diff options
| author | dewittj@chromium.org <dewittj@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-23 06:06:41 +0000 |
|---|---|---|
| committer | dewittj@chromium.org <dewittj@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-23 06:06:41 +0000 |
| commit | fd26947e848b8acbb37ecef8f473b1e886e1f8b5 (patch) | |
| tree | 7f72b32b42cb5e718daeac57c9256fd4ed5ce4af /chrome/browser/extensions/api/notification | |
| parent | 8d851e1d7269b4f70caabfda4cf68083d264dd60 (diff) | |
| download | chromium_src-fd26947e848b8acbb37ecef8f473b1e886e1f8b5.zip chromium_src-fd26947e848b8acbb37ecef8f473b1e886e1f8b5.tar.gz chromium_src-fd26947e848b8acbb37ecef8f473b1e886e1f8b5.tar.bz2 | |
Enforce CSP on images for chrome.experimental.notification.
This changes the behavior of the API by using a renderer
custom binding to enforce that all supplied URLs are
converted into data URLs. Additionally, it checks that the
URLs provided to the backend have the data:// scheme, so
new URLs added in future versions of the API will not load
unless they are also converted to data URLs.
miket:everything
ben: chrome_renderer.gypi
TBR=ben@chromium.org
BUG=173698
Review URL: https://chromiumcodereview.appspot.com/12320055
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@184291 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/extensions/api/notification')
| -rw-r--r-- | chrome/browser/extensions/api/notification/notification_apitest.cc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/chrome/browser/extensions/api/notification/notification_apitest.cc b/chrome/browser/extensions/api/notification/notification_apitest.cc index 7c9970f..eead88f 100644 --- a/chrome/browser/extensions/api/notification/notification_apitest.cc +++ b/chrome/browser/extensions/api/notification/notification_apitest.cc @@ -41,8 +41,7 @@ IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestIdUsage) { "[\"\", " // Empty string: ask API to generate ID "{" "\"templateType\": \"simple\"," - "\"iconUrl\": \"http://www.google.com/intl/en/chrome/assets/" - "common/images/chrome_logo_2x.png\"," + "\"iconUrl\": \"an/image/that/does/not/exist.png\"," "\"title\": \"Attention!\"," "\"message\": \"Check out Cirque du Soleil\"" "}]", @@ -67,8 +66,7 @@ IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestIdUsage) { "[\"" + notification_id + "\", " "{" "\"templateType\": \"simple\"," - "\"iconUrl\": \"http://www.google.com/intl/en/chrome/assets/" - "common/images/chrome_logo_2x.png\"," + "\"iconUrl\": \"an/image/that/does/not/exist.png\"," "\"title\": \"Attention!\"," "\"message\": \"Too late! The show ended yesterday\"" "}]", @@ -100,8 +98,7 @@ IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestIdUsage) { "[\"xxxxxxxxxxxx\", " "{" "\"templateType\": \"simple\"," - "\"iconUrl\": \"http://www.google.com/intl/en/chrome/assets/" - "common/images/chrome_logo_2x.png\"," + "\"iconUrl\": \"an/image/that/does/not/exist.png\"," "\"title\": \"!\"," "\"message\": \"!\"" "}]", @@ -166,8 +163,7 @@ IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestBaseFormatNotification) { "[\"\", " "{" "\"templateType\": \"basic\"," - "\"iconUrl\": \"http://www.google.com/intl/en/chrome/assets/" - "common/images/chrome_logo_2x.png\"," + "\"iconUrl\": \"an/image/that/does/not/exist.png\"," "\"title\": \"Attention!\"," "\"message\": \"Check out Cirque du Soleil\"," "\"priority\": 1," @@ -206,7 +202,7 @@ IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestMultipleItemNotification) { "[\"\", " "{" "\"templateType\": \"list\"," - "\"iconUrl\": \"https://code.google.com/p/chromium/logo\"," + "\"iconUrl\": \"an/image/that/does/not/exist.png\"," "\"title\": \"Multiple Item Notification Title\"," "\"message\": \"Multiple item notification message.\"," "\"items\": [" @@ -236,3 +232,7 @@ IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestMultipleItemNotification) { IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestEvents) { ASSERT_TRUE(RunExtensionTest("notification/api/events")) << message_; } + +IN_PROC_BROWSER_TEST_F(NotificationApiTest, TestCSP) { + ASSERT_TRUE(RunExtensionTest("notification/api/csp")) << message_; +} |