXML(non_xml_data
));
102 // Basic bounds check.
103 EXPECT_FALSE(SiteIsolationPolicy::SniffForXML(empty_data
));
106 TEST(SiteIsolationPolicyTest
, SniffForJSON
) {
107 StringPiece
json_data("\t\t\r\n { \"name\" : \"chrome\", ");
108 StringPiece
non_json_data0("\t\t\r\n { name : \"chrome\", ");
109 StringPiece
non_json_data1("\t\t\r\n foo({ \"name\" : \"chrome\", ");
110 StringPiece
empty_data("");
113 SiteIsolationPolicy::SniffForJSON(json_data
));
114 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(non_json_data0
));
115 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(non_json_data1
));
117 // Basic bounds check.
118 EXPECT_FALSE(SiteIsolationPolicy::SniffForJSON(empty_data
));
121 TEST(SiteIsolationPolicyTest
, SniffForJS
) {
122 StringPiece
basic_js_data("var a = 4");
123 StringPiece
js_data("\t\t\r\n var a = 4");
124 StringPiece
json_data("\t\t\r\n { \"name\" : \"chrome\", ");
125 StringPiece
empty_data("");
127 EXPECT_TRUE(SiteIsolationPolicy::SniffForJS(js_data
));
128 EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(json_data
));
130 // Basic bounds check.
131 EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(empty_data
));
134 } // namespace content
