Add m-esr52 at 52.6.0

4 files changed, 139 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html
new file mode 100644
index 000000000..db29fd394
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html
@@ -0,0 +1,66 @@
+<!DOCTYPE HTML>
+<html>
+
+<head>
+    <title>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
+    <meta name=timeout content=long>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+
+<body onLoad="object_loaded()">
+    <h1>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
+    <div id="log"></div>
+
+    <script>
+        var relativeMediaURL = "/support/media/flash.swf";
+        var pageURL = window.location.toString();
+        var temp1 = pageURL.split("//");
+        var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/"));
+        var mediaURL = "http://www2." + temp2 + relativeMediaURL;
+        var htmlStr = "<object id='flashObject' type='application/x-shockwave-flash' data='" + mediaURL + "' width='200' height='200'></object>";
+        document.write(htmlStr);
+    </script>
+
+    <script>
+        var len = navigator.mimeTypes.length;
+        var allTypes = "";
+        var flashMimeType = "application/x-shockwave-flash";
+        for (var i = 0; i < len; i++) {
+            allTypes += navigator.mimeTypes[i].type;
+        }
+
+        var hasMimeType = allTypes.indexOf(flashMimeType) != -1;
+
+        <!-- The actual test. -->
+        var test1 = async_test("Async SWF load test")
+
+        function object_loaded() {
+            var elem = document.getElementById("flashObject");
+            var is_loaded = false;
+            try {
+                <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
+                var pct_loaded = elem.PercentLoaded();
+                is_loaded = true;
+            } catch (e) {}
+
+            if (hasMimeType) {
+                test1.step(function () {
+                    assert_false(is_loaded, "External object loaded.")
+                });
+                var s = document.createElement('script');
+                s.async = true;
+                s.defer = true;
+                s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
+                document.lastChild.appendChild(s);
+            } else {
+                test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
+                test1.phase = test1.phases.HAS_RESULT;
+            }
+            test1.done();
+        }
+    </script>
+
+</body>
+
+</html>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html.sub.headers b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html.sub.headers
new file mode 100644
index 000000000..83fe95d34
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: object-src-2_1={{$id:uuid()}}; Path=/content-security-policy/object-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; object-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html
new file mode 100644
index 000000000..a868834ac
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html
@@ -0,0 +1,61 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Objects loaded using src attribute of &lt;embed&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
+    <meta name=timeout content=long>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body onLoad="object_loaded()">
+    <h1>Objects loaded using src attribute of &lt;embed&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
+    <div id="log"></div>
+
+    <script>
+      var relativeMediaURL = "/support/media/flash.swf";
+      var pageURL = window.location.toString();
+      var temp1 = pageURL.split("//");
+      var temp2 = temp1[1].substring (0, temp1[1].lastIndexOf("/object-src/"));
+      var mediaURL = "http://www2." + temp2 + relativeMediaURL;
+      var htmlStr = "<embed id='flashObject' type='application/x-shockwave-flash' src='" + mediaURL + "' width='200' height='200'></object>";
+      document.write (htmlStr);
+    </script>
+
+    <script>
+      var len = navigator.mimeTypes.length;
+      var allTypes = "";
+      var flashMimeType = "application/x-shockwave-flash";
+      for ( var i=0;i<len;i++ ) {
+        allTypes+=navigator.mimeTypes[i].type;
+      }
+
+      var hasMimeType = allTypes.indexOf(flashMimeType) != -1;
+
+      <!-- The actual test. -->
+      var test1 = async_test("Async SWF load test")
+
+      function object_loaded() {
+        var elem = document.getElementById("flashObject");
+        var is_loaded = false;
+        try {
+          <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
+          var pct_loaded = elem.PercentLoaded();
+          is_loaded = true;
+        } catch (e) {}
+
+        if (hasMimeType) {
+          test1.step(function() {assert_false(is_loaded, "External object loaded.")});
+          var s = document.createElement('script');
+              s.async = true;
+              s.defer = true;
+              s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
+          document.lastChild.appendChild(s);
+        } else {
+          //test1.step(function() {});
+          test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
+          test1.phase = test1.phases.HAS_RESULT;
+        }
+        test1.done();
+      }
+    </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html.sub.headers b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html.sub.headers
new file mode 100644
index 000000000..0ee665ea3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: object-src-2_2={{$id:uuid()}}; Path=/content-security-policy/object-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; object-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}