summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_image_nonce.html
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-03-27 15:57:18 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-03-27 15:57:18 +0200
commitd990d8ab2cade6c928e8bbe56ae038d020cef599 (patch)
treec7561ae0f303cb0d4a7a7507178531b4852e4dea /dom/security/test/csp/test_image_nonce.html
parent0c36b27511c1fbca594f0426c493ef601fda3e4c (diff)
parent8d5ec757ece850fb7ad5c712868f305636e41177 (diff)
downloadUXP-d990d8ab2cade6c928e8bbe56ae038d020cef599.tar
UXP-d990d8ab2cade6c928e8bbe56ae038d020cef599.tar.gz
UXP-d990d8ab2cade6c928e8bbe56ae038d020cef599.tar.lz
UXP-d990d8ab2cade6c928e8bbe56ae038d020cef599.tar.xz
UXP-d990d8ab2cade6c928e8bbe56ae038d020cef599.zip
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into js_array_values_1
Diffstat (limited to 'dom/security/test/csp/test_image_nonce.html')
-rw-r--r--dom/security/test/csp/test_image_nonce.html60
1 files changed, 60 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_image_nonce.html b/dom/security/test/csp/test_image_nonce.html
new file mode 100644
index 000000000..ff6d636b6
--- /dev/null
+++ b/dom/security/test/csp/test_image_nonce.html
@@ -0,0 +1,60 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * We load three images: (a) with a matching nonce,
+ (b) with a non matching nonce,
+ * (c) with no nonce
+ * and make sure that all three images get blocked because
+ * "img-src nonce-bla" should not allow an image load, not
+ * even if the nonce matches*.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+var counter = 0;
+
+function finishTest() {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+}
+
+function checkResults(aResult) {
+ counter++;
+ if (aResult === "img-with-matching-nonce-blocked" ||
+ aResult === "img-with_non-matching-nonce-blocked" ||
+ aResult === "img-without-nonce-blocked") {
+ ok (true, "correct result for: " + aResult);
+ }
+ else {
+ ok(false, "unexpected result: " + aResult + "\n\n");
+ }
+ if (counter < 3) {
+ return;
+ }
+ finishTest();
+}
+
+// a postMessage handler that is used by sandboxed iframes without
+// 'allow-same-origin' to bubble up results back to this main page.
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ checkResults(event.data.result);
+}
+
+document.getElementById("testframe").src = "file_image_nonce.html";
+
+</script>
+</body>
+</html>