Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/csp_validator_unittest.cc

Issue 10855122: Whitelisting `127.0.0.1` and `localhost` for HTTP in extensions' CSP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Second pass. Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/extensions/csp_validator.cc ('k') | chrome/common/extensions/docs/extensions/contentSecurityPolicy.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/csp_validator.h" 5 #include "chrome/common/extensions/csp_validator.h"
6 #include "testing/gtest/include/gtest/gtest.h" 6 #include "testing/gtest/include/gtest/gtest.h"
7 7
8 using extensions::csp_validator::ContentSecurityPolicyIsLegal; 8 using extensions::csp_validator::ContentSecurityPolicyIsLegal;
9 using extensions::csp_validator::ContentSecurityPolicyIsSecure; 9 using extensions::csp_validator::ContentSecurityPolicyIsSecure;
10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed; 10 using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
69 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 69 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
70 "default-src 'self' http:")); 70 "default-src 'self' http:"));
71 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 71 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
72 "default-src 'self' https://*")); 72 "default-src 'self' https://*"));
73 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 73 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
74 "default-src 'self' *")); 74 "default-src 'self' *"));
75 EXPECT_FALSE(ContentSecurityPolicyIsSecure( 75 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
76 "default-src 'self' google.com")); 76 "default-src 'self' google.com"));
77 EXPECT_TRUE(ContentSecurityPolicyIsSecure( 77 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
78 "default-src 'self' https://*.google.com")); 78 "default-src 'self' https://*.google.com"));
79
80 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
81 "default-src 'self' http://127.0.0.1"));
82 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
83 "default-src 'self' http://localhost"));
84 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
85 "default-src 'self' http://lOcAlHoSt"));
86 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
87 "default-src 'self' http://127.0.0.1:9999"));
88 EXPECT_TRUE(ContentSecurityPolicyIsSecure(
89 "default-src 'self' http://localhost:8888"));
90 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
91 "default-src 'self' http://127.0.0.1.example.com"));
92 EXPECT_FALSE(ContentSecurityPolicyIsSecure(
93 "default-src 'self' http://localhost.example.com"));
79 } 94 }
80 95
81 TEST(ExtensionCSPValidator, IsSandboxed) { 96 TEST(ExtensionCSPValidator, IsSandboxed) {
82 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("", Extension::TYPE_EXTENSION)); 97 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed("", Extension::TYPE_EXTENSION));
83 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 98 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
84 "img-src https://google.com", Extension::TYPE_EXTENSION)); 99 "img-src https://google.com", Extension::TYPE_EXTENSION));
85 100
86 // Sandbox directive is required. 101 // Sandbox directive is required.
87 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 102 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
88 "sandbox", Extension::TYPE_EXTENSION)); 103 "sandbox", Extension::TYPE_EXTENSION));
(...skipping 12 matching lines...) Expand all
101 // Extensions allow navigation and popups, platform apps don't. 116 // Extensions allow navigation and popups, platform apps don't.
102 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 117 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
103 "sandbox allow-top-navigation", Extension::TYPE_EXTENSION)); 118 "sandbox allow-top-navigation", Extension::TYPE_EXTENSION));
104 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 119 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
105 "sandbox allow-top-navigation", Extension::TYPE_PLATFORM_APP)); 120 "sandbox allow-top-navigation", Extension::TYPE_PLATFORM_APP));
106 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 121 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
107 "sandbox allow-popups", Extension::TYPE_EXTENSION)); 122 "sandbox allow-popups", Extension::TYPE_EXTENSION));
108 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 123 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
109 "sandbox allow-popups", Extension::TYPE_PLATFORM_APP)); 124 "sandbox allow-popups", Extension::TYPE_PLATFORM_APP));
110 } 125 }
OLDNEW
« no previous file with comments | « chrome/common/extensions/csp_validator.cc ('k') | chrome/common/extensions/docs/extensions/contentSecurityPolicy.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698