diff options
author | rob@robwu.nl <rob@robwu.nl@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-19 23:48:22 +0000 |
---|---|---|
committer | rob@robwu.nl <rob@robwu.nl@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-19 23:50:05 +0000 |
commit | 30f0f606ce6b03f865ae2792ca0ca2498e49092a (patch) | |
tree | 0ea8ba3c4b32a18e3d375407db91f687ffe983e0 /extensions/common/csp_validator_unittest.cc | |
parent | 04caf73c3a5edfd8d10d07e29c7e77a932fdd882 (diff) | |
download | chromium_src-30f0f606ce6b03f865ae2792ca0ca2498e49092a.zip chromium_src-30f0f606ce6b03f865ae2792ca0ca2498e49092a.tar.gz chromium_src-30f0f606ce6b03f865ae2792ca0ca2498e49092a.tar.bz2 |
Disallow non-subdomain wildcards such as https:// and https://*.com wildcard
patterns in the extension's Content Security policy and update the documentation
to clarify the constraints of the CSP.
BUG=404295
Review URL: https://codereview.chromium.org/481643002
Cr-Commit-Position: refs/heads/master@{#290699}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290699 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'extensions/common/csp_validator_unittest.cc')
-rw-r--r-- | extensions/common/csp_validator_unittest.cc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/extensions/common/csp_validator_unittest.cc b/extensions/common/csp_validator_unittest.cc index 693a7910..727a068 100644 --- a/extensions/common/csp_validator_unittest.cc +++ b/extensions/common/csp_validator_unittest.cc @@ -99,11 +99,30 @@ TEST(ExtensionCSPValidator, IsSecure) { EXPECT_FALSE(ContentSecurityPolicyIsSecure( "default-src 'self' *:*/path", Manifest::TYPE_EXTENSION)); EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' https://", Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( "default-src 'self' https://*:*", Manifest::TYPE_EXTENSION)); EXPECT_FALSE(ContentSecurityPolicyIsSecure( "default-src 'self' https://*:*/", Manifest::TYPE_EXTENSION)); EXPECT_FALSE(ContentSecurityPolicyIsSecure( "default-src 'self' https://*:*/path", Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' https://*.com", Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' https://*.*.google.com/", Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' https://*.*.google.com:*/", + Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' https://www.*.google.com/", + Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' https://www.*.google.com:*/", + Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' chrome://*", Manifest::TYPE_EXTENSION)); + EXPECT_FALSE(ContentSecurityPolicyIsSecure( + "default-src 'self' chrome-extension://*", Manifest::TYPE_EXTENSION)); EXPECT_TRUE(ContentSecurityPolicyIsSecure( "default-src 'self' https://*.google.com", Manifest::TYPE_EXTENSION)); |