-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add more tests for dangling markup mitigation
Adding more tests per this comment[1]. [1] whatwg/html#10022 (review) Change-Id: Ia3360404630c1c22b1dad14ed930c0517f66b6e7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5362504 Reviewed-by: Jonathan Hao <phao@chromium.org> Reviewed-by: Yifan Luo <lyf@chromium.org> Commit-Queue: Jun Kokatsu <jkokatsu@google.com> Cr-Commit-Position: refs/heads/main@{#1275548}
- Loading branch information
Showing
8 changed files
with
106 additions
and
36 deletions.
There are no files selected for viewing
7 changes: 0 additions & 7 deletions
7
...l/wpt/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis-expected.txt
This file was deleted.
Oops, something went wrong.
26 changes: 0 additions & 26 deletions
26
.../external/wpt/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html
This file was deleted.
Oops, something went wrong.
17 changes: 17 additions & 0 deletions
17
...rity/dangling-markup/dangling-markup-mitigation-allowed-apis.tentative.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
This is a testharness.js-based test. | ||
[FAIL] Does not block window.open(`resources/empty.html?\n<`,'_self') | ||
assert_false: expected false got true | ||
[FAIL] Does not block location.replace(`resources/empty.html?\n<`) | ||
assert_false: expected false got true | ||
[FAIL] Does not block xhr | ||
assert_true: expected true got false | ||
[FAIL] Does not block EventSource | ||
assert_true: expected true got false | ||
[FAIL] Does not block fetch | ||
assert_true: expected true got false | ||
[FAIL] Does not block Worker | ||
assert_true: expected true got false | ||
[FAIL] Does not block importScripts | ||
assert_true: expected true got false | ||
Harness: the test ran to completion. | ||
|
80 changes: 80 additions & 0 deletions
80
...tch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
<!DOCTYPE html> | ||
<meta name="timeout" content="long"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<body> | ||
<script> | ||
const blank = 'about:blank'; | ||
const dangling_url = 'resources/empty.html?\n<'; | ||
const navigation_api_calls = [ | ||
`window.open(\`${dangling_url}\`,'_self')`, | ||
`location.replace(\`${dangling_url}\`)`, | ||
]; | ||
|
||
function get_requests(worker, expected) { | ||
return new Promise(resolve => { | ||
navigator.serviceWorker.addEventListener('message', function onMsg(evt) { | ||
if (evt.data.size >= expected) { | ||
navigator.serviceWorker.removeEventListener('message', onMsg); | ||
resolve(evt.data); | ||
} else { | ||
worker.postMessage(""); | ||
} | ||
}); | ||
worker.postMessage(""); | ||
}); | ||
} | ||
|
||
navigation_api_calls.forEach(call => { | ||
async_test(t => { | ||
const iframe = | ||
document.body.appendChild(document.createElement('iframe')); | ||
t.step(() => { | ||
iframe.contentWindow.eval(call); | ||
t.step_timeout(() => { | ||
assert_false(iframe.contentWindow.location.href.endsWith(blank)); | ||
t.done(); | ||
}, 500); | ||
}); | ||
}, `Does not block ${call}`); | ||
}); | ||
|
||
const dangling_resource = "404?type=text/javascript&\n<" | ||
const api_calls = [ | ||
[`const xhr = new XMLHttpRequest(); | ||
xhr.open("GET", \`${"xhr" + dangling_resource}\`); | ||
xhr.send(null);`, "xhr"], | ||
[`new EventSource(\`${"EventSource" + dangling_resource}\`)`,"EventSource"], | ||
[`fetch(\`${"fetch" + dangling_resource}\`).catch(()=>{})`, "fetch"], | ||
[`new Worker(\`${"Worker" + dangling_resource}\`)`, "Worker"], | ||
[`let text = \`try{importScripts(\\\`${location.href + "/../importScripts" + dangling_resource}\\\`)}catch(e){}\`; | ||
let blob = new Blob([text], {type : 'text/javascript'}); | ||
let url = URL.createObjectURL(blob); | ||
new Worker(url)`, "importScripts"], | ||
|
||
]; | ||
|
||
navigator.serviceWorker.register('service-worker.js'); | ||
const iframe = document.createElement('iframe'); | ||
iframe.src = "resources/empty.html"; | ||
document.body.appendChild(iframe); | ||
api_calls.forEach(call => { | ||
promise_test(t => { | ||
return new Promise(resolve => { | ||
navigator.serviceWorker.ready.then(t.step_func(registration => { | ||
iframe.contentWindow.eval(call[0]); | ||
get_requests(registration.active, 0).then(t.step_func(requests => { | ||
resolve(assert_true(requests.has(call[1] + dangling_resource))); | ||
})); | ||
})); | ||
}); | ||
}, `Does not block ${call[1]}`); | ||
}); | ||
|
||
async_test(t => { | ||
let url = new URL(location.origin + "/" + dangling_url); | ||
// Newlines are removed by the URL parser. | ||
assert_true(url.href.endsWith(encodeURI(dangling_url.replace("\n","")))); | ||
t.done(); | ||
}, `Does not block new URL()`); | ||
</script> |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters