chrome_frame/html_utils_unittest.cc - chromium/src - Git at Google

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "base/logging.h"
 #include "chrome_frame/html_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"

 namespace {

 TEST(HttpUtils, HasFrameBustingHeader) {
   // Simple negative cases.
   ASSERT_FALSE(http_utils::HasFrameBustingHeader(""));
   ASSERT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain"));
   // Explicit negative cases, test that we ignore case.
   ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL"));
   ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall"));
   ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL"));
   // Added space, ensure stripped out
   ASSERT_FALSE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: ALLOWALL "));
   // Added space with linefeed, ensure still stripped out
   ASSERT_FALSE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: ALLOWALL \r\n"));
   // Multiple identical headers, all of them allowing framing.
   ASSERT_FALSE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: ALLOWALL\r\n"
       "X-Frame-Options: ALLOWALL\r\n"
       "X-Frame-Options: ALLOWALL"));
   // Interleave with other headers.
   ASSERT_FALSE(http_utils::HasFrameBustingHeader(
       "Content-Type: text/plain\r\n"
       "X-Frame-Options: ALLOWALL\r\n"
       "Content-Length: 42"));

   // Simple positive cases.
   ASSERT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny"));
   ASSERT_TRUE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: SAMEorigin"));

   // Allowall entries do not override the denying entries, are
   // order-independent, and the deny entries can interleave with
   // other headers.
   ASSERT_TRUE(http_utils::HasFrameBustingHeader(
       "Content-Length: 42\r\n"
       "X-Frame-Options: ALLOWall\r\n"
       "X-Frame-Options: deny\r\n"));
   ASSERT_TRUE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: ALLOWall\r\n"
       "Content-Length: 42\r\n"
       "X-Frame-Options: SAMEORIGIN\r\n"));
   ASSERT_TRUE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: deny\r\n"
       "X-Frame-Options: ALLOWall\r\n"
       "Content-Length: 42\r\n"));
   ASSERT_TRUE(http_utils::HasFrameBustingHeader(
       "X-Frame-Options: SAMEORIGIN\r\n"
       "X-Frame-Options: ALLOWall\r\n"));
 }

 }  // namespace
	// Copyright (c) 2009 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "base/logging.h"
	#include "chrome_frame/html_utils.h"
	#include "testing/gtest/include/gtest/gtest.h"

	namespace {

	TEST(HttpUtils, HasFrameBustingHeader) {
	// Simple negative cases.
	ASSERT_FALSE(http_utils::HasFrameBustingHeader(""));
	ASSERT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain"));
	// Explicit negative cases, test that we ignore case.
	ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL"));
	ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall"));
	ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL"));
	// Added space, ensure stripped out
	ASSERT_FALSE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: ALLOWALL "));
	// Added space with linefeed, ensure still stripped out
	ASSERT_FALSE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: ALLOWALL \r\n"));
	// Multiple identical headers, all of them allowing framing.
	ASSERT_FALSE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: ALLOWALL\r\n"
	"X-Frame-Options: ALLOWALL\r\n"
	"X-Frame-Options: ALLOWALL"));
	// Interleave with other headers.
	ASSERT_FALSE(http_utils::HasFrameBustingHeader(
	"Content-Type: text/plain\r\n"
	"X-Frame-Options: ALLOWALL\r\n"
	"Content-Length: 42"));

	// Simple positive cases.
	ASSERT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny"));
	ASSERT_TRUE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: SAMEorigin"));

	// Allowall entries do not override the denying entries, are
	// order-independent, and the deny entries can interleave with
	// other headers.
	ASSERT_TRUE(http_utils::HasFrameBustingHeader(
	"Content-Length: 42\r\n"
	"X-Frame-Options: ALLOWall\r\n"
	"X-Frame-Options: deny\r\n"));
	ASSERT_TRUE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: ALLOWall\r\n"
	"Content-Length: 42\r\n"
	"X-Frame-Options: SAMEORIGIN\r\n"));
	ASSERT_TRUE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: deny\r\n"
	"X-Frame-Options: ALLOWall\r\n"
	"Content-Length: 42\r\n"));
	ASSERT_TRUE(http_utils::HasFrameBustingHeader(
	"X-Frame-Options: SAMEORIGIN\r\n"
	"X-Frame-Options: ALLOWall\r\n"));
	}

	} // namespace