diff options
Diffstat (limited to 'chrome')
-rw-r--r-- | chrome/chrome_tests.gypi | 1 | ||||
-rw-r--r-- | chrome/renderer/content_settings_observer.cc | 62 | ||||
-rw-r--r-- | chrome/renderer/content_settings_observer.h | 9 | ||||
-rw-r--r-- | chrome/renderer/content_settings_observer_unittest.cc | 65 |
4 files changed, 111 insertions, 26 deletions
diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi index e19a1c2..5c76016 100644 --- a/chrome/chrome_tests.gypi +++ b/chrome/chrome_tests.gypi @@ -1990,6 +1990,7 @@ 'common/worker_thread_ticker_unittest.cc', 'common/zip_reader_unittest.cc', 'common/zip_unittest.cc', + 'renderer/content_settings_observer_unittest.cc', 'renderer/extensions/chrome_v8_context_set_unittest.cc', 'renderer/extensions/extension_api_json_validity_unittest.cc', 'renderer/extensions/json_schema_unittest.cc', diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc index 1fcdc20..17b33ae 100644 --- a/chrome/renderer/content_settings_observer.cc +++ b/chrome/renderer/content_settings_observer.cc @@ -29,32 +29,6 @@ using content::NavigationState; namespace { -// True if |frame| contains content that is white-listed for content settings. -static bool IsWhitelistedForContentSettings(WebFrame* frame) { - WebSecurityOrigin origin = frame->document().securityOrigin(); - if (origin.isUnique()) - return false; // Uninitialized document? - - if (EqualsASCII(origin.protocol(), chrome::kChromeUIScheme)) - return true; // Browser UI elements should still work. - - if (EqualsASCII(origin.protocol(), chrome::kChromeDevToolsScheme)) - return true; // DevTools UI elements should still work. - - // If the scheme is ftp: or file:, an empty file name indicates a directory - // listing, which requires JavaScript to function properly. - GURL document_url = frame->document().url(); - const char* kDirProtocols[] = { chrome::kFtpScheme, chrome::kFileScheme }; - for (size_t i = 0; i < arraysize(kDirProtocols); ++i) { - if (EqualsASCII(origin.protocol(), kDirProtocols[i])) { - return document_url.SchemeIs(kDirProtocols[i]) && - document_url.ExtractFileName().empty(); - } - } - - return false; -} - GURL GetOriginOrURL(const WebFrame* frame) { WebString top_origin = frame->top()->document().securityOrigin().toString(); // The the |top_origin| is unique ("null") e.g., for file:// URLs. Use the @@ -308,3 +282,39 @@ void ContentSettingsObserver::ClearBlockedContentSettings() { cached_storage_permissions_.clear(); cached_script_permissions_.clear(); } + +bool ContentSettingsObserver::IsWhitelistedForContentSettings(WebFrame* frame) { + return IsWhitelistedForContentSettings(frame->document().securityOrigin(), + frame->document().url()); +} + +bool ContentSettingsObserver::IsWhitelistedForContentSettings( + const WebSecurityOrigin& origin, + const GURL& document_url) { + if (origin.isUnique()) + return false; // Uninitialized document? + + if (EqualsASCII(origin.protocol(), chrome::kChromeUIScheme)) + return true; // Browser UI elements should still work. + + if (EqualsASCII(origin.protocol(), chrome::kChromeDevToolsScheme)) + return true; // DevTools UI elements should still work. + + if (EqualsASCII(origin.protocol(), chrome::kExtensionScheme)) + return true; + + if (EqualsASCII(origin.protocol(), chrome::kChromeInternalScheme)) + return true; + + // If the scheme is ftp: or file:, an empty file name indicates a directory + // listing, which requires JavaScript to function properly. + const char* kDirProtocols[] = { chrome::kFtpScheme, chrome::kFileScheme }; + for (size_t i = 0; i < arraysize(kDirProtocols); ++i) { + if (EqualsASCII(origin.protocol(), kDirProtocols[i])) { + return document_url.SchemeIs(kDirProtocols[i]) && + document_url.ExtractFileName().empty(); + } + } + + return false; +} diff --git a/chrome/renderer/content_settings_observer.h b/chrome/renderer/content_settings_observer.h index a76e71c..027867c 100644 --- a/chrome/renderer/content_settings_observer.h +++ b/chrome/renderer/content_settings_observer.h @@ -66,6 +66,8 @@ class ContentSettingsObserver void DidNotAllowScript(WebKit::WebFrame* frame); private: + FRIEND_TEST_ALL_PREFIXES(ContentSettingsObserverTest, WhitelistedSchemes); + // RenderViewObserver implementation. virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE; virtual void DidCommitProvisionalLoad(WebKit::WebFrame* frame, @@ -77,6 +79,13 @@ class ContentSettingsObserver // Resets the |content_blocked_| array. void ClearBlockedContentSettings(); + // Helpers. + // True if |frame| contains content that is white-listed for content settings. + static bool IsWhitelistedForContentSettings(WebKit::WebFrame* frame); + static bool IsWhitelistedForContentSettings( + const WebKit::WebSecurityOrigin& origin, + const GURL& document_url); + // A pointer to content setting rules stored by the renderer. Normally, the // |RendererContentSettingRules| object is owned by // |ChromeRenderProcessObserver|. In the tests it is owned by the caller of diff --git a/chrome/renderer/content_settings_observer_unittest.cc b/chrome/renderer/content_settings_observer_unittest.cc new file mode 100644 index 0000000..db587ff --- /dev/null +++ b/chrome/renderer/content_settings_observer_unittest.cc @@ -0,0 +1,65 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/renderer/content_settings_observer.h" + +#include "chrome/common/url_constants.h" +#include "content/public/common/url_constants.h" +#include "googleurl/src/gurl.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" + +using WebKit::WebSecurityOrigin; + +typedef testing::Test ContentSettingsObserverTest; + +TEST_F(ContentSettingsObserverTest, WhitelistedSchemes) { + std::string end_url = ":something"; + + GURL chrome_ui_url = + GURL(std::string(chrome::kChromeUIScheme).append(end_url)); + EXPECT_TRUE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(chrome_ui_url), + GURL())); + + GURL chrome_dev_tools_url = + GURL(std::string(chrome::kChromeDevToolsScheme).append(end_url)); + EXPECT_TRUE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(chrome_dev_tools_url), + GURL())); + + GURL extension_url = + GURL(std::string(chrome::kExtensionScheme).append(end_url)); + EXPECT_TRUE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(extension_url), + GURL())); + + GURL chrome_internal_url = + GURL(std::string(chrome::kChromeInternalScheme).append(end_url)); + EXPECT_TRUE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(chrome_internal_url), + GURL())); + + GURL file_url("file:///dir/"); + EXPECT_TRUE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(file_url), + GURL("file:///dir/"))); + EXPECT_FALSE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(file_url), + GURL("file:///dir/file"))); + + GURL ftp_url("ftp:///dir/"); + EXPECT_TRUE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(ftp_url), + GURL("ftp:///dir/"))); + EXPECT_FALSE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(ftp_url), + GURL("ftp:///dir/file"))); + + GURL http_url = + GURL("http://server.com/path"); + EXPECT_FALSE(ContentSettingsObserver::IsWhitelistedForContentSettings( + WebSecurityOrigin::create(http_url), + GURL())); +} |