static void testWebContextSecurityFileXHR(WebViewTest* test, gconstpointer)
{
GUniquePtr<char> fileURL(g_strdup_printf("file://%s/simple.html", Test::getResourcesDir(Test::WebKit2Resources).data()));
test->loadURI(fileURL.get());
test->waitUntilLoadFinished();
GUniquePtr<char> jsonURL(g_strdup_printf("file://%s/simple.json", Test::getResourcesDir().data()));
GUniquePtr<char> xhr(g_strdup_printf("var xhr = new XMLHttpRequest; xhr.open(\"GET\", \"%s\"); xhr.send();", jsonURL.get()));
// By default file access is not allowed, this will fail with a cross-origin error.
GUniqueOutPtr<GError> error;
WebKitJavascriptResult* javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(!javascriptResult);
g_assert_error(error.get(), WEBKIT_JAVASCRIPT_ERROR, WEBKIT_JAVASCRIPT_ERROR_SCRIPT_FAILED);
// Allow file access from file URLs.
webkit_settings_set_allow_file_access_from_file_urls(webkit_web_view_get_settings(test->m_webView), TRUE);
test->loadURI(fileURL.get());
test->waitUntilLoadFinished();
javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
// It isn't still possible to load file from an HTTP URL.
test->loadURI(kServer->getURIForPath("/").data());
test->waitUntilLoadFinished();
javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(!javascriptResult);
g_assert_error(error.get(), WEBKIT_JAVASCRIPT_ERROR, WEBKIT_JAVASCRIPT_ERROR_SCRIPT_FAILED);
webkit_settings_set_allow_file_access_from_file_urls(webkit_web_view_get_settings(test->m_webView), FALSE);
}
static void testWebKitSettings(Test*, gconstpointer)
{
WebKitSettings* settings = webkit_settings_new();
// JavaScript is enabled by default.
g_assert(webkit_settings_get_enable_javascript(settings));
webkit_settings_set_enable_javascript(settings, FALSE);
g_assert(!webkit_settings_get_enable_javascript(settings));
// By default auto-load-image is true.
g_assert(webkit_settings_get_auto_load_images(settings));
webkit_settings_set_auto_load_images(settings, FALSE);
g_assert(!webkit_settings_get_auto_load_images(settings));
// load-icons-ignoring-image-load-setting is false by default.
g_assert(!webkit_settings_get_load_icons_ignoring_image_load_setting(settings));
webkit_settings_set_load_icons_ignoring_image_load_setting(settings, TRUE);
g_assert(webkit_settings_get_load_icons_ignoring_image_load_setting(settings));
// Offline application cache is true by default.
g_assert(webkit_settings_get_enable_offline_web_application_cache(settings));
webkit_settings_set_enable_offline_web_application_cache(settings, FALSE);
g_assert(!webkit_settings_get_enable_offline_web_application_cache(settings));
// Local storage is enable by default.
g_assert(webkit_settings_get_enable_html5_local_storage(settings));
webkit_settings_set_enable_html5_local_storage(settings, FALSE);
g_assert(!webkit_settings_get_enable_html5_local_storage(settings));
// HTML5 database is enabled by default.
g_assert(webkit_settings_get_enable_html5_database(settings));
webkit_settings_set_enable_html5_database(settings, FALSE);
g_assert(!webkit_settings_get_enable_html5_database(settings));
// XSS Auditor is enabled by default.
g_assert(webkit_settings_get_enable_xss_auditor(settings));
webkit_settings_set_enable_xss_auditor(settings, FALSE);
g_assert(!webkit_settings_get_enable_xss_auditor(settings));
// Frame flattening is disabled by default.
g_assert(!webkit_settings_get_enable_frame_flattening(settings));
webkit_settings_set_enable_frame_flattening(settings, TRUE);
g_assert(webkit_settings_get_enable_frame_flattening(settings));
// Plugins are enabled by default.
g_assert(webkit_settings_get_enable_plugins(settings));
webkit_settings_set_enable_plugins(settings, FALSE);
g_assert(!webkit_settings_get_enable_plugins(settings));
// Java is enabled by default.
g_assert(webkit_settings_get_enable_java(settings));
webkit_settings_set_enable_java(settings, FALSE);
g_assert(!webkit_settings_get_enable_java(settings));
// By default, JavaScript can open windows automatically is disabled.
g_assert(!webkit_settings_get_javascript_can_open_windows_automatically(settings));
webkit_settings_set_javascript_can_open_windows_automatically(settings, TRUE);
g_assert(webkit_settings_get_javascript_can_open_windows_automatically(settings));
// By default hyper link auditing is disabled.
g_assert(!webkit_settings_get_enable_hyperlink_auditing(settings));
webkit_settings_set_enable_hyperlink_auditing(settings, TRUE);
g_assert(webkit_settings_get_enable_hyperlink_auditing(settings));
// Default font family is "sans-serif".
g_assert_cmpstr(webkit_settings_get_default_font_family(settings), ==, "sans-serif");
webkit_settings_set_default_font_family(settings, "monospace");
g_assert_cmpstr(webkit_settings_get_default_font_family(settings), ==, "monospace");
// Default monospace font family font family is "monospace".
g_assert_cmpstr(webkit_settings_get_monospace_font_family(settings), ==, "monospace");
webkit_settings_set_monospace_font_family(settings, "sans-serif");
g_assert_cmpstr(webkit_settings_get_monospace_font_family(settings), ==, "sans-serif");
// Default serif font family is "serif".
g_assert_cmpstr(webkit_settings_get_serif_font_family(settings), ==, "serif");
webkit_settings_set_serif_font_family(settings, "sans-serif");
g_assert_cmpstr(webkit_settings_get_serif_font_family(settings), ==, "sans-serif");
// Default sans serif font family is "sans-serif".
g_assert_cmpstr(webkit_settings_get_sans_serif_font_family(settings), ==, "sans-serif");
webkit_settings_set_sans_serif_font_family(settings, "serif");
g_assert_cmpstr(webkit_settings_get_sans_serif_font_family(settings), ==, "serif");
// Default cursive font family "serif".
g_assert_cmpstr(webkit_settings_get_cursive_font_family(settings), ==, "serif");
webkit_settings_set_cursive_font_family(settings, "sans-serif");
g_assert_cmpstr(webkit_settings_get_cursive_font_family(settings), ==, "sans-serif");
// Default fantasy font family is "serif".
g_assert_cmpstr(webkit_settings_get_fantasy_font_family(settings), ==, "serif");
webkit_settings_set_fantasy_font_family(settings, "sans-serif");
g_assert_cmpstr(webkit_settings_get_fantasy_font_family(settings), ==, "sans-serif");
// Default pictograph font family is "serif".
g_assert_cmpstr(webkit_settings_get_pictograph_font_family(settings), ==, "serif");
webkit_settings_set_pictograph_font_family(settings, "sans-serif");
g_assert_cmpstr(webkit_settings_get_pictograph_font_family(settings), ==, "sans-serif");
// Default font size is 16.
g_assert_cmpuint(webkit_settings_get_default_font_size(settings), ==, 16);
webkit_settings_set_default_font_size(settings, 14);
g_assert_cmpuint(webkit_settings_get_default_font_size(settings), ==, 14);
// Default monospace font size is 13.
g_assert_cmpuint(webkit_settings_get_default_monospace_font_size(settings), ==, 13);
webkit_settings_set_default_monospace_font_size(settings, 10);
g_assert_cmpuint(webkit_settings_get_default_monospace_font_size(settings), ==, 10);
// Default minimum font size is 0.
g_assert_cmpuint(webkit_settings_get_minimum_font_size(settings), ==, 0);
webkit_settings_set_minimum_font_size(settings, 7);
g_assert_cmpuint(webkit_settings_get_minimum_font_size(settings), ==, 7);
// Default charset is "iso-8859-1".
g_assert_cmpstr(webkit_settings_get_default_charset(settings), ==, "iso-8859-1");
webkit_settings_set_default_charset(settings, "utf8");
g_assert_cmpstr(webkit_settings_get_default_charset(settings), ==, "utf8");
g_assert(!webkit_settings_get_enable_private_browsing(settings));
webkit_settings_set_enable_private_browsing(settings, TRUE);
g_assert(webkit_settings_get_enable_private_browsing(settings));
g_assert(!webkit_settings_get_enable_developer_extras(settings));
webkit_settings_set_enable_developer_extras(settings, TRUE);
g_assert(webkit_settings_get_enable_developer_extras(settings));
g_assert(webkit_settings_get_enable_resizable_text_areas(settings));
webkit_settings_set_enable_resizable_text_areas(settings, FALSE);
g_assert(!webkit_settings_get_enable_resizable_text_areas(settings));
g_assert(webkit_settings_get_enable_tabs_to_links(settings));
webkit_settings_set_enable_tabs_to_links(settings, FALSE);
g_assert(!webkit_settings_get_enable_tabs_to_links(settings));
g_assert(!webkit_settings_get_enable_dns_prefetching(settings));
webkit_settings_set_enable_dns_prefetching(settings, TRUE);
g_assert(webkit_settings_get_enable_dns_prefetching(settings));
// Caret browsing is disabled by default.
g_assert(!webkit_settings_get_enable_caret_browsing(settings));
webkit_settings_set_enable_caret_browsing(settings, TRUE);
g_assert(webkit_settings_get_enable_caret_browsing(settings));
// Fullscreen JavaScript API is enabled by default.
g_assert(webkit_settings_get_enable_fullscreen(settings));
webkit_settings_set_enable_fullscreen(settings, FALSE);
g_assert(!webkit_settings_get_enable_fullscreen(settings));
// Print backgrounds is enabled by default
g_assert(webkit_settings_get_print_backgrounds(settings));
webkit_settings_set_print_backgrounds(settings, FALSE);
g_assert(!webkit_settings_get_print_backgrounds(settings));
// WebAudio is disabled by default.
g_assert(!webkit_settings_get_enable_webaudio(settings));
webkit_settings_set_enable_webaudio(settings, TRUE);
g_assert(webkit_settings_get_enable_webaudio(settings));
// WebGL is disabled by default.
g_assert(!webkit_settings_get_enable_webgl(settings));
webkit_settings_set_enable_webgl(settings, TRUE);
g_assert(webkit_settings_get_enable_webgl(settings));
// Allow Modal Dialogs is disabled by default.
g_assert(!webkit_settings_get_allow_modal_dialogs(settings));
webkit_settings_set_allow_modal_dialogs(settings, TRUE);
g_assert(webkit_settings_get_allow_modal_dialogs(settings));
// Zoom text only is disabled by default.
g_assert(!webkit_settings_get_zoom_text_only(settings));
webkit_settings_set_zoom_text_only(settings, TRUE);
g_assert(webkit_settings_get_zoom_text_only(settings));
// By default, JavaScript cannot access the clipboard.
g_assert(!webkit_settings_get_javascript_can_access_clipboard(settings));
webkit_settings_set_javascript_can_access_clipboard(settings, TRUE);
g_assert(webkit_settings_get_javascript_can_access_clipboard(settings));
// By default, media playback doesn't require user gestures.
g_assert(!webkit_settings_get_media_playback_requires_user_gesture(settings));
webkit_settings_set_media_playback_requires_user_gesture(settings, TRUE);
g_assert(webkit_settings_get_media_playback_requires_user_gesture(settings));
// By default, inline media playback is allowed
g_assert(webkit_settings_get_media_playback_allows_inline(settings));
webkit_settings_set_media_playback_allows_inline(settings, FALSE);
g_assert(!webkit_settings_get_media_playback_allows_inline(settings));
// By default, debug indicators are disabled.
g_assert(!webkit_settings_get_draw_compositing_indicators(settings));
webkit_settings_set_draw_compositing_indicators(settings, TRUE);
g_assert(webkit_settings_get_draw_compositing_indicators(settings));
// By default, site specific quirks are enabled.
g_assert(webkit_settings_get_enable_site_specific_quirks(settings));
webkit_settings_set_enable_site_specific_quirks(settings, FALSE);
g_assert(!webkit_settings_get_enable_site_specific_quirks(settings));
// By default, page cache is enabled.
g_assert(webkit_settings_get_enable_page_cache(settings));
webkit_settings_set_enable_page_cache(settings, FALSE);
g_assert(!webkit_settings_get_enable_page_cache(settings));
// By default, smooth scrolling is disabled.
g_assert(!webkit_settings_get_enable_smooth_scrolling(settings));
webkit_settings_set_enable_smooth_scrolling(settings, TRUE);
g_assert(webkit_settings_get_enable_smooth_scrolling(settings));
// By default, accelerated 2D canvas is disabled.
g_assert(!webkit_settings_get_enable_accelerated_2d_canvas(settings));
webkit_settings_set_enable_accelerated_2d_canvas(settings, TRUE);
g_assert(webkit_settings_get_enable_accelerated_2d_canvas(settings));
// By default, writing of console messages to stdout is disabled.
g_assert(!webkit_settings_get_enable_write_console_messages_to_stdout(settings));
webkit_settings_set_enable_write_console_messages_to_stdout(settings, TRUE);
g_assert(webkit_settings_get_enable_write_console_messages_to_stdout(settings));
// MediaStream is disabled by default.
g_assert(!webkit_settings_get_enable_media_stream(settings));
webkit_settings_set_enable_media_stream(settings, TRUE);
g_assert(webkit_settings_get_enable_media_stream(settings));
// By default, SpatialNavigation is disabled
g_assert(!webkit_settings_get_enable_spatial_navigation(settings));
webkit_settings_set_enable_spatial_navigation(settings, TRUE);
g_assert(webkit_settings_get_enable_spatial_navigation(settings));
// MediaSource is disabled by default
g_assert(!webkit_settings_get_enable_mediasource(settings));
webkit_settings_set_enable_mediasource(settings, TRUE);
g_assert(webkit_settings_get_enable_mediasource(settings));
// File access from file URLs is not allowed by default.
g_assert(!webkit_settings_get_allow_file_access_from_file_urls(settings));
webkit_settings_set_allow_file_access_from_file_urls(settings, TRUE);
g_assert(webkit_settings_get_allow_file_access_from_file_urls(settings));
// Universal access from file URLs is not allowed by default.
g_assert(!webkit_settings_get_allow_universal_access_from_file_urls(settings));
webkit_settings_set_allow_universal_access_from_file_urls(settings, TRUE);
g_assert(webkit_settings_get_allow_universal_access_from_file_urls(settings));
g_object_unref(G_OBJECT(settings));
}
static void testWebContextSecurityFileXHR(WebViewTest* test, gconstpointer)
{
GUniquePtr<char> fileURL(g_strdup_printf("file://%s/simple.html", Test::getResourcesDir(Test::WebKit2Resources).data()));
test->loadURI(fileURL.get());
test->waitUntilLoadFinished();
GUniquePtr<char> jsonURL(g_strdup_printf("file://%s/simple.json", Test::getResourcesDir().data()));
GUniquePtr<char> xhr(g_strdup_printf("var xhr = new XMLHttpRequest; xhr.open(\"GET\", \"%s\"); xhr.send();", jsonURL.get()));
WebKitJavascriptResult* consoleMessage = nullptr;
webkit_user_content_manager_register_script_message_handler(test->m_userContentManager.get(), "console");
g_signal_connect(test->m_userContentManager.get(), "script-message-received::console", G_CALLBACK(consoleMessageReceivedCallback), &consoleMessage);
// By default file access is not allowed, this will show a console message with a cross-origin error.
GUniqueOutPtr<GError> error;
WebKitJavascriptResult* javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
g_assert(consoleMessage);
GUniquePtr<char> messageString(WebViewTest::javascriptResultToCString(consoleMessage));
GRefPtr<GVariant> variant = g_variant_parse(G_VARIANT_TYPE("(uusus)"), messageString.get(), nullptr, nullptr, nullptr);
g_assert(variant.get());
unsigned level;
const char* messageText;
g_variant_get(variant.get(), "(uu&su&s)", nullptr, &level, &messageText, nullptr, nullptr);
g_assert_cmpuint(level, ==, 3); // Console error message.
GUniquePtr<char> expectedErrorMessage(g_strdup_printf("XMLHttpRequest cannot load %s. Cross origin requests are only supported for HTTP.", jsonURL.get()));
g_assert_cmpstr(messageText, ==, expectedErrorMessage.get());
webkit_javascript_result_unref(consoleMessage);
consoleMessage = nullptr;
level = 0;
messageText = nullptr;
variant = nullptr;
// Allow file access from file URLs.
webkit_settings_set_allow_file_access_from_file_urls(webkit_web_view_get_settings(test->m_webView), TRUE);
test->loadURI(fileURL.get());
test->waitUntilLoadFinished();
javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
// It isn't still possible to load file from an HTTP URL.
test->loadURI(kServer->getURIForPath("/").data());
test->waitUntilLoadFinished();
javascriptResult = test->runJavaScriptAndWaitUntilFinished(xhr.get(), &error.outPtr());
g_assert(javascriptResult);
g_assert(!error);
g_assert(consoleMessage);
variant = g_variant_parse(G_VARIANT_TYPE("(uusus)"), messageString.get(), nullptr, nullptr, nullptr);
g_assert(variant.get());
g_variant_get(variant.get(), "(uu&su&s)", nullptr, &level, &messageText, nullptr, nullptr);
g_assert_cmpuint(level, ==, 3); // Console error message.
g_assert_cmpstr(messageText, ==, expectedErrorMessage.get());
webkit_javascript_result_unref(consoleMessage);
g_signal_handlers_disconnect_matched(test->m_userContentManager.get(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, &consoleMessage);
webkit_user_content_manager_unregister_script_message_handler(test->m_userContentManager.get(), "console");
webkit_settings_set_allow_file_access_from_file_urls(webkit_web_view_get_settings(test->m_webView), FALSE);
}
