Add tests for SecurityOrigin::IsPotentiallyTrustworthy

This CL adds tests for SecurityOrigin::IsPotentiallyTrustworthy, similar to the one added for SecurityOriginIsSecure and network::Is*PotentiallyTrustworthy added in [1]. [1] https://chromium-review.googlesource.com/c/chromium/src/+/2593629 Bug: 1153336 Change-Id: I15edacefc65294aae2472b82d30b19d93e37b11c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2610100Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Frédéric Wang <fwang@igalia.com> Cr-Commit-Position: refs/heads/master@{#842031}

Add tests for SecurityOrigin::IsPotentiallyTrustworthy
This CL adds tests for SecurityOrigin::IsPotentiallyTrustworthy, similar to the one added for SecurityOriginIsSecure and network::Is*PotentiallyTrustworthy added in [1]. [1] https://chromium-review.googlesource.com/c/chromium/src/+/2593629 Bug: 1153336 Change-Id: I15edacefc65294aae2472b82d30b19d93e37b11c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2610100Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Frédéric Wang <fwang@igalia.com> Cr-Commit-Position: refs/heads/master@{#842031}
1e212cf3 · Frédéric Wang · Chromium LUCI CQ · a7b5ed37 · 1e212cf3
Commit 1e212cf3 authored Jan 11, 2021 by Frédéric Wang Committed by Chromium LUCI CQ Jan 11, 2021
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 0 deletions

third_party/blink/renderer/platform/weborigin/security_origin_test.cc ...blink/renderer/platform/weborigin/security_origin_test.cc +18 -0

No files found.
--- a/third_party/blink/renderer/platform/weborigin/security_origin_test.cc
+++ b/third_party/blink/renderer/platform/weborigin/security_origin_test.cc
@@ -103,6 +103,9 @@ TEST_F(SecurityOriginTest, IsPotentiallyTrustworthy) {
    const char* url;
  };

+  // TODO(crbug.com/1153336): Merge SecurityOrigin::IsPotentiallyTrustworthy
+  // into network::IsOriginPotentiallyTrustworthy.
+  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
  TestCase inputs[] = {
      // Access is granted to webservers running on localhost.
      {true, true, "http://localhost"},
@@ -153,6 +156,7 @@ TEST_F(SecurityOriginTest, IsPotentiallyTrustworthy) {
      // Secure transports are considered trustworthy.
      {true, false, "https://foobar.com"},
      {true, false, "wss://foobar.com"},
+      {true, false, "quic-transport://example.com/counter"},

      // Insecure transports are not considered trustworthy.
      {false, false, "ftp://foobar.com"},
@@ -173,6 +177,10 @@ TEST_F(SecurityOriginTest, IsPotentiallyTrustworthy) {
       "blob:https://foopy:99/578223a1-8c13-17b3-84d5-eca045ae384a"},
      {false, false, "blob:http://baz:99/578223a1-8c13-17b3-84d5-eca045ae384a"},
      {false, false, "blob:ftp://evil:99/578223a1-8c13-17b3-84d5-eca045ae384a"},
+      {false, false, "blob:data:text/html,Hello"},
+      {false, false, "blob:about:blank"},
+      {false, false,
+       "blob:blob:https://example.com/578223a1-8c13-17b3-84d5-eca045ae384a"},

      // filesystem: URLs work the same as blob: URLs, and look to the inner
      // URL for security origin.
@@ -180,6 +188,16 @@ TEST_F(SecurityOriginTest, IsPotentiallyTrustworthy) {
      {true, false, "filesystem:https://foopy:99/foo"},
      {false, false, "filesystem:http://baz:99/foo"},
      {false, false, "filesystem:ftp://evil:99/foo"},
+      {false, false, "filesystem:data:text/html,Hello"},
+      {false, false, "filesystem:about:blank"},
+      {false, false,
+       "filesystem:blob:https://example.com/"
+       "578223a1-8c13-17b3-84d5-eca045ae384a"},
+
+      // about: and data: URLs.
+      {false, false, "about:blank"},
+      {false, false, "about:srcdoc"},
+      {false, false, "data:text/html,Hello"},
  };

  for (size_t i = 0; i < base::size(inputs); ++i) {