Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(241)

Unified Diff: chrome/common/extensions/csp_validator_unittest.cc

Issue 10458063: Add sanbdoxed_pages to allow extension/app pages to be served in a sandboxed, unique origin (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: CheckCurrentContextAccessToExtensionAPI Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/common/extensions/csp_validator_unittest.cc
diff --git a/chrome/common/extensions/csp_validator_unittest.cc b/chrome/common/extensions/csp_validator_unittest.cc
index 5b9bfbeb5d99b9420f50c1feb4c485c46c293621..33c3deb164e650095f0608b9457318793b514fa1 100644
--- a/chrome/common/extensions/csp_validator_unittest.cc
+++ b/chrome/common/extensions/csp_validator_unittest.cc
@@ -7,6 +7,8 @@
using extensions::csp_validator::ContentSecurityPolicyIsLegal;
using extensions::csp_validator::ContentSecurityPolicyIsSecure;
+using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;
+using extensions::Extension;
TEST(ExtensionCSPValidator, IsLegal) {
EXPECT_TRUE(ContentSecurityPolicyIsLegal("foo"));
@@ -75,3 +77,34 @@ TEST(ExtensionCSPValidator, IsSecure) {
EXPECT_TRUE(ContentSecurityPolicyIsSecure(
"default-src 'self' https://*.google.com"));
}
+
+TEST(ExtensionCSPValidator, IsSandboxed) {
+ EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("", Extension::TYPE_EXTENSION));
+ EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
+ "img-src https://google.com", Extension::TYPE_EXTENSION));
+
+ // Sandbox directive is required.
+ EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
+ "sandbox", Extension::TYPE_EXTENSION));
+
+ // Additional sandbox tokens are OK.
+ EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
+ "sandbox allow-scripts", Extension::TYPE_EXTENSION));
+ // Except for allow-same-origin.
+ EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
+ "sandbox allow-same-origin", Extension::TYPE_EXTENSION));
+
+ // Additional directives are OK.
+ EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
+ "sandbox; img-src https://google.com", Extension::TYPE_EXTENSION));
+
+ // Extensions allow navigation and popups, platform apps don't.
+ EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
+ "sandbox allow-top-navigation", Extension::TYPE_EXTENSION));
+ EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
+ "sandbox allow-top-navigation", Extension::TYPE_PLATFORM_APP));
+ EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
+ "sandbox allow-popups", Extension::TYPE_EXTENSION));
+ EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
+ "sandbox allow-popups", Extension::TYPE_PLATFORM_APP));
+}

Powered by Google App Engine
This is Rietveld 408576698