diff options
author | Jüri Valdmann <juri.valdmann@qt.io> | 2018-09-12 17:08:18 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-09-29 18:46:59 +0000 |
commit | 774f8d3d8099286ee1202fb8b809b399b4632fb3 (patch) | |
tree | 056b8247806061119748aca8e50adeba2e55f8f3 /tests | |
parent | 033c0c3ffec807b86d6c08e5dc95ec541927c53d (diff) |
Add test for URL.createObjectURL on custom schemes
Works with registered custom schemes, does not work with unregistered ones. In
the latter case the function call is treated as a security violation and the
renderer process is killed.
Task-number: QTBUG-70420
Change-Id: I9c6fc0f02b44854bbceaffd1efbfe065dee61582
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/widgets/origins/resources/createObjectURL.html | 11 | ||||
-rw-r--r-- | tests/auto/widgets/origins/tst_origins.cpp | 18 | ||||
-rw-r--r-- | tests/auto/widgets/origins/tst_origins.qrc | 1 |
3 files changed, 30 insertions, 0 deletions
diff --git a/tests/auto/widgets/origins/resources/createObjectURL.html b/tests/auto/widgets/origins/resources/createObjectURL.html new file mode 100644 index 000000000..133f636bb --- /dev/null +++ b/tests/auto/widgets/origins/resources/createObjectURL.html @@ -0,0 +1,11 @@ +<!DOCTYPE html> +<html> + <head> + <title>createObjectURL</title> + <script> + const blob = new Blob(['foo']); + const result = URL.createObjectURL(blob); + </script> + </head> + <body></body> +</html> diff --git a/tests/auto/widgets/origins/tst_origins.cpp b/tests/auto/widgets/origins/tst_origins.cpp index 38b23f64e..a24791f6f 100644 --- a/tests/auto/widgets/origins/tst_origins.cpp +++ b/tests/auto/widgets/origins/tst_origins.cpp @@ -184,6 +184,7 @@ private Q_SLOTS: void sharedWorker(); void serviceWorker(); void viewSource(); + void createObjectURL(); private: bool load(const QUrl &url) @@ -682,5 +683,22 @@ void tst_Origins::viewSource() QCOMPARE(m_page->requestedUrl().toString(), QSL("pathsyntax-viewsourceallowed:/resources/viewSource.html")); } +void tst_Origins::createObjectURL() +{ + // Legal for registered custom schemes. + QVERIFY(load(QSL("qrc:/resources/createObjectURL.html"))); + QVERIFY(eval(QSL("result")).toString().startsWith(QSL("blob:qrc:"))); + + // Illegal for unregistered schemes (renderer gets terminated). + qRegisterMetaType<QWebEnginePage::RenderProcessTerminationStatus>("RenderProcessTerminationStatus"); + QSignalSpy loadFinishedSpy(m_page, &QWebEnginePage::loadFinished); + QSignalSpy renderProcessTerminatedSpy(m_page, &QWebEnginePage::renderProcessTerminated); + m_page->load(QSL("tst:/resources/createObjectURL.html")); + QVERIFY(!renderProcessTerminatedSpy.empty() || renderProcessTerminatedSpy.wait(20000)); + QVERIFY(renderProcessTerminatedSpy.front().value(0).value<QWebEnginePage::RenderProcessTerminationStatus>() + != QWebEnginePage::NormalTerminationStatus); + QVERIFY(loadFinishedSpy.empty()); +} + QTEST_MAIN(tst_Origins) #include "tst_origins.moc" diff --git a/tests/auto/widgets/origins/tst_origins.qrc b/tests/auto/widgets/origins/tst_origins.qrc index 438fd10ee..0b1fe2d31 100644 --- a/tests/auto/widgets/origins/tst_origins.qrc +++ b/tests/auto/widgets/origins/tst_origins.qrc @@ -1,6 +1,7 @@ <!DOCTYPE RCC> <RCC version="1.0"> <qresource> + <file>resources/createObjectURL.html</file> <file>resources/dedicatedWorker.html</file> <file>resources/dedicatedWorker.js</file> <file>resources/mixedSchemes.html</file> |