diff options
Diffstat (limited to 'chrome_frame/html_utils_unittest.cc')
| -rw-r--r-- | chrome_frame/html_utils_unittest.cc | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/chrome_frame/html_utils_unittest.cc b/chrome_frame/html_utils_unittest.cc new file mode 100644 index 0000000..73b7a4a --- /dev/null +++ b/chrome_frame/html_utils_unittest.cc @@ -0,0 +1,61 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/logging.h" +#include "chrome_frame/html_utils.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace { + +TEST(HttpUtils, HasFrameBustingHeader) { + // Simple negative cases. + ASSERT_FALSE(http_utils::HasFrameBustingHeader("")); + ASSERT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain")); + // Explicit negative cases, test that we ignore case. + ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL")); + ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall")); + ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL")); + // Added space, ensure stripped out + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL ")); + // Added space with linefeed, ensure still stripped out + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL \r\n")); + // Multiple identical headers, all of them allowing framing. + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL\r\n" + "X-Frame-Options: ALLOWALL\r\n" + "X-Frame-Options: ALLOWALL")); + // Interleave with other headers. + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "Content-Type: text/plain\r\n" + "X-Frame-Options: ALLOWALL\r\n" + "Content-Length: 42")); + + // Simple positive cases. + ASSERT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: SAMEorigin")); + + // Allowall entries do not override the denying entries, are + // order-independent, and the deny entries can interleave with + // other headers. + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "Content-Length: 42\r\n" + "X-Frame-Options: ALLOWall\r\n" + "X-Frame-Options: deny\r\n")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWall\r\n" + "Content-Length: 42\r\n" + "X-Frame-Options: SAMEORIGIN\r\n")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: deny\r\n" + "X-Frame-Options: ALLOWall\r\n" + "Content-Length: 42\r\n")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: SAMEORIGIN\r\n" + "X-Frame-Options: ALLOWall\r\n")); +} + +} // namespace |