1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/logging.h"
6 #include "url/origin.h"
7 #include "testing/gtest/include/gtest/gtest.h"
12 TEST(OriginTest
, UniqueOriginComparison
) {
13 url::Origin unique_origin
;
14 EXPECT_EQ("", unique_origin
.scheme());
15 EXPECT_EQ("", unique_origin
.host());
16 EXPECT_EQ(0, unique_origin
.port());
17 EXPECT_TRUE(unique_origin
.unique());
18 EXPECT_FALSE(unique_origin
.IsSameOriginWith(unique_origin
));
20 const char* const urls
[] = {"data:text/html,Hello!",
21 "javascript:alert(1)",
22 "file://example.com:443/etc/passwd",
24 "http::///invalid.example.com/"};
26 for (const auto& test_url
: urls
) {
27 SCOPED_TRACE(test_url
);
29 url::Origin
origin(url
);
30 EXPECT_EQ("", origin
.scheme());
31 EXPECT_EQ("", origin
.host());
32 EXPECT_EQ(0, origin
.port());
33 EXPECT_TRUE(origin
.unique());
34 EXPECT_FALSE(origin
.IsSameOriginWith(origin
));
35 EXPECT_FALSE(unique_origin
.IsSameOriginWith(origin
));
36 EXPECT_FALSE(origin
.IsSameOriginWith(unique_origin
));
40 TEST(OriginTest
, ConstructFromGURL
) {
41 url::Origin
different_origin(GURL("https://not-in-the-list.test/"));
44 const char* const url
;
45 const char* const expected_scheme
;
46 const char* const expected_host
;
47 const uint16 expected_port
;
50 {"http://192.168.9.1/", "http", "192.168.9.1", 80},
51 {"http://[2001:db8::1]/", "http", "[2001:db8::1]", 80},
54 {"http://☃.net/", "http", "xn--n3h.net", 80},
55 {"blob:http://☃.net/", "http", "xn--n3h.net", 80},
58 {"http://example.com/", "http", "example.com", 80},
59 {"http://example.com:123/", "http", "example.com", 123},
60 {"https://example.com/", "https", "example.com", 443},
61 {"https://example.com:123/", "https", "example.com", 123},
62 {"http://user:pass@example.com/", "http", "example.com", 80},
63 {"http://example.com:123/?query", "http", "example.com", 123},
64 {"https://example.com/#1234", "https", "example.com", 443},
65 {"https://u:p@example.com:123/?query#1234", "https", "example.com", 123},
68 {"ftp://example.com/", "ftp", "example.com", 21},
69 {"gopher://example.com/", "gopher", "example.com", 70},
70 {"ws://example.com/", "ws", "example.com", 80},
71 {"wss://example.com/", "wss", "example.com", 443},
74 {"file:///etc/passwd", "file", "", 0},
75 {"file://example.com/etc/passwd", "file", "example.com", 0},
78 {"filesystem:http://example.com/type/", "http", "example.com", 80},
79 {"filesystem:http://example.com:123/type/", "http", "example.com", 123},
80 {"filesystem:https://example.com/type/", "https", "example.com", 443},
81 {"filesystem:https://example.com:123/type/", "https", "example.com", 123},
84 {"blob:http://example.com/guid-goes-here", "http", "example.com", 80},
85 {"blob:http://example.com:123/guid-goes-here", "http", "example.com", 123},
86 {"blob:https://example.com/guid-goes-here", "https", "example.com", 443},
87 {"blob:http://u:p@example.com/guid-goes-here", "http", "example.com", 80},
90 for (const auto& test_case
: cases
) {
91 SCOPED_TRACE(test_case
.url
);
92 GURL
url(test_case
.url
);
93 EXPECT_TRUE(url
.is_valid());
94 url::Origin
origin(url
);
95 EXPECT_EQ(test_case
.expected_scheme
, origin
.scheme());
96 EXPECT_EQ(test_case
.expected_host
, origin
.host());
97 EXPECT_EQ(test_case
.expected_port
, origin
.port());
98 EXPECT_FALSE(origin
.unique());
99 EXPECT_TRUE(origin
.IsSameOriginWith(origin
));
100 EXPECT_FALSE(different_origin
.IsSameOriginWith(origin
));
101 EXPECT_FALSE(origin
.IsSameOriginWith(different_origin
));
105 TEST(OriginTest
, Serialization
) {
107 const char* const url
;
108 const char* const expected
;
110 {"http://192.168.9.1/", "http://192.168.9.1"},
111 {"http://[2001:db8::1]/", "http://[2001:db8::1]"},
112 {"http://☃.net/", "http://xn--n3h.net"},
113 {"http://example.com/", "http://example.com"},
114 {"http://example.com:123/", "http://example.com:123"},
115 {"https://example.com/", "https://example.com"},
116 {"https://example.com:123/", "https://example.com:123"},
117 {"file:///etc/passwd", "file://"},
118 {"file://example.com/etc/passwd", "file://"},
121 for (const auto& test_case
: cases
) {
122 SCOPED_TRACE(test_case
.url
);
123 GURL
url(test_case
.url
);
124 EXPECT_TRUE(url
.is_valid());
125 url::Origin
origin(url
);
126 EXPECT_EQ(test_case
.expected
, origin
.Serialize());
128 // The '<<' operator should produce the same serialization as Serialize().
129 std::stringstream out
;
131 EXPECT_EQ(test_case
.expected
, out
.str());
135 TEST(OriginTest
, Comparison
) {
136 // These URLs are arranged in increasing order:
137 const char* const urls
[] = {
149 for (size_t i
= 0; i
< arraysize(urls
); i
++) {
150 GURL
current_url(urls
[i
]);
151 url::Origin
current(current_url
);
152 for (size_t j
= i
; j
< arraysize(urls
); j
++) {
153 GURL
compare_url(urls
[j
]);
154 url::Origin
to_compare(compare_url
);
155 EXPECT_EQ(i
< j
, current
< to_compare
) << i
<< " < " << j
;
156 EXPECT_EQ(j
< i
, to_compare
< current
) << j
<< " < " << i
;
161 TEST(OriginTest
, UnsafelyCreate
) {
167 {"http", "example.com", 80},
168 {"http", "example.com", 123},
169 {"https", "example.com", 443},
170 {"https", "example.com", 123},
172 {"file", "example.com", 0},
175 for (const auto& test
: cases
) {
176 SCOPED_TRACE(testing::Message() << test
.scheme
<< "://" << test
.host
<< ":"
178 url::Origin origin
= url::Origin::UnsafelyCreateOriginWithoutNormalization(
179 test
.scheme
, test
.host
, test
.port
);
180 EXPECT_EQ(test
.scheme
, origin
.scheme());
181 EXPECT_EQ(test
.host
, origin
.host());
182 EXPECT_EQ(test
.port
, origin
.port());
183 EXPECT_FALSE(origin
.unique());
184 EXPECT_TRUE(origin
.IsSameOriginWith(origin
));
188 TEST(OriginTest
, UnsafelyCreateUniqueOnInvalidInput
) {
193 } cases
[] = {{"", "", 0},
196 {"filesystem", "", 0},
197 {"data", "example.com", 80},
198 {"http", "☃.net", 80},
199 {"http\nmore", "example.com", 80},
200 {"http\rmore", "example.com", 80},
201 {"http\n", "example.com", 80},
202 {"http\r", "example.com", 80},
203 {"http", "example.com\nnot-example.com", 80},
204 {"http", "example.com\rnot-example.com", 80},
205 {"http", "example.com\n", 80},
206 {"http", "example.com\r", 80},
207 {"http", "example.com", 0},
210 for (const auto& test
: cases
) {
211 SCOPED_TRACE(testing::Message() << test
.scheme
<< "://" << test
.host
<< ":"
213 url::Origin origin
= url::Origin::UnsafelyCreateOriginWithoutNormalization(
214 test
.scheme
, test
.host
, test
.port
);
215 EXPECT_EQ("", origin
.scheme());
216 EXPECT_EQ("", origin
.host());
217 EXPECT_EQ(0, origin
.port());
218 EXPECT_TRUE(origin
.unique());
219 EXPECT_FALSE(origin
.IsSameOriginWith(origin
));
223 TEST(OriginTest
, UnsafelyCreateUniqueViaEmbeddedNulls
) {
226 size_t scheme_length
;
230 } cases
[] = {{"http\0more", 9, "example.com", 11, 80},
231 {"http\0", 5, "example.com", 11, 80},
232 {"\0http", 5, "example.com", 11, 80},
233 {"http", 4, "example.com\0not-example.com", 27, 80},
234 {"http", 4, "example.com\0", 12, 80},
235 {"http", 4, "\0example.com", 12, 80}};
237 for (const auto& test
: cases
) {
238 SCOPED_TRACE(testing::Message() << test
.scheme
<< "://" << test
.host
<< ":"
240 url::Origin origin
= url::Origin::UnsafelyCreateOriginWithoutNormalization(
241 std::string(test
.scheme
, test
.scheme_length
),
242 std::string(test
.host
, test
.host_length
), test
.port
);
243 EXPECT_EQ("", origin
.scheme());
244 EXPECT_EQ("", origin
.host());
245 EXPECT_EQ(0, origin
.port());
246 EXPECT_TRUE(origin
.unique());
247 EXPECT_FALSE(origin
.IsSameOriginWith(origin
));
