diff options
| author | joaodasilva@chromium.org <joaodasilva@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-18 22:21:46 +0000 |
|---|---|---|
| committer | joaodasilva@chromium.org <joaodasilva@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-18 22:21:46 +0000 |
| commit | 419a0571dda6e5cc297331c845f68da7485302da (patch) | |
| tree | 84f08f760b5023b8ab725b3e0dc0d6501a795181 /content/browser/child_process_security_policy_unittest.cc | |
| parent | f2ee14875f7f7945613b7224e377467c2a864bee (diff) | |
| download | chromium_src-419a0571dda6e5cc297331c845f68da7485302da.zip chromium_src-419a0571dda6e5cc297331c845f68da7485302da.tar.gz chromium_src-419a0571dda6e5cc297331c845f68da7485302da.tar.bz2 | |
Added DisabledSchemes policy.
This is a list of strings. Any protocol scheme listed in this policy is
disabled, and URLs using that scheme won't load (either from the Omnibar, links,
bookmarks, or when requested from the renderer to the browser).
Also introduced ListPrefMember, to track a ListValue preference.
"Virtual" or "pseudo" protocol schemes such as "about" and "view-source" are
also handled.
BUG=57477
TEST=unit_tests, use a policy to disable specific schemes (e.g. "file", "ftp")
Review URL: http://codereview.chromium.org/6712065
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82013 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/child_process_security_policy_unittest.cc')
| -rw-r--r-- | content/browser/child_process_security_policy_unittest.cc | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc index e20178e..53799b7 100644 --- a/content/browser/child_process_security_policy_unittest.cc +++ b/content/browser/child_process_security_policy_unittest.cc @@ -52,9 +52,25 @@ TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); - EXPECT_FALSE(p->IsPseudoScheme("registered-psuedo-scheme")); - p->RegisterPseudoScheme("registered-psuedo-scheme"); - EXPECT_TRUE(p->IsPseudoScheme("registered-psuedo-scheme")); + EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); + p->RegisterPseudoScheme("registered-pseudo-scheme"); + EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); +} + +TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) { + ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); + + EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); + std::set<std::string> disabled_set; + disabled_set.insert("evil-scheme"); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_TRUE(p->IsDisabledScheme("evil-scheme")); + EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); + + disabled_set.clear(); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); + EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); } TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { @@ -161,6 +177,17 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); + std::set<std::string> disabled_set; + disabled_set.insert("evil-scheme"); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); + disabled_set.clear(); + p->RegisterDisabledSchemes(disabled_set); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); + EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); + // We should forget our state if we repeat a renderer id. p->Remove(kRendererID); p->Add(kRendererID); |