diff options
author | Jüri Valdmann <juri.valdmann@qt.io> | 2018-06-01 14:09:46 +0200 |
---|---|---|
committer | Jüri Valdmann <juri.valdmann@qt.io> | 2018-06-28 08:27:58 +0000 |
commit | c0d4761f1ee5b09fc908f8d9a58f6fb83e9b79a6 (patch) | |
tree | 8fbf009193fe2102eee36b2f1cd1a7d23b6a8b51 /tests/auto/widgets/origins | |
parent | 9055a9ba59c4077a676c9ec6438afb717fa6ca83 (diff) |
Test iframes over file scheme in tst_Origins::mixedSchemes
Add previously missing combinations of schemes to the test.
Task-number: QTBUG-62536
Change-Id: Idee99ba03ee17af056e57dd0b1ecbf1b6bc80dcd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'tests/auto/widgets/origins')
-rw-r--r-- | tests/auto/widgets/origins/resources/mixed.html | 31 | ||||
-rw-r--r-- | tests/auto/widgets/origins/resources/mixed_frame.html | 3 | ||||
-rw-r--r-- | tests/auto/widgets/origins/resources/mixed_qrc.html | 12 | ||||
-rw-r--r-- | tests/auto/widgets/origins/resources/mixed_tst.html | 12 | ||||
-rw-r--r-- | tests/auto/widgets/origins/tst_origins.cpp | 46 | ||||
-rw-r--r-- | tests/auto/widgets/origins/tst_origins.qrc | 3 |
6 files changed, 64 insertions, 43 deletions
diff --git a/tests/auto/widgets/origins/resources/mixed.html b/tests/auto/widgets/origins/resources/mixed.html new file mode 100644 index 000000000..c73e9ecdc --- /dev/null +++ b/tests/auto/widgets/origins/resources/mixed.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + <head> + <title>Mixed</title> + <script> + var result; + var canary; + + function setIFrameUrl(url) { + result = undefined; + canary = undefined; + document.getElementById("iframe").setAttribute("src", url); + // Early fire is OK unless the test is expecting cannotLoad. + // If timeout is too short then a false positive is possible. + setTimeout(() => { result = result || "cannotLoad"; }, 500); + } + + addEventListener("load", function() { + document.getElementById("iframe").addEventListener("load", function() { + if (canary && window[0].canary) + result = "canLoadAndAccess"; + else + result = "canLoadButNotAccess"; + }); + }); + </script> + </head> + <body> + <iframe id="iframe"></iframe> + </body> +</html> diff --git a/tests/auto/widgets/origins/resources/mixed_frame.html b/tests/auto/widgets/origins/resources/mixed_frame.html index 53d341b93..00c20ba37 100644 --- a/tests/auto/widgets/origins/resources/mixed_frame.html +++ b/tests/auto/widgets/origins/resources/mixed_frame.html @@ -3,7 +3,8 @@ <head> <title>Mixed - Frame</title> <script> - parent.msg = "mixed"; + var canary = true; + parent.canary = true; </script> </head> <body></body> diff --git a/tests/auto/widgets/origins/resources/mixed_qrc.html b/tests/auto/widgets/origins/resources/mixed_qrc.html deleted file mode 100644 index 664f7af6f..000000000 --- a/tests/auto/widgets/origins/resources/mixed_qrc.html +++ /dev/null @@ -1,12 +0,0 @@ -<!DOCTYPE html> -<html> - <head> - <title>Mixed</title> - <script> - var msg; - </script> - </head> - <body> - <iframe src="qrc:///resources/mixed_frame.html"></iframe> - </body> -</html> diff --git a/tests/auto/widgets/origins/resources/mixed_tst.html b/tests/auto/widgets/origins/resources/mixed_tst.html deleted file mode 100644 index 627e58098..000000000 --- a/tests/auto/widgets/origins/resources/mixed_tst.html +++ /dev/null @@ -1,12 +0,0 @@ -<!DOCTYPE html> -<html> - <head> - <title>Mixed</title> - <script> - var msg; - </script> - </head> - <body> - <iframe src="tst:///resources/mixed_frame.html"></iframe> - </body> -</html> diff --git a/tests/auto/widgets/origins/tst_origins.cpp b/tests/auto/widgets/origins/tst_origins.cpp index 6b1b4bba5..26329c5b5 100644 --- a/tests/auto/widgets/origins/tst_origins.cpp +++ b/tests/auto/widgets/origins/tst_origins.cpp @@ -226,24 +226,38 @@ void tst_Origins::subdirWithoutAccess() QCOMPARE(eval(QSL("msg[1]")), QVariant(QSL("world"))); } -// Try to mix schemes, for example by loading the main page over file with an -// iframe over qrc. This should be forbidden. +// Load the main page over one scheme with an iframe over another scheme. +// +// For file and qrc schemes, the iframe should load but it should not be +// possible for scripts in different frames to interact. +// +// Additionally for custom schemes access to local content is forbidden, so it +// should not be possible to load an iframe over the file: scheme. void tst_Origins::mixedSchemes() { - QVERIFY(load(QSL("file:" THIS_DIR "resources/mixed_qrc.html"))); - QCOMPARE(eval(QSL("msg")), QVariant()); - QVERIFY(load(QSL("file:" THIS_DIR "resources/mixed_tst.html"))); - QCOMPARE(eval(QSL("msg")), QVariant()); - - QVERIFY(load(QSL("qrc:/resources/mixed_qrc.html"))); - QCOMPARE(eval(QSL("msg")), QVariant(QSL("mixed"))); - QVERIFY(load(QSL("qrc:/resources/mixed_tst.html"))); - QCOMPARE(eval(QSL("msg")), QVariant()); - - QVERIFY(load(QSL("tst:/resources/mixed_qrc.html"))); - QCOMPARE(eval(QSL("msg")), QVariant()); - QVERIFY(load(QSL("tst:/resources/mixed_tst.html"))); - QCOMPARE(eval(QSL("msg")), QVariant(QSL("mixed"))); + QVERIFY(load(QSL("file:" THIS_DIR "resources/mixed.html"))); + eval(QSL("setIFrameUrl('file:" THIS_DIR "resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadAndAccess"))); + eval(QSL("setIFrameUrl('qrc:/resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess"))); + eval(QSL("setIFrameUrl('tst:/resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess"))); + + QVERIFY(load(QSL("qrc:/resources/mixed.html"))); + eval(QSL("setIFrameUrl('file:" THIS_DIR "resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess"))); + eval(QSL("setIFrameUrl('qrc:/resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadAndAccess"))); + eval(QSL("setIFrameUrl('tst:/resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess"))); + + QVERIFY(load(QSL("tst:/resources/mixed.html"))); + eval(QSL("setIFrameUrl('file:" THIS_DIR "resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("cannotLoad"))); + eval(QSL("setIFrameUrl('qrc:/resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess"))); + eval(QSL("setIFrameUrl('tst:/resources/mixed_frame.html')")); + QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadAndAccess"))); } // Try opening a WebSocket from pages loaded over various URL schemes. diff --git a/tests/auto/widgets/origins/tst_origins.qrc b/tests/auto/widgets/origins/tst_origins.qrc index fbbbef139..410cdc8a7 100644 --- a/tests/auto/widgets/origins/tst_origins.qrc +++ b/tests/auto/widgets/origins/tst_origins.qrc @@ -3,9 +3,8 @@ <qresource> <file>resources/dedicatedWorker.html</file> <file>resources/dedicatedWorker.js</file> + <file>resources/mixed.html</file> <file>resources/mixed_frame.html</file> - <file>resources/mixed_qrc.html</file> - <file>resources/mixed_tst.html</file> <file>resources/serviceWorker.html</file> <file>resources/serviceWorker.js</file> <file>resources/sharedWorker.html</file> |