Add test for URL.createObjectURL on custom schemes

Works with registered custom schemes, does not work with unregistered ones. In the latter case the function call is treated as a security violation and the renderer process is killed. Task-number: QTBUG-70420 Change-Id: I9c6fc0f02b44854bbceaffd1efbfe065dee61582 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Jüri Valdmann <juri.valdmann@qt.io> 2018-09-12 17:08:18 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-09-29 18:46:59 +0000
commit: 774f8d3d8099286ee1202fb8b809b399b4632fb3 (patch)
tree: 056b8247806061119748aca8e50adeba2e55f8f3
parent: 033c0c3ffec807b86d6c08e5dc95ec541927c53d (diff)
3 files changed, 30 insertions, 0 deletions
diff --git a/tests/auto/widgets/origins/resources/createObjectURL.html b/tests/auto/widgets/origins/resources/createObjectURL.html
new file mode 100644
index 000000000..133f636bb
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/createObjectURL.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>createObjectURL</title>
+        <script>
+         const blob = new Blob(['foo']);
+         const result = URL.createObjectURL(blob);
+        </script>
+    </head>
+    <body></body>
+</html>
diff --git a/tests/auto/widgets/origins/tst_origins.cpp b/tests/auto/widgets/origins/tst_origins.cpp
index 38b23f64e..a24791f6f 100644
--- a/tests/auto/widgets/origins/tst_origins.cpp
+++ b/tests/auto/widgets/origins/tst_origins.cpp
@@ -184,6 +184,7 @@ private Q_SLOTS:
     void sharedWorker();
     void serviceWorker();
     void viewSource();
+    void createObjectURL();
 
 private:
     bool load(const QUrl &url)
@@ -682,5 +683,22 @@ void tst_Origins::viewSource()
     QCOMPARE(m_page->requestedUrl().toString(), QSL("pathsyntax-viewsourceallowed:/resources/viewSource.html"));
 }
 
+void tst_Origins::createObjectURL()
+{
+    // Legal for registered custom schemes.
+    QVERIFY(load(QSL("qrc:/resources/createObjectURL.html")));
+    QVERIFY(eval(QSL("result")).toString().startsWith(QSL("blob:qrc:")));
+
+    // Illegal for unregistered schemes (renderer gets terminated).
+    qRegisterMetaType<QWebEnginePage::RenderProcessTerminationStatus>("RenderProcessTerminationStatus");
+    QSignalSpy loadFinishedSpy(m_page, &QWebEnginePage::loadFinished);
+    QSignalSpy renderProcessTerminatedSpy(m_page, &QWebEnginePage::renderProcessTerminated);
+    m_page->load(QSL("tst:/resources/createObjectURL.html"));
+    QVERIFY(!renderProcessTerminatedSpy.empty() || renderProcessTerminatedSpy.wait(20000));
+    QVERIFY(renderProcessTerminatedSpy.front().value(0).value<QWebEnginePage::RenderProcessTerminationStatus>()
+            != QWebEnginePage::NormalTerminationStatus);
+    QVERIFY(loadFinishedSpy.empty());
+}
+
 QTEST_MAIN(tst_Origins)
 #include "tst_origins.moc"
diff --git a/tests/auto/widgets/origins/tst_origins.qrc b/tests/auto/widgets/origins/tst_origins.qrc
index 438fd10ee..0b1fe2d31 100644
--- a/tests/auto/widgets/origins/tst_origins.qrc
+++ b/tests/auto/widgets/origins/tst_origins.qrc
@@ -1,6 +1,7 @@
 <!DOCTYPE RCC>
 <RCC version="1.0">
 <qresource>
+    <file>resources/createObjectURL.html</file>
     <file>resources/dedicatedWorker.html</file>
     <file>resources/dedicatedWorker.js</file>
     <file>resources/mixedSchemes.html</file>
author	Jüri Valdmann <juri.valdmann@qt.io>	2018-09-12 17:08:18 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-09-29 18:46:59 +0000
commit	774f8d3d8099286ee1202fb8b809b399b4632fb3 (patch)
tree	056b8247806061119748aca8e50adeba2e55f8f3
parent	033c0c3ffec807b86d6c08e5dc95ec541927c53d (diff)