diff options
author | Warwick Allison <warwick.allison@nokia.com> | 2010-03-24 03:03:19 (GMT) |
---|---|---|
committer | Warwick Allison <warwick.allison@nokia.com> | 2010-03-24 03:03:19 (GMT) |
commit | 4d82dd604c4f6aedbf3ed0eabcf89d3dca3d0a88 (patch) | |
tree | d0dac934b956613d6bedefa79f90f6523b639c08 /tests/auto/declarative | |
parent | 838e4cc024f4589322d5279acd96e3ca4d00e1f5 (diff) | |
download | Qt-4d82dd604c4f6aedbf3ed0eabcf89d3dca3d0a88.zip Qt-4d82dd604c4f6aedbf3ed0eabcf89d3dca3d0a88.tar.gz Qt-4d82dd604c4f6aedbf3ed0eabcf89d3dca3d0a88.tar.bz2 |
Origin safety testing for imported resources.
Extends upon 95aa8c8fc76e2309a629b05994a2677b0887140b.
Still under discussion.
Diffstat (limited to 'tests/auto/declarative')
-rw-r--r-- | tests/auto/declarative/qdeclarativelanguage/tst_qdeclarativelanguage.cpp | 43 | ||||
-rw-r--r-- | tests/auto/declarative/qdeclarativeloader/tst_qdeclarativeloader.cpp | 2 |
2 files changed, 43 insertions, 2 deletions
diff --git a/tests/auto/declarative/qdeclarativelanguage/tst_qdeclarativelanguage.cpp b/tests/auto/declarative/qdeclarativelanguage/tst_qdeclarativelanguage.cpp index 72b6b28..b6bd3f8 100644 --- a/tests/auto/declarative/qdeclarativelanguage/tst_qdeclarativelanguage.cpp +++ b/tests/auto/declarative/qdeclarativelanguage/tst_qdeclarativelanguage.cpp @@ -53,6 +53,19 @@ #include "../../../shared/util.h" +class SafeLocalhostDeclarativeEngine : public QDeclarativeEngine { +public: + SafeLocalhostDeclarativeEngine() : QDeclarativeEngine() {} + + virtual bool isSafeOrigin(const QUrl& to_url, const QUrl& from_url) const + { + if (to_url.host() == "127.0.0.1") + return true; + else + return QDeclarativeEngine::isSafeOrigin(to_url,from_url); + } +}; + /* This test case covers QML language issues. This covers everything that does not involve evaluating ECMAScript expressions and bindings. @@ -121,6 +134,7 @@ private slots: void importsLocal(); void importsRemote_data(); void importsRemote(); + void importsUnsafe(); void importsInstalled_data(); void importsInstalled(); void importsOrder_data(); @@ -135,7 +149,7 @@ private slots: void crash2(); private: - QDeclarativeEngine engine; + SafeLocalhostDeclarativeEngine engine; void testType(const QString& qml, const QString& type); }; @@ -1262,6 +1276,33 @@ void tst_qdeclarativelanguage::importsRemote() testType(qml,type); } +void tst_qdeclarativelanguage::importsUnsafe() +{ + TestHTTPServer server(14445); + server.serveDirectory(SRCDIR); + + QString qml = "import \"http://127.0.0.1:14445/qtest/declarative/qmllanguage\"\n\nTest {}"; + + { + QDeclarativeEngine engine; // plain engine without special localhost handling + QDeclarativeComponent component(&engine); + component.setData(qml.toUtf8(), TEST_FILE("empty.qml")); // just a file for relative local imports + + QTRY_VERIFY(!component.isLoading()); + + QVERIFY(component.isError()); + } + + { + QDeclarativeComponent component(&engine); // engine special localhost handling + component.setData(qml.toUtf8(), TEST_FILE("empty.qml")); // just a file for relative local imports + + QTRY_VERIFY(!component.isLoading()); + + QVERIFY(!component.isError()); + } +} + void tst_qdeclarativelanguage::importsInstalled_data() { // QT-610 diff --git a/tests/auto/declarative/qdeclarativeloader/tst_qdeclarativeloader.cpp b/tests/auto/declarative/qdeclarativeloader/tst_qdeclarativeloader.cpp index 0deac3a..f27c1ce 100644 --- a/tests/auto/declarative/qdeclarativeloader/tst_qdeclarativeloader.cpp +++ b/tests/auto/declarative/qdeclarativeloader/tst_qdeclarativeloader.cpp @@ -491,7 +491,7 @@ void tst_QDeclarativeLoader::networkSafety_data() QTest::addColumn<QString>("message"); QTest::newRow("same origin") << QUrl("http://127.0.0.1:14445/sameorigin.qml") << QString(); - QTest::newRow("different origin") << QUrl("http://127.0.0.1:14445/differentorigin.qml") << QString(" QUrl( \"http://evil.place/evil.qml\" ) is not a safe origin from QUrl( \"http://127.0.0.1:14445/differentorigin.qml\" ) "); + QTest::newRow("different origin") << QUrl("http://127.0.0.1:14445/differentorigin.qml") << QString("QML Loader (http://127.0.0.1:14445/differentorigin.qml:3:1) \"http://evil.place/evil.qml\" is not a safe origin from \"http://127.0.0.1:14445/differentorigin.qml\""); } void tst_QDeclarativeLoader::networkSafety() |