diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/blink-contrib')
220 files changed, 0 insertions, 3691 deletions
diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html deleted file mode 100644 index 912a29e0b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html +++ /dev/null @@ -1,36 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>blob-urls-do-not-match-self</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline'; connect-src 'self'; child-src 'self'; ---> -</head> - -<body> - <p> - blob: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content. - </p> - <script> - function fail() { - alert_assert("FAIL!"); - } - var b = new Blob(['fail();'], { - type: 'application/javascript' - }); - var script = document.createElement('script'); - script.src = URL.createObjectURL(b); - document.body.appendChild(script); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'%20'unsafe-inline'%20''"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html.sub.headers deleted file mode 100644 index cbfc8d4e4..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: blob-urls-do-not-match-self={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; child-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html deleted file mode 100644 index 819c1a699..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html +++ /dev/null @@ -1,36 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>blob-urls-match-blob</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS (1/1)"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' blob:; connect-src 'self'; ---> -</head> - -<body> - <p> - blob: URLs are same-origin with the page in which they were created, but match only if the blob: scheme is specified. - </p> - <script> - function pass() { - log("PASS (1/1)"); - } - var b = new Blob(['pass();'], { - type: 'application/javascript' - }); - var script = document.createElement('script'); - script.src = URL.createObjectURL(b); - document.body.appendChild(script); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html.sub.headers deleted file mode 100644 index be74e61a7..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: blob-urls-match-blob={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' blob:; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/combine-header-and-meta-policies.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/combine-header-and-meta-policies.sub.html deleted file mode 100644 index 66b86f195..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/combine-header-and-meta-policies.sub.html +++ /dev/null @@ -1,51 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> - <title>combine-header-and-meta-policies</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing multiple policies: -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self' -Content-Security-Policy: img-src 'none' ---> -</head> - -<body> -<p>Test passes if both style and image are blocked and a report is generated for the - style block from the header-supplied policy.</p> - - <script> - var img = document.createElement('img'); - img.src = '../support/fail.png'; - img.onerror = function() { - log("TEST COMPLETE"); - }; - img.onload = function() { - log("FAIL"); - }; - document.body.appendChild(img); - - </script> - <style> - body { - background-color: blue; - } - - </style> - <script> - var el = document.querySelector('body'); - test(function() { - assert_equals(window.getComputedStyle(el).color, "rgb(0, 0, 0)") - }); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/combine-header-and-meta-policies.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/combine-header-and-meta-policies.sub.html.sub.headers deleted file mode 100644 index b1f0e7f01..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/combine-header-and-meta-policies.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: combine-header-and-meta-policies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/combine-multiple-header-policies.html.asis b/testing/web-platform/tests/content-security-policy/blink-contrib/combine-multiple-header-policies.html.asis deleted file mode 100644 index a14be5cd9..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/combine-multiple-header-policies.html.asis +++ /dev/null @@ -1,60 +0,0 @@ -HTTP/1.1 200 OK -Content-Type: text/html -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: combine-multiple-policies=d0140e7d-3800-4842-b66d-370840a4569a; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID=d0140e7d-3800-4842-b66d-370840a4569a -Content-Security-Policy: img-src 'none' - -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> - <title>combine-multiple-policies</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing multiple policies: -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; styls-src 'self' -Content-Security-Policy: img-src 'none' ---> -</head> - -<body> - This test checks that we enforce all the supplied policies. This test passe if it doesn't alert fail and if the style doesn't apply. - Check that a SecurityPolicyViolationEvent is fired upon blocking an image. - <script> - var img = document.createElement('img'); - img.src = '../support/fail.png'; - img.onerror = function() { - log("TEST COMPLETE"); - }; - img.onload = function() { - log("FAIL"); - }; - document.body.appendChild(img); - - </script> - <style> - body { - background-color: blue; - } - - </style> - <script> - var el = document.querySelector('body'); - test(function() { - assert_equals(window.getComputedStyle(el).color, "rgb(0, 0, 0)") - }); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html deleted file mode 100644 index 2beb00d02..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html +++ /dev/null @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-beacon-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - if (typeof navigator.sendBeacon != 'function') { - t_log.set_status(t_log.NOTRUN, "No navigator.sendBeacon, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - try { - var es = navigator.sendBeacon("http://{{host}}:{{ports[http][0]}}/cors/resources/status.py"); - log("Pass"); - } catch (e) { - log("Fail"); - } - var report = document.createElement("script"); - report.src = "../support/checkReport.sub.js?reportExists=false"; - report.async = true; - report.defer = true; - document.body.appendChild(report); - - } - - </script> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html.sub.headers deleted file mode 100644 index bd3eda40a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-beacon-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html deleted file mode 100644 index f68d3c384..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html +++ /dev/null @@ -1,40 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-beacon-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - if (typeof navigator.sendBeacon != 'function') { - t_log.set_status(t_log.NOTRUN, "No navigator.sendBeacon, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - try { - var es = navigator.sendBeacon("http://www1.{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/echo-report.php"); - log("Pass"); - } catch (e) { - log("Fail"); - } - var report = document.createElement("script"); - report.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"; - report.async = true; - report.defer = true; - document.body.appendChild(report); - } - - </script> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html.sub.headers deleted file mode 100644 index 69ded8da7..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-beacon-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html deleted file mode 100644 index 3d03100e3..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html +++ /dev/null @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-beacon-redirect-to-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; ---> - <script></script> -</head> - -<body> - <p>The beacon should not follow the redirect to http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png and send a CSP violation report.</p> - <p>Verify that a CSP connect-src directive blocks redirects.</p> - <script> - if (typeof navigator.sendBeacon != 'function') { - var t = async_test(); - t.set_status(t.NOTRUN, "No navigator.sendBeacon, cannot run test."); - t.phase = t.phases.HAS_RESULT; - t.done(); - } else { - navigator.sendBeacon( - "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", - "ping"); - var report = document.createElement("script"); - report.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"; - report.async = true; - report.defer = true; - document.body.appendChild(report); - } - - </script> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html.sub.headers deleted file mode 100644 index 2c69d0dc8..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-beacon-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html deleted file mode 100644 index b3a65f1c1..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html +++ /dev/null @@ -1,30 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-eventsource-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - try { - var es = new EventSource("http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream"); - log("Pass"); - } catch (e) { - log("Fail"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html.sub.headers deleted file mode 100644 index eff5c546a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-eventsource-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html deleted file mode 100644 index 5be570c46..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html +++ /dev/null @@ -1,40 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-eventsource-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - try { - var es = new EventSource("http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream"); - // Firefox doesn't throw an exception and takes some time to close async - if (es.readyState == EventSource.CONNECTING) { - setTimeout( function() { - es.readyState != EventSource.CLOSED ? log("Fail") : log("Pass"); - }, 2); - } else if (es.readyState == EventSource.CLOSED) { - log("Pass"); - } else { - log("Fail"); - } - - } catch (e) { - log("Pass"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html.sub.headers deleted file mode 100644 index ac37816a4..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-eventsource-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html deleted file mode 100644 index a3ba4bad0..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html +++ /dev/null @@ -1,39 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-eventsource-redirect-to-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS EventSource() did not follow the disallowed redirect.","TEST COMPLETE"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; ---> - <script></script> -</head> - -<body> - <script> - var es; - try { - es = new EventSource("/common/redirect.py?location= http://www.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream"); - } catch (e) { - log("FAIL " + "EventSource() should not throw an exception."); - } - es.onload = function() { - log("FAIL " + "EventSource() should fail to follow the disallowed redirect."); - log("TEST COMPLETE"); - }; - es.onerror = function() { - log("PASS " + "EventSource() did not follow the disallowed redirect."); - log("TEST COMPLETE"); - }; - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'/security/contentSecurityPolicy/resources/redir.php"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html.sub.headers deleted file mode 100644 index c63c8a9de..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-eventsource-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/resources/redir.php; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html deleted file mode 100644 index 4e8499bd4..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html +++ /dev/null @@ -1,30 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-websocket-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - try { - var ws = new WebSocket("ws://127.0.0.1:8880/echo"); - log("Pass"); - } catch (e) { - log("Fail"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html.sub.headers deleted file mode 100644 index 707435174..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-websocket-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html deleted file mode 100644 index 68f86dec6..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html +++ /dev/null @@ -1,30 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-websocket-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - try { - var ws = new WebSocket("ws://localhost:8880/echo"); - log("Fail"); - } catch (e) { - log("Pass"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20ws://127.0.0.1:8880"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html.sub.headers deleted file mode 100644 index 69036f5bd..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-websocket-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html deleted file mode 100644 index a2ad12186..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html +++ /dev/null @@ -1,31 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-xmlhttprequest-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - try { - var xhr = new XMLHttpRequest; - xhr.open("GET", "http://{{host}}:{{ports[http][0]}}/xmlhttprequest/resources/get.txt", true); - log("Pass"); - } catch (e) { - log("Fail"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html.sub.headers deleted file mode 100644 index dbabcad7a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-xmlhttprequest-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html deleted file mode 100644 index 014bb21ae..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html +++ /dev/null @@ -1,37 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-xmlhttprequest-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["Pass"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; ---> -</head> - -<body> - <script> - try { - var xhr = new XMLHttpRequest; - xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", true); - xhr.send(); - xhr.onload = function() { - log("Fail"); - } - xhr.onerror = function() { - log("Pass"); - } - } catch (e) { - log("Pass"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html.sub.headers deleted file mode 100644 index d338034cf..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-xmlhttprequest-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html deleted file mode 100644 index 6fc0769b6..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html +++ /dev/null @@ -1,45 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>connect-src-xmlhttprequest-redirect-to-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; ---> - <script id="inject_here"></script> -</head> - -<body> - <script> - var xhr = new XMLHttpRequest; - try { - xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); - } catch (e) { - log("FAIL " + "XMLHttpRequest.open() should not throw an exception."); - } - xhr.onload = function() { - //cons/**/ole.log(xhr.responseText); - if(xhr.responseText == "FAIL") { - log("FAIL " + "XMLHttpRequest.send() should fail to follow the disallowed redirect."); - } else { - log("PASS " + "XMLHttpRequest.send() did not follow the disallowed redirect."); - } - log("TEST COMPLETE"); - }; - xhr.onerror = function() { - log("PASS " + "XMLHttpRequest.send() did not follow the disallowed redirect."); - log("TEST COMPLETE"); - }; - xhr.send(); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'/security/contentSecurityPolicy/resources/redir.php"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.sub.headers deleted file mode 100644 index 452104ecd..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: connect-src-xmlhttprequest-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html deleted file mode 100644 index f5859087a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html +++ /dev/null @@ -1,26 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>default-src-inline-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> - <!-- enforcing policy: -default-src 'self' about: 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body onload="alert_assert('PASS 2 of 2')"> - <script> - alert_assert('PASS 1 of 2'); - - </script> - <!--iframe src="javascript:alert_assert('PASS 2 of 3')"></iframe--> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html.sub.headers deleted file mode 100644 index f223f0661..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: default-src-inline-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: default-src 'self' about: 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html deleted file mode 100644 index ad66a9d1f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html +++ /dev/null @@ -1,27 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>default-src-inline-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <!-- enforcing policy: -default-src 'self'; connect-src 'self'; ---> -</head> - -<body> - This test passes if the inline scripts don't create failing tests and a CSP report is sent. - <script> - test(function() { - assert_unreached('FAIL inline script ran') - }); - - </script> - <script src="resources/document-write-alert-fail.js"></script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=default-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html.sub.headers deleted file mode 100644 index 63ea706f9..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: default-src-inline-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: default-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/duplicate-directive.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/duplicate-directive.sub.html deleted file mode 100644 index 4336b729b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/duplicate-directive.sub.html +++ /dev/null @@ -1,29 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>duplicate-directive</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS (1/1)"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline'; script-src 'none'; connect-src 'self'; ---> - - <script> - alert_assert('PASS (1/1)'); - - </script> -</head> - -<body> - <p> - This tests the effect of duplicated directives. It passes if the alert_assert() is executed. - </p> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/duplicate-directive.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/duplicate-directive.sub.html.sub.headers deleted file mode 100644 index eefd7197f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/duplicate-directive.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: duplicate-directive={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; script-src 'none'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-allowed.sub.html deleted file mode 100644 index 88da806a8..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-allowed.sub.html +++ /dev/null @@ -1,29 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS (1 of 2)","PASS (2 of 2)"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; ---> -</head> - -<body> - <script> - eval("alert_assert('PASS (1 of 2)')"); - - </script> - <script> - window.eval("alert_assert('PASS (2 of 2)')"); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-allowed.sub.html.sub.headers deleted file mode 100644 index 6bf55a116..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html deleted file mode 100644 index 599b01c31..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html +++ /dev/null @@ -1,29 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-blocked-and-sends-report</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS: eval() blocked."]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'self'; report-uri resources/save-report.php?test=eval-blocked-and-sends-report.html; connect-src 'self'; ---> -</head> - -<body> - <script> - try { - eval("alert_assert('FAIL')"); - } catch (e) { - log('PASS: eval() blocked.'); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'%20'unsafe-inline'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html.sub.headers deleted file mode 100644 index f197e41de..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-blocked-and-sends-report={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html deleted file mode 100644 index 449f9d192..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html +++ /dev/null @@ -1,10 +0,0 @@ - -<iframe src="about:blank"></iframe> -Eval should be blocked in the iframe, but inline script should be allowed. -<script> - window.onload = function() { - frames[0].log("<script>alert_assert(/PASS/); eval('alert_assert(/FAIL/);');<\/script>"); - frames[0].document.close(); - } - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html.sub.headers deleted file mode 100644 index 224f25ba7..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-blocked-in-about-blank-iframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked.sub.html deleted file mode 100644 index 229667e7d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked.sub.html +++ /dev/null @@ -1,37 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS EvalError","PASS EvalError"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <script> - try { - eval("alert_assert('FAIL (1 of 2)')"); - } catch (e) { - log("PASS EvalError"); - } - - </script> - <script> - try { - window.eval("alert_assert('FAIL (1 of 2)')"); - } catch (e) { - log("PASS EvalError"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'unsafe-inline'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked.sub.html.sub.headers deleted file mode 100644 index 124f56bfa..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html deleted file mode 100644 index 66fa95d31..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html +++ /dev/null @@ -1,31 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-scripts-setInterval-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; ---> -</head> -<pre> -<script> - { -} -var id_string = setInterval("clearInterval(id_string); alert_assert('PASS 1 of 2')", 0); -if (id_string == 0) - log('FAIL: Return value for string (should not be 0): ' + id_string); -var id_function = setInterval(function() { - clearInterval(id_function); - alert_assert('PASS 2 of 2'); -}, 0); -if (id_function == 0) - document.write('FAIL: Return value for function (should not be 0): ' + id_function); -</script> -</pre> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html.sub.headers deleted file mode 100644 index f13ba4c64..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-scripts-setInterval-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html deleted file mode 100644 index 45d873c80..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html +++ /dev/null @@ -1,31 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-scripts-setInterval-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> -<pre> -<script> - { -} -var id = setInterval("alert_assert('FAIL')", 0); -if (id != 0) - log('FAIL: Return value for string (should be 0): ' + id); -var id = setInterval(function() { - clearInterval(id); - alert_assert('PASS'); -}, 0); -if (id == 0) - document.write('FAIL: Return value for function (should not be 0): ' + id); -</script> -</pre> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html.sub.headers deleted file mode 100644 index 1bd6b636d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-scripts-setInterval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html deleted file mode 100644 index 9b2e595e5..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html +++ /dev/null @@ -1,30 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-scripts-setTimeout-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; ---> -</head> -<pre> -<script> - { -} -var id = setTimeout("alert_assert('PASS 1 of 2')", 0); -if (id == 0) - log('FAIL: Return value for string (should not be 0): ' + id); -var id = setTimeout(function() { - alert_assert('PASS 2 of 2'); -}, 0); -if (id == 0) - document.write('FAIL: Return value for function (should not be 0): ' + id); -</script> -</pre> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html.sub.headers deleted file mode 100644 index 4d664d600..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-scripts-setTimeout-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html deleted file mode 100644 index 72ed2ce1a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html +++ /dev/null @@ -1,30 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>eval-scripts-setTimeout-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> -<pre> -<script> - { -} -var id = setTimeout("alert_assert('FAIL')", 0); -if (id != 0) - log('FAIL: Return value for string (should be 0): ' + id); -var id = setTimeout(function() { - alert_assert('PASS'); -}, 0); -if (id == 0) - document.write('FAIL: Return value for function (should not be 0): ' + id); -</script> -</pre> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html.sub.headers deleted file mode 100644 index 81537fe3e..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: eval-scripts-setTimeout-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html deleted file mode 100644 index f9e814a1e..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html +++ /dev/null @@ -1,62 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>filesystem-urls-do-not-match-self</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; ---> -</head> - -<body> - <p> - filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content.. - </p> - <script> - if(!window.webkitRequestFileSystem) { - t_log = async_test(); - t_log.set_status(t_log.NOTRUN, "No filesystem:// support, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - function fail() { - alert_assert("FAIL!"); - } - window.webkitRequestFileSystem( - TEMPORARY, 1024 * 1024 /*1MB*/ , function(fs) { - fs.root.getFile('fail.js', { - create: true - }, function(fileEntry) { - fileEntry.createWriter(function(fileWriter) { - fileWriter.onwriteend = function(e) { - var script = document.createElement('script'); - script.src = fileEntry.toURL('application/javascript'); - document.body.appendChild(script); - }; - // Create a new Blob and write it to pass.js. - var b = new Blob(['fail();'], { - type: 'application/javascript' - }); - fileWriter.write(b); - }); - }); - }); - var s = document.createElement('script'); - s.async = true; - s.defer = true; - s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'%20'unsafe-inline'%20'*'" - document.lastChild.appendChild(s); - } - - - </script> - <div id="log"></div> - -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html.sub.headers deleted file mode 100644 index a68e2a3df..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: filesystem-urls-do-not-match-self={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html deleted file mode 100644 index 99e8592e5..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html +++ /dev/null @@ -1,59 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>filesystem-urls-match-filesystem</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS (1/1)"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline' 'self'; connect-src 'self'; ---> -</head> - -<body> - <p> - filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content, but should match filesystem: source. - </p> - <script> - if(!window.webkitRequestFileSystem) { - t_log.set_status(t_log.NOTRUN, "No filesystem:// support, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - function pass() { - log("PASS (1/1)"); - } - window.webkitRequestFileSystem( - TEMPORARY, 1024 * 1024 /*1MB*/ , function(fs) { - fs.root.getFile('pass.js', { - create: true - }, function(fileEntry) { - fileEntry.createWriter(function(fileWriter) { - fileWriter.onwriteend = function(e) { - var script = document.createElement('script'); - script.src = fileEntry.toURL('application/javascript'); - document.body.appendChild(script); - }; - // Create a new Blob and write it to pass.js. - var b = new Blob(['pass();'], { - type: 'application/javascript' - }); - fileWriter.write(b); - }); - }); - }); - var s = document.createElement('script'); - s.async = true; - s.defer = true; - s.src = "../support/checkReport.sub.js?reportExists=false" - document.lastChild.appendChild(s); - } - - </script> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html.sub.headers deleted file mode 100644 index f9956ede8..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: filesystem-urls-match-filesystem={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' filesystem:; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html deleted file mode 100644 index a363ce911..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html +++ /dev/null @@ -1,24 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>frame-src-about-blank-allowed-by-default</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - - <!-- enforcing policy: -frame-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <p>These frames should not be blocked by Content-Security-Policy. - It's pointless to block about:blank iframes because - blocking a frame just results in displaying about:blank anyway! - </p> - <iframe src="about:blank"></iframe> - <object type="text/html" data="about:blank"></object> - - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html.sub.headers deleted file mode 100644 index ba1169956..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: frame-src-about-blank-allowed-by-default={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: frame-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html deleted file mode 100644 index e4c47392c..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html +++ /dev/null @@ -1,20 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>frame-src-about-blank-allowed-by-scheme</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - - <!-- enforcing policy: -frame-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <p>This frame should not be blocked by Content-Security-Policy. - </p> - <iframe src="about:blank"></iframe> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html.sub.headers deleted file mode 100644 index e23b82a93..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: frame-src-about-blank-allowed-by-scheme={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: frame-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html deleted file mode 100644 index 1d34679c8..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html +++ /dev/null @@ -1,63 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <title>frame-src-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event."]'></script> - <script> - window.addEventListener("message", function(event) { - alert_assert(event.data); - }, false); - - var t_alert = async_test('Expecting alerts: ["PASS"]'); - var expected_alerts = ["PASS"]; - - function alert_assert(msg) { - t_alert.step(function() { - if (msg.match(/^FAIL/i)) { - assert_unreached(msg); - t_alert.done(); - } - for (var i = 0; i < expected_alerts.length; i++) { - if (expected_alerts[i] == msg) { - assert_true(expected_alerts[i] == msg); - expected_alerts.splice(i, 1); - if (expected_alerts.length == 0) { - t_alert.done(); - } - return; - } - } - assert_unreached('unexpected alert: ' + msg); - t_log.done(); - }); - } - - </script> - <!-- enforcing policy: -Content-Security-Policy: frame-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <p> - This iframe should be allowed. - </p> - <script> - window.wasPostTestScriptParsed = true; - var loads = 0; - - function loadEvent() { - loads++; - log("PASS " + "IFrame #" + loads + " generated a load event."); - } - - </script> -</head> - -<body> - <iframe src="/content-security-policy/blink-contrib/resources/postmessage-pass.html" onload="loadEvent()"></iframe> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html.sub.headers deleted file mode 100644 index 05247b402..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: frame-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: frame-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html deleted file mode 100644 index fe7555aeb..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html +++ /dev/null @@ -1,61 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>frame-src-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event."]'></script> - <script> - window.addEventListener("message", function(event) { - alert_assert(event.data); - }, false); - - function alert_assert(msg) { - t_alert.step(function() { - if (msg.match(/^FAIL/i)) { - assert_unreached(msg); - t_alert.done(); - } - for (var i = 0; i < expected_alerts.length; i++) { - if (expected_alerts[i] == msg) { - assert_true(expected_alerts[i] == msg); - expected_alerts.splice(i, 1); - if (expected_alerts.length == 0) { - t_alert.done(); - } - return; - } - } - assert_unreached('unexpected alert: ' + msg); - t_log.done(); - }); - } - - </script> - <!-- enforcing policy: -frame-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <p> - IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. - </p> - <script> - window.wasPostTestScriptParsed = true; - var loads = 0; - - function loadEvent() { - loads++; - log("PASS " + "IFrame #" + loads + " generated a load event."); - } - - </script> -</head> - -<body> - <iframe src="/content-security-policy/blink-contrib/resources/postmessage-fail.html" onload="loadEvent()" onerror="log('FAIL')"></iframe> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=frame-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html.sub.headers deleted file mode 100644 index bd0e6d17f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: frame-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: frame-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html deleted file mode 100644 index 5238e7c0f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html +++ /dev/null @@ -1,66 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>frame-src-cross-origin-load</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.","PASS IFrame %232 generated a load event.","PASS IFrame %233 generated a load event."]'></script> - <script> - window.addEventListener("message", function(event) { - alert_assert(event.data); - }, false); - - var t_alert = async_test('Expecting alerts: ["PASS","PASS"]'); - var expected_alerts = ["PASS", "PASS"]; - - function alert_assert(msg) { - t_alert.step(function() { - if (msg.match(/^FAIL/i)) { - assert_unreached(msg); - t_alert.done(); - } - for (var i = 0; i < expected_alerts.length; i++) { - if (expected_alerts[i] == msg) { - assert_true(expected_alerts[i] == msg); - expected_alerts.splice(i, 1); - if (expected_alerts.length == 0) { - t_alert.done(); - } - return; - } - } - assert_unreached('unexpected alert: ' + msg); - t_alert.done(); - }); - } - - </script> - <!-- enforcing policy: -frame-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <p> - IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. - </p> - <script> - window.wasPostTestScriptParsed = true; - var loads = 0; - - function loadEvent() { - loads++; - log("PASS " + "IFrame #" + loads + " generated a load event."); - } - - </script> -</head> - -<body> - <iframe src="resources/postmessage-pass.html" onload="loadEvent()"></iframe> - <iframe src="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/postmessage-pass.html" onload="loadEvent()"></iframe> - <iframe src="http://www2.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/postmessage-fail.html" onload="loadEvent()" onerror="log('FAIL')"></iframe> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=frame-src%20'self'http://www1.{{host}}:{{ports[http][0]}}"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html.sub.headers deleted file mode 100644 index 0970bbebf..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: frame-src-cross-origin-load={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: frame-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html deleted file mode 100644 index 92cd088c5..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html +++ /dev/null @@ -1,25 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>function-constructor-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; ---> -</head> - -<body> - <script> - (new Function("alert_assert('PASS')"))(); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html.sub.headers deleted file mode 100644 index dd80ebacc..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: function-constructor-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html deleted file mode 100644 index be0c57477..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html +++ /dev/null @@ -1,29 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>function-constructor-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS EvalError"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <script> - try { - (new Function("alert_assert('FAIL')"))(); - } catch (e) { - log("PASS EvalError"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'unsafe-inline'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html.sub.headers deleted file mode 100644 index eb7da39cb..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: function-constructor-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/icon-allowed.sub.html deleted file mode 100644 index 8bacdd305..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-allowed.sub.html +++ /dev/null @@ -1,19 +0,0 @@ -<!DOCTYPE html> -<html> -<script> - {} - - function createLink(rel, src) { - var link = document.createElement('link'); - link.rel = rel; - link.href = src; - document.head.appendChild(link); - } - window.addEventListener('DOMContentLoaded', function() { - createLink('icon', 'http://localhost/foo?q=from_icon'); {} - }); - -</script> -<p>Use callbacks to show that favicons are loaded as allowed by CSP when link tags are dynamically added to the page.</p> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/icon-allowed.sub.html.sub.headers deleted file mode 100644 index b7d557b52..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: icon-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src http://localhost; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html deleted file mode 100644 index 978f25f63..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html +++ /dev/null @@ -1,17 +0,0 @@ -<!DOCTYPE html> -<html> -<script> - function createLink(rel, src) { - var link = document.createElement('link'); - link.rel = rel; - link.href = src; - document.head.appendChild(link); - } - window.addEventListener('DOMContentLoaded', function() { - createLink('icon', 'http://localhost/foo?q=from_icon'); {} - }); - -</script> -<p>Use callbacks to show that favicons are not loaded in violation of CSP when link tags are dynamically added to the page.</p> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html.sub.headers deleted file mode 100644 index c4dc69985..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: icon-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html deleted file mode 100644 index f3d1e1424..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html +++ /dev/null @@ -1 +0,0 @@ -<iframe src="resources/sandboxed-eval.php"></iframe> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html.sub.headers deleted file mode 100644 index 2cb1c7214..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: iframe-inside-csp={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/image-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/image-allowed.sub.html deleted file mode 100644 index c087692db..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/image-allowed.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>image-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -img-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <img src="../support/pass.png" onload="alert_assert(this.width == 168 ? 'PASS' : 'FAIL')"> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/image-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/image-allowed.sub.html.sub.headers deleted file mode 100644 index 3b85fc689..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/image-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: image-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/image-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/image-blocked.sub.html deleted file mode 100644 index e572070ef..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/image-blocked.sub.html +++ /dev/null @@ -1,23 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>image-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -img-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - This test passes if it doesn't alert FAIL and does alert PASS. - <img src="../support/pass.png" onload='alert_assert("FAIL")' onerror='alert_assert("PASS")'> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/image-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/image-blocked.sub.html.sub.headers deleted file mode 100644 index c58bb88bb..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/image-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: image-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html deleted file mode 100644 index 6482654cd..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>image-full-host-wildcard-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -img-src http://*.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <img src="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/pass.png" onload="alert_assert(this.width == 168 ? 'PASS' : 'FAIL')"> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html.sub.headers deleted file mode 100644 index 0f384f093..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: image-full-host-wildcard-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src http://*.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html deleted file mode 100644 index 8ec6fe433..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>injected-inline-script-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["Pass 1 of 2","Pass 2 of 2"]'></script> - <!-- enforcing policy: - script-src 'self' 'unsafe-inline'; connect-src 'self'; - --> -</head> - -<body> - <script src="resources/inject-script.js"></script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html.sub.headers deleted file mode 100644 index 7f3453924..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: injected-inline-script-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html deleted file mode 100644 index bee3f9abd..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html +++ /dev/null @@ -1,20 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>injected-inline-script-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <!-- enforcing policy: -script-src 'self'; connect-src 'self'; ---> -</head> - -<body> - <script src="resources/inject-script.js"></script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html.sub.headers deleted file mode 100644 index e90dec673..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: injected-inline-script-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html deleted file mode 100644 index f52289e49..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html +++ /dev/null @@ -1,35 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>injected-inline-style-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS: 2 stylesheets on the page."]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <div id="test1"> - FAIL 1/2 - </div> - <div id="test2"> - FAIL 2/2 - </div> - <script src="resources/inject-style.js"></script> - <script> - if (document.styleSheets.length === 2) - log("PASS: 2 stylesheets on the page."); - else - document.write("FAIL: " + document.styleSheets.length + " stylesheets on the page (should be 2)."); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html.sub.headers deleted file mode 100644 index 8a48dc248..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: injected-inline-style-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html deleted file mode 100644 index 1ed46cb65..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html +++ /dev/null @@ -1,32 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>injected-inline-style-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <div id="test1"> - PASS 1/2 - </div> - <div id="test2"> - PASS 2/2 - </div> - <script src="resources/inject-style.js"></script> - <script> - log(document.styleSheets.length == 0 ? "PASS" : "FAIL"); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html.sub.headers deleted file mode 100644 index d3f0a5efb..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: injected-inline-style-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html deleted file mode 100644 index efb5043ad..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html +++ /dev/null @@ -1,128 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>inline-style-allowed-while-cloning-objects</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <script> - window.onload = function() { - window.nodes = document.getElementById('nodes'); - window.node1 = document.getElementById('node1'); - window.node1.style.background = "yellow"; - window.node1.style.color = "red"; - window.node2 = document.getElementById('node1').cloneNode(true); - window.node2.id = "node2"; - window.node3 = document.getElementById('node3'); - window.node3.style.background = "blue"; - window.node3.style.color = "green"; - window.node4 = document.getElementById('node3').cloneNode(false); - window.node4.id = "node4"; - window.node4.innerHTML = "Node #4"; - nodes.appendChild(node1); - nodes.appendChild(node2); - nodes.appendChild(node3); - nodes.appendChild(node4); - test(function() { - assert_equals(node1.style.background.match(/yellow/)[0], "yellow") - }); - test(function() { - assert_equals(node2.style.background.match(/yellow/)[0], "yellow") - }); - test(function() { - assert_equals(node3.style.background.match(/blue/)[0], "blue") - }); - test(function() { - assert_equals(node4.style.background.match(/blue/)[0], "blue") - }); - test(function() { - assert_equals(node1.style.color, "red") - }); - test(function() { - assert_equals(node2.style.color, "red") - }); - test(function() { - assert_equals(node3.style.color, "green") - }); - test(function() { - assert_equals(node4.style.color, "green") - }); - test(function() { - assert_equals(window.getComputedStyle(node1).background, window.getComputedStyle(node2).background) - }); - test(function() { - assert_equals(window.getComputedStyle(node3).background, window.getComputedStyle(node4).background) - }); - test(function() { - assert_equals(window.getComputedStyle(node1).color, window.getComputedStyle(node2).color) - }); - test(function() { - assert_equals(window.getComputedStyle(node3).color, window.getComputedStyle(node4).color) - }); - window.ops = document.getElementById('ops'); - ops.style.color = 'red'; - window.clonedOps = ops.cloneNode(true); - window.violetOps = document.getElementById('violetOps'); - violetOps.style.background = 'rgb(238, 130, 238)'; - document.getElementsByTagName('body')[0].appendChild(clonedOps); - test(function() { - assert_equals(ops.style.background, "") - }); - test(function() { - assert_equals(ops.style.color, "red") - }); - test(function() { - assert_equals(clonedOps.style.background, "") - }); - test(function() { - assert_equals(violetOps.style.background.match(/rgb\(238, 130, 238\)/)[0], "rgb(238, 130, 238)") - }); - test(function() { - assert_equals(window.getComputedStyle(clonedOps).background, window.getComputedStyle(ops).background) - }); - test(function() { - assert_equals(window.getComputedStyle(clonedOps).color, window.getComputedStyle(ops).color) - }); - test(function() { - assert_equals(window.getComputedStyle(ops).background, window.getComputedStyle(violetOps).background) - }); - test(function() { - assert_equals(window.getComputedStyle(clonedOps).background, window.getComputedStyle(violetOps).background) - }); - test(function() { - assert_equals(ops.id, "ops") - }); - test(function() { - assert_equals(ops.id, clonedOps.id) - }); - }; - - </script> -</head> - -<body> - <p> - This test ensures that styles can be set by object.cloneNode() - </p> - <div id="nodes"> - This is a div (nodes) - <div id="node1"> This is a div. (node 1 or 2)</div> - <div id="node3"> This is a div. (node 3 or 4)</div> - </div> - <div id="ops" style="background: rgb(238, 130, 238)"> - Yet another div. - </div> - <div id="violetOps"> - Yet another div. - </div> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html.sub.headers deleted file mode 100644 index 963fa1751..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: inline-style-allowed-while-cloning-objects={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html deleted file mode 100644 index bf5ac125d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html +++ /dev/null @@ -1,31 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>inline-style-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> - <style> - .target { - background-color: blue; - } - - </style> -</head> - -<body class="target"> - <script> - log(document.styleSheets.length > 0 ? 'PASS' : 'FAIL'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html.sub.headers deleted file mode 100644 index 8ff58f55f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: inline-style-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html deleted file mode 100644 index ab446040a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html +++ /dev/null @@ -1,25 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>inline-style-attribute-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body style="background-color: blue;"> - <script> - log(document.body.style.length > 0 ? 'PASS' : 'FAIL'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html.sub.headers deleted file mode 100644 index 7d765e2b6..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: inline-style-attribute-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html deleted file mode 100644 index 90efe9fe7..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html +++ /dev/null @@ -1,25 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>inline-style-attribute-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body style="background-color: blue;"> - <script> - log(document.body.style.length > 0 ? 'FAIL' : 'PASS'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html.sub.headers deleted file mode 100644 index 0b1ec14c1..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: inline-style-attribute-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html deleted file mode 100644 index b002af987..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html +++ /dev/null @@ -1,28 +0,0 @@ -<!DOCTYPE html> -<html style="background-color: blue;"> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <meta http-equiv="Content-Security-Policy" content="style-src 'self'"> - <title>inline-style-attribute-on-html</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <p>Even though this page has a CSP policy the blocks inline style, the style attribute on the HTML element still takes effect because it preceeds the meta element. - </p> - <script> - log(document.documentElement.style.length > 0 ? 'PASS' : 'FAIL'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html.sub.headers deleted file mode 100644 index 66bf93faa..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: inline-style-attribute-on-html={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html deleted file mode 100644 index 3f7756e44..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html +++ /dev/null @@ -1,31 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>inline-style-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> - <style> - .target { - background-color: blue; - } - - </style> -</head> - -<body class="target"> - <script> - log(document.styleSheets.length > 0 ? 'FAIL' : 'PASS'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html.sub.headers deleted file mode 100644 index 0b8306326..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: inline-style-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html deleted file mode 100644 index fe6d2b1c2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html +++ /dev/null @@ -1,9 +0,0 @@ -<link rel="manifest" href="manifest.test/manifest.json"> -<script> - { - testRunner.getManifestThen(function() { - alert_assert("Pass"); - }); - } - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html.sub.headers deleted file mode 100644 index 3fbdc7337..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: manifest-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: manifest-src *; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html deleted file mode 100644 index fe6d2b1c2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html +++ /dev/null @@ -1,9 +0,0 @@ -<link rel="manifest" href="manifest.test/manifest.json"> -<script> - { - testRunner.getManifestThen(function() { - alert_assert("Pass"); - }); - } - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html.sub.headers deleted file mode 100644 index 4d6e5e395..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: manifest-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: manifest-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-allowed.sub.html deleted file mode 100644 index 4cb4002d9..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-allowed.sub.html +++ /dev/null @@ -1,14 +0,0 @@ -<video></video> -<script src="../../../media-resources/media-file.js"></script> -<script src="../../../media-resources/video-test.js"></script> -<script> - waitForEvent('loadedmetadata', function() { - alert_assert('PASS'); - endTestLater(); - }); - // Find a supported media file. - var mediaFile = findMediaFile("video", "content/test"); - var mimeType = mimeTypeForFile(mediaFile); - video.src = "http://{{host}}:{{ports[http][0]}}/resources/load-and-stall.cgi?name=../../../media/" + mediaFile + "&mimeType=" + mimeType + "&stallAt=100000"; - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-allowed.sub.html.sub.headers deleted file mode 100644 index b0401f7c7..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: media-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: media-src http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-blocked.sub.html deleted file mode 100644 index 57c8d5f65..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-blocked.sub.html +++ /dev/null @@ -1,15 +0,0 @@ -<video></video> -<script src="../../../media-resources/media-file.js"></script> -<script src="../../../media-resources/video-test.js"></script> -<p>This test passes if it doesn't alert failure.</p> -<script> - waitForEvent('loadedmetadata', function() { - alert_assert('FAIL'); - }); - addEventListener('load', endTestLater, false); - // Find a supported media file. - var mediaFile = findMediaFile("video", "content/test"); - var mimeType = mimeTypeForFile(mediaFile); - video.src = "http://{{host}}:{{ports[http][0]}}/resources/load-and-stall.cgi?name=../../../media/" + mediaFile + "&mimeType=" + mimeType + "&stallAt=100000"; - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-blocked.sub.html.sub.headers deleted file mode 100644 index 86c56953d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: media-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: media-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-track-block.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-track-block.sub.html deleted file mode 100644 index c8036ce17..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-track-block.sub.html +++ /dev/null @@ -1,39 +0,0 @@ -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>media-src-track-block</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -media-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <script> - function loaded() { - alert_assert("FAIL"); - } - - function errored() { - alert_assert("PASS"); - } - - function start() { - var track = document.querySelector('track'); - track.track.mode = "hidden"; - track.setAttribute('src', 'resources/track.vtt'); - } - - </script> -</head> - -<body onload="start()"> - <video> - <track kind="captions" onload="loaded()" onerror="errored()"> - </video> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=media-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-track-block.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-track-block.sub.html.sub.headers deleted file mode 100644 index 85c496e74..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/media-src-track-block.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: media-src-track-block={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: media-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html deleted file mode 100644 index 358b7af1a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html +++ /dev/null @@ -1,28 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-in-svg-foreignobject</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <p>This test ensures that objects inside SVG foreignobject elements are beholden to the same policy as the rest of the document. This test passes if there i a CSP violation saying the plugin was blocked.</p> - <svg> - <foreignobject> - <object xmlns="http://www.w3.org/1999/xhtml" data="/plugins/resources/mock-plugin.pl"> - </object> - </foreignobject> - </svg> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html.sub.headers deleted file mode 100644 index a196a1558..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-in-svg-foreignobject={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html deleted file mode 100644 index d77027840..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html +++ /dev/null @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-applet-archive-codebase</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <script> - var len = navigator.mimeTypes.length; - var allTypes = ""; - var appletMimeType = "application/x-java-applet"; - for (var i = 0; i < len; i++) { - allTypes += navigator.mimeTypes[i].type + ';'; - } - if (allTypes.indexOf(appletMimeType) == -1) { - t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - var s = document.createElement('script'); - s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; - document.body.appendChild(s); - } - - </script> - This test passes if there is a CSP violation saying the plugin was blocked. - <applet code="TestThingie" archive="archive.jar" codebase="/plugins/codebase/" id="appletObject" onload="log('FAIL')" onerror="log('PASS')"></applet> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html.sub.headers deleted file mode 100644 index 0b71a188b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-applet-archive-codebase={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html deleted file mode 100644 index 69c71986e..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html +++ /dev/null @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-applet-archive</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <script> - var len = navigator.mimeTypes.length; - var allTypes = ""; - var appletMimeType = "application/x-java-applet"; - for (var i = 0; i < len; i++) { - allTypes += navigator.mimeTypes[i].type + ';'; - } - if (allTypes.indexOf(appletMimeType) == -1) { - t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - var s = document.createElement('script'); - s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; - document.body.appendChild(s); - } - - </script> - This test passes if there is a CSP violation saying the plugin was blocked. - <applet code="TestThingie" archive="/plugins/archive.jar" id="appletObject" onload="log('FAIL')" onerror="log('PASS')"></applet> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html.sub.headers deleted file mode 100644 index 4bd5ec149..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-applet-archive={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html deleted file mode 100644 index 6121dad56..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html +++ /dev/null @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-applet-archive-code-codebase</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <script> - var len = navigator.mimeTypes.length; - var allTypes = ""; - var appletMimeType = "application/x-java-applet"; - for (var i = 0; i < len; i++) { - allTypes += navigator.mimeTypes[i].type + ';'; - } - if (allTypes.indexOf(appletMimeType) == -1) { - t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - var s = document.createElement('script'); - s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; - document.body.appendChild(s); - } - - </script> - This test passes if there is a CSP violation saying the plugin was blocked. - <applet code="code.class" codebase="/plugins/codebase/"></applet> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html.sub.headers deleted file mode 100644 index 1ced1a8e2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-applet-code-codebase={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html deleted file mode 100644 index af598bfd1..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html +++ /dev/null @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-applet-code</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <script> - var len = navigator.mimeTypes.length; - var allTypes = ""; - var appletMimeType = "application/x-java-applet"; - for (var i = 0; i < len; i++) { - allTypes += navigator.mimeTypes[i].type + ';'; - } - if (allTypes.indexOf(appletMimeType) == -1) { - t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); - t_log.phase = t_log.phases.HAS_RESULT; - t_log.done(); - } else { - var s = document.createElement('script'); - s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; - document.body.appendChild(s); - } - - </script> - This test passes if there is a CSP violation saying the plugin was blocked. - <applet code="/plugins/code.class"></applet> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html.sub.headers deleted file mode 100644 index 44bd725f8..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-applet-code={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html deleted file mode 100644 index 2e2bef25d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html +++ /dev/null @@ -1,23 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-no-url-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - This test passes if there isn't a CSP violation saying the plugin was blocked. - <object type="application/x-webkit-test-netscape"></object> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html.sub.headers deleted file mode 100644 index 3746103fe..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-no-url-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html deleted file mode 100644 index ad3eebcae..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html +++ /dev/null @@ -1,23 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-no-url-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - This test passes if there is a CSP violation saying the plugin was blocked. - <object type="application/x-webkit-test-netscape"></object> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html.sub.headers deleted file mode 100644 index dba0ece70..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-no-url-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html deleted file mode 100644 index dace2c417..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html +++ /dev/null @@ -1,23 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-url-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - This test passes if there is no CSP violation saying the plugin was blocked. - <object data="/content-security-policy/support/pass.png"></object> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html.sub.headers deleted file mode 100644 index bce19c1de..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-url-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html deleted file mode 100644 index 4f12d747b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html +++ /dev/null @@ -1,23 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>object-src-url-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - This test passes if there is a CSP violation saying the plugin was blocked. - <object data="/plugins/resources/mock-plugin.pl"></object> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html.sub.headers deleted file mode 100644 index 1447fd0fc..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: object-src-url-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html deleted file mode 100644 index a43e4be27..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html +++ /dev/null @@ -1 +0,0 @@ -<iframe src="resources/alert-pass.html"></iframe> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html.sub.headers deleted file mode 100644 index ff37e37ee..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: policy-does-not-affect-child={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html deleted file mode 100644 index dea8a87a3..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>report-blocked-data-uri</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -img-src 'none'; report-uri resources/save-report.php?test=report-blocked-data-uri.html; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html.sub.headers deleted file mode 100644 index 8530a1cc4..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-blocked-data-uri={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html deleted file mode 100644 index ed2cd2a74..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html +++ /dev/null @@ -1,24 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>report-cross-origin-no-cookies</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -img-src 'none'; report-uri http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID=; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; ---> - <script src="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/set-cookie.js"></script> -</head> - -<body> - <!-- This image will generate a CSP violation report. --> - <img src="resources/abe.png"> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'&noCookies=true"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html.sub.headers deleted file mode 100644 index 5a7122975..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-cross-origin-no-cookies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; report-uri http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html deleted file mode 100644 index cb001a220..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html +++ /dev/null @@ -1,24 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>report-disallowed-from-meta</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - <meta http-equiv="Content-Security-Policy" content="img-src 'none'; report-uri /content-security-policy/support/report.py?op=put&reportID=5ada7c32-1c46-4b79-a95f-af33fcf95f8e"> -</head> - -<body> - This image should be blocked, but should not show up in the violation report because meta policies MUST ignore report-uri. - <img src="../resources/abe.png" onerror="alert_assert('PASS')" onload="alert_assert('FAIL')"> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html.sub.headers deleted file mode 100644 index 4c620525a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html.sub.headers +++ /dev/null @@ -1,5 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-disallowed-from-meta=5ada7c32-1c46-4b79-a95f-af33fcf95f8e; Path=/content-security-policy/blink-contrib
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html deleted file mode 100644 index e90cb066b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html +++ /dev/null @@ -1,24 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>report-cross-origin-no-cookies</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -img-src 'none'; report-uri http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID=; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; ---> - <script src="/content-security-policy/blink-contrib/resources/set-cookie.js"></script> -</head> - -<body> - <!-- This image will generate a CSP violation report. --> - <img src="resources/abe.png"> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'&noCookies=true"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html.sub.headers deleted file mode 100644 index 4655de254..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-same-origin-with-cookies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html deleted file mode 100644 index cf3f72f1e..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html +++ /dev/null @@ -1,28 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>report-uri-from-inline-javascript</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -img-src 'none'; report-uri resources/save-report.php?test=report-uri-from-inline-javascript.html; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <script> - // This script block will trigger a violation report. - var i = document.createElement('img'); - i.src = 'resources/abe.png'; - document.body.appendChild(i); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html.sub.headers deleted file mode 100644 index c37a9ff8d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-uri-from-inline-javascript={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html deleted file mode 100644 index 790a75bda..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>report-uri-from-javascript</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -img-src 'none'; report-uri resources/save-report.php?test=report-uri-from-javascript.html; script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body> - <script src="resources/inject-image.js"></script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html.sub.headers deleted file mode 100644 index ed6560118..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-uri-from-javascript={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri.sub.html deleted file mode 100644 index 9ffb835f2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri.sub.html +++ /dev/null @@ -1,6 +0,0 @@ -<script src="resources/report-test.js"></script> -<script> - // This script block will trigger a violation report. - alert_assert('FAIL'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri.sub.html.sub.headers deleted file mode 100644 index 1416ea7f1..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/report-uri.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: report-uri={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; report-uri resources/save-report.php?test=report-uri.html; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/alert-fail.html b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/alert-fail.html deleted file mode 100644 index c0fb8173d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/alert-fail.html +++ /dev/null @@ -1,4 +0,0 @@ -<script> - alert('FAIL'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/alert-pass.html b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/alert-pass.html deleted file mode 100644 index 50e753d0d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/alert-pass.html +++ /dev/null @@ -1,4 +0,0 @@ -<script> - alert('PASS'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/blue.css b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/blue.css deleted file mode 100644 index 54aeecc12..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/blue.css +++ /dev/null @@ -1,3 +0,0 @@ -.target { - background-color: blue; -} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/document-write-alert-fail.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/document-write-alert-fail.js deleted file mode 100644 index 5e78ca0da..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/document-write-alert-fail.js +++ /dev/null @@ -1 +0,0 @@ -document.write("<script>test(function () { assert_unreached('FAIL inline script from document.write ran') });</script>"); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/generate-csp-report.html b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/generate-csp-report.html deleted file mode 100644 index 887f44f48..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/generate-csp-report.html +++ /dev/null @@ -1,7 +0,0 @@ -<meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri save-report.php?test=generate-csp-report.html"> -<script> - // This script block will trigger a violation report. - alert('FAIL'); - -</script> -<script src="go-to-echo-report.js"></script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/go-to-echo-report.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/go-to-echo-report.js deleted file mode 100644 index e220f2a47..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/go-to-echo-report.js +++ /dev/null @@ -1,12 +0,0 @@ -if (window.testRunner) { - testRunner.dumpAsText(); - testRunner.waitUntilDone(); -} - -window.onload = function() { - var test = window.location.pathname.replace(/^.+\//, ''); - var match = window.location.search.match(/^\?test=([^&]+)/); - if (match) - test = match[1]; - window.location = "/security/contentSecurityPolicy/resources/echo-report.php?test=" + test; -} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-image.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-image.js deleted file mode 100644 index 1e1f93b39..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-image.js +++ /dev/null @@ -1,4 +0,0 @@ -// This script block will trigger a violation report. -var i = document.createElement('img'); -i.src = '/security/resources/abe.png'; -document.body.appendChild(i); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-script.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-script.js deleted file mode 100644 index 155371985..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-script.js +++ /dev/null @@ -1,5 +0,0 @@ -document.write("<script>alert_assert('Pass 1 of 2');</script>"); - -var s = document.createElement('script'); -s.textContent = "alert_assert('Pass 2 of 2');"; -document.body.appendChild(s); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-style.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-style.js deleted file mode 100644 index 532645a45..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/inject-style.js +++ /dev/null @@ -1,5 +0,0 @@ -document.write("<style>#test1 { display: none; }</style>"); - -var s = document.createElement('style'); -s.textContent = "#test2 { display: none; }"; -document.body.appendChild(s); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/post-message.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/post-message.js deleted file mode 100644 index 69daa31d2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/post-message.js +++ /dev/null @@ -1 +0,0 @@ -postMessage("importScripts allowed"); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/postmessage-fail.html b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/postmessage-fail.html deleted file mode 100644 index a0308ad98..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/postmessage-fail.html +++ /dev/null @@ -1,4 +0,0 @@ -<script> - window.parent.postMessage('FAIL', '*'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/postmessage-pass.html b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/postmessage-pass.html deleted file mode 100644 index 700167b5d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/postmessage-pass.html +++ /dev/null @@ -1,4 +0,0 @@ -<script> - window.parent.postMessage('PASS', '*'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/script.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/script.js deleted file mode 100644 index 54eaf530c..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/script.js +++ /dev/null @@ -1,2 +0,0 @@ -var result = document.getElementById("result"); -result.firstChild.nodeValue = result.attributes.getNamedItem("text").value; diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/set-cookie.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/set-cookie.js.sub.headers deleted file mode 100644 index 1d5fbba17..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/set-cookie.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Set-Cookie: report-cookie=true
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.sub.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.sub.js deleted file mode 100644 index 28937d05d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.sub.js +++ /dev/null @@ -1,23 +0,0 @@ -onconnect = function (event) { - var port = event.ports[0]; - var xhr = new XMLHttpRequest; - xhr.onerror = function () { - port.postMessage("xhr blocked"); - port.postMessage("TEST COMPLETE"); - }; - xhr.onload = function () { - if (xhr.responseText == "FAIL") { - port.postMessage("xhr allowed"); - } else { - port.postMessage("xhr blocked"); - } - port.postMessage("TEST COMPLETE"); - }; - try { - xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); - xhr.send(); - } catch (e) { - port.postMessage("xhr blocked"); - port.postMessage("TEST COMPLETE"); - } -}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js deleted file mode 100644 index 28937d05d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js +++ /dev/null @@ -1,23 +0,0 @@ -onconnect = function (event) { - var port = event.ports[0]; - var xhr = new XMLHttpRequest; - xhr.onerror = function () { - port.postMessage("xhr blocked"); - port.postMessage("TEST COMPLETE"); - }; - xhr.onload = function () { - if (xhr.responseText == "FAIL") { - port.postMessage("xhr allowed"); - } else { - port.postMessage("xhr blocked"); - } - port.postMessage("TEST COMPLETE"); - }; - try { - xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); - xhr.send(); - } catch (e) { - port.postMessage("xhr blocked"); - port.postMessage("TEST COMPLETE"); - } -}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js.sub.headers deleted file mode 100644 index ac7368c32..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Security-Policy: connect-src 'none'
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/simple-event-stream b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/simple-event-stream deleted file mode 100644 index e467657bc..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/simple-event-stream +++ /dev/null @@ -1 +0,0 @@ -data: hello diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/simple-event-stream.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/simple-event-stream.headers deleted file mode 100644 index 9bb8badca..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/simple-event-stream.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Type: text/event-stream diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/track.vtt b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/track.vtt deleted file mode 100644 index 365e9ae15..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/track.vtt +++ /dev/null @@ -1 +0,0 @@ -Subtitles! diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-eval.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-eval.js deleted file mode 100644 index 9aa87129a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-eval.js +++ /dev/null @@ -1,5 +0,0 @@ -var id = 0; -try { - id = eval("1 + 2 + 3"); -} catch (e) {} -postMessage(id === 0 ? "eval blocked" : "eval allowed"); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-eval.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-eval.js.sub.headers deleted file mode 100644 index afdcc7c01..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-eval.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Security-Policy: script-src 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-function-function.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-function-function.js deleted file mode 100644 index 03d9bf4cb..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-function-function.js +++ /dev/null @@ -1,7 +0,0 @@ -var fn = function() { - postMessage('Function() function blocked'); -} -try { - fn = new Function("", "postMessage('Function() function allowed');"); -} catch (e) {} -fn(); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-function-function.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-function-function.js.sub.headers deleted file mode 100644 index afdcc7c01..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-function-function.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Security-Policy: script-src 'unsafe-inline' diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-importscripts.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-importscripts.js deleted file mode 100644 index 65ec6f446..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-importscripts.js +++ /dev/null @@ -1,6 +0,0 @@ -try { - importScripts("/content-security-policy/blink-contrib/resources/post-message.js"); - postMessage("importScripts allowed"); -} catch (e) { - postMessage("importScripts blocked"); -} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-importscripts.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-importscripts.js.sub.headers deleted file mode 100644 index 57616b1fc..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-importscripts.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Security-Policy: script-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js deleted file mode 100644 index 22819d57a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js +++ /dev/null @@ -1,21 +0,0 @@ -var xhr = new XMLHttpRequest; -xhr.onerror = function () { - postMessage("xhr blocked"); - postMessage("TEST COMPLETE"); -}; -xhr.onload = function () { - //cons/**/ole.log(xhr.responseText); - if (xhr.responseText == "FAIL") { - postMessage("xhr allowed"); - } else { - postMessage("xhr blocked"); - } - postMessage("TEST COMPLETE"); -}; -try { - xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); - xhr.send(); -} catch (e) { - postMessage("xhr blocked"); - postMessage("TEST COMPLETE"); -}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js.sub.headers deleted file mode 100644 index ac7368c32..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Security-Policy: connect-src 'none'
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr.sub.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr.sub.js deleted file mode 100644 index 73359a39e..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-make-xhr.sub.js +++ /dev/null @@ -1,21 +0,0 @@ -var xhr = new XMLHttpRequest; -xhr.onerror = function () { - postMessage("xhr blocked"); - postMessage("TEST COMPLETE"); -}; -xhr.onload = function () { - //cons/**/ole.log(xhr.responseText); - if (xhr.responseText == "FAIL") { - postMessage("xhr allowed"); - } else { - postMessage("xhr blocked"); - } - postMessage("TEST COMPLETE"); -}; -try { - xhr.open("GET", "/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis", true); - xhr.send(); -} catch (e) { - postMessage("xhr blocked"); - postMessage("TEST COMPLETE"); -}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js deleted file mode 100644 index a16827edd..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js +++ /dev/null @@ -1,5 +0,0 @@ -var id = 0; -try { - id = setTimeout("postMessage('handler invoked')", 100); -} catch (e) {} -postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed"); diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js.sub.headers deleted file mode 100644 index 57616b1fc..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js.sub.headers +++ /dev/null @@ -1 +0,0 @@ -Content-Security-Policy: script-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html deleted file mode 100644 index c755504b1..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html +++ /dev/null @@ -1,3 +0,0 @@ - -This test passes if it does alert pass. -<iframe src="data:text/html,<script>alert_assert('PASS');</script>"></iframe> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html.sub.headers deleted file mode 100644 index 4c7945728..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: sandbox-allow-scripts-subframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: sandbox allow-scripts; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html deleted file mode 100644 index 3bdaa12ea..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html +++ /dev/null @@ -1,6 +0,0 @@ - -This test passes if it does alert pass. -<script> - alert_assert('PASS'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html.sub.headers deleted file mode 100644 index b6df57d17..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: sandbox-allow-scripts={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: sandbox allow-scripts; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html deleted file mode 100644 index 5ddccfaa3..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html +++ /dev/null @@ -1,3 +0,0 @@ - -This test passes if it doesn't alert fail. -<iframe src="data:text/html,<script>alert_assert('FAIL');</script>"></iframe> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html.sub.headers deleted file mode 100644 index 5287112d6..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: sandbox-empty-subframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: sandbox; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty.sub.html deleted file mode 100644 index 4e04e9875..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty.sub.html +++ /dev/null @@ -1,6 +0,0 @@ - -This test passes if it doesn't alert fail. -<script> - alert_assert('FAIL'); - -</script> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty.sub.html.sub.headers deleted file mode 100644 index f7d31c959..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/sandbox-empty.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: sandbox-empty={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: sandbox; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html deleted file mode 100644 index cf4aab201..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html +++ /dev/null @@ -1,25 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>script-src-overrides-default-src</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> - <!-- enforcing policy: -default-src about:; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; ---> -</head> - -<body onload="alert_assert('PASS 2 of 2')"> - <script> - alert_assert('PASS 1 of 2'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html.sub.headers deleted file mode 100644 index 5d3456433..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: script-src-overrides-default-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: default-src about:; script-src 'self' 'unsafe-inline'; style-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html deleted file mode 100644 index 5f388622c..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html +++ /dev/null @@ -1,49 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-connect-src-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["TEST COMPLETE"]'></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; child-src 'self'; ---> - -</head> -<p>This test loads a worker, from a guid. - The worker should be blocked from loading with a child-src policy of 'self' - as the blob: scheme must be specified explicitly. - A report should be sent to the report-uri specified - with this resource.</p> -<body> - <script> - try { - var blob = new Blob([ - "postMessage('FAIL');" + - "postMessage('TEST COMPLETE');" - ], - {type : 'application/javascript'}); - var url = URL.createObjectURL(blob); - var worker = new Worker(url); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - worker.onerror = function(event) { - alert_assert('TEST COMPLETE'); - event.preventDefault(); - } - } catch (e) { - alert_assert('TEST COMPLETE'); - } - function timeout() { - alert_assert('TEST COMPLETE'); - } - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=child-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html.sub.headers deleted file mode 100644 index 05843484b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: self-doesnt-match-blob={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; child-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html deleted file mode 100644 index 17da111a8..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html +++ /dev/null @@ -1,43 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>shared-worker-connect-src-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["xhr allowed","TEST COMPLETE"]'></script> - <!-- enforcing policy: -connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; ---> - -</head> - -<body> - <script> - if(typeof SharedWorker != 'function') { - t_alert.set_status(t_alert.NOTRUN, "No SharedWorker, cannot run test."); - t_alert.phase = t_alert.phases.HAS_RESULT; - t_alert.done(); - } else { - try { - var worker = new SharedWorker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.sub.js'); - worker.port.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - var report = document.createElement("script"); - report.src = "../support/checkReport.sub.js?reportExists=false"; - report.async = true; - report.defer = true; - document.body.appendChild(report); - } - - </script> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html.sub.headers deleted file mode 100644 index eefff95c6..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: shared-worker-connect-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html deleted file mode 100644 index 63225bf27..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html +++ /dev/null @@ -1,50 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>shared-worker-connect-src-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["xhr blocked","TEST COMPLETE"]'></script> - <!-- enforcing policy: -connect-src *; script-src 'self' 'unsafe-inline'; ---> - -</head> - -<body> - <p>This test loads a shared worker, delivered with its own - policy. The worker should be blocked from making an XHR - as that policy specifies a connect-src 'none', though - this resource's policy is connect-src *. No report - should be sent since the worker's policy doesn't specify - a report-uri.</p> - <script> - if(typeof SharedWorker != 'function') { - t_alert.set_status(t_alert.NOTRUN, "No SharedWorker, cannot run test."); - t_alert.phase = t_alert.phases.HAS_RESULT; - t_alert.done(); - } else { - try { - var worker = new SharedWorker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.sub.js'); - worker.port.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - var report = document.createElement("script"); - report.src = "../support/checkReport.sub.js?reportExists=false"; - report.async = true; - report.defer = true; - document.body.appendChild(report); - } - - - </script> - <div id="log"></div> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html.sub.headers deleted file mode 100644 index bb4fb4c90..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: shared-worker-connect-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src *; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html deleted file mode 100644 index b60eccb9b..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>source-list-parsing-paths-03</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-inline' example.com/js/; connect-src 'self'; ---> -</head> - -<body> - <p>This test passes if the source expression does not throw an "invalid source" error.</p> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html.sub.headers deleted file mode 100644 index 58e7a22df..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: source-list-parsing-paths-03={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' example.com/js/; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html deleted file mode 100644 index 50b76688f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html +++ /dev/null @@ -1,22 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>srcdoc-doesnt-bypass-script-src</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/alertAssert.sub.js?alerts=%5B%5D"></script> - <!-- enforcing policy: -script-src 'self'; connect-src 'self'; ---> -</head> - -<body> - This test passes if it doesn't alert fail. - <iframe srcdoc="<script>window.parent.alert_assert('FAIL')</script>"></iframe> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html.sub.headers deleted file mode 100644 index e2ffd1185..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: srcdoc-doesnt-bypass-script-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html deleted file mode 100644 index fac12b52a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html +++ /dev/null @@ -1,49 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-connect-src-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["TEST COMPLETE"]'></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline'; child-src *; ---> - -</head> -<p>This test loads a worker, from a guid. - The worker should be blocked from loading with a child-src policy of * - as the blob: scheme must be specified explicitly. - A report should be sent to the report-uri specified - with this resource.</p> -<body> - <script> - try { - var blob = new Blob([ - "postMessage('FAIL');" + - "postMessage('TEST COMPLETE');" - ], - {type : 'application/javascript'}); - var url = URL.createObjectURL(blob); - var worker = new Worker(url); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - worker.onerror = function(event) { - event.preventDefault(); - alert_assert('TEST COMPLETE'); - } - } catch (e) { - alert_assert('TEST COMPLETE'); - } - function timeout() { - alert_assert('TEST COMPLETE'); - } - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=child-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html.sub.headers deleted file mode 100644 index 9f7db5b0f..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: star-doesnt-match-blob={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; child-src *; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/style-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/style-allowed.sub.html deleted file mode 100644 index 176a8e3ef..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/style-allowed.sub.html +++ /dev/null @@ -1,26 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>style-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> - <link rel="stylesheet" href="resources/blue.css"> -</head> - -<body> - <script> - log(document.styleSheets.length > 0 ? 'PASS' : 'FAIL'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/style-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/style-allowed.sub.html.sub.headers deleted file mode 100644 index cdf394548..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/style-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: style-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/style-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/style-blocked.sub.html deleted file mode 100644 index 847e05b6a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/style-blocked.sub.html +++ /dev/null @@ -1,26 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>style-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["PASS"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; ---> - <link rel="stylesheet" href="resources/blue.css"> -</head> - -<body> - <script> - log(document.styleSheets.length > 0 ? 'FAIL' : 'PASS'); - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/style-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/style-blocked.sub.html.sub.headers deleted file mode 100644 index 54c3272a3..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/style-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: style-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html deleted file mode 100644 index 923149199..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html +++ /dev/null @@ -1,33 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-connect-src-allowed</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["xhr allowed"]'></script> - <!-- enforcing policy: -connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; ---> - -</head> - -<body> - <script> - try { - var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-make-xhr.sub.js'); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html.sub.headers deleted file mode 100644 index 92ef91f0d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-connect-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html deleted file mode 100644 index 054132290..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html +++ /dev/null @@ -1,38 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-connect-src-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["xhr blocked","TEST COMPLETE"]'></script> - <!-- enforcing policy: -connect-src *; script-src 'self' 'unsafe-inline'; ---> - -</head> -<p>This test loads a worker, which is delivered with its own - policy. The worker should be blocked from making an XHR - as that policy specifies a connect-src 'none', though - this resource's policy is connect-src *. No report - should be sent since the worker's policy doesn't specify - a report-uri.</p> -<body> - <script> - try { - var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.sub.js'); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html.sub.headers deleted file mode 100644 index e302aa84a..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-connect-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src *; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html deleted file mode 100644 index ac96e0f4d..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html +++ /dev/null @@ -1,37 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-eval-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["eval blocked"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; ---> -</head> - -<body> - <p>This test loads a worker, delivered with its own policy. - The eval() call in the worker should be forbidden by that - policy. No report should be generated because the worker - policy does not set a report-uri (although this parent - resource does).</p> - <script> - try { - var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-eval.js'); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html.sub.headers deleted file mode 100644 index 8964f80ab..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-eval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-from-guid.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-from-guid.sub.html deleted file mode 100644 index b290b82f6..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-from-guid.sub.html +++ /dev/null @@ -1,65 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-connect-src-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["xhr blocked","TEST COMPLETE"]'></script> - <!-- enforcing policy: -connect-src 'self'; script-src 'self' 'unsafe-inline' blob:; ---> - -</head> -<p>This test loads a worker, from a guid. - The worker should be blocked from making an XHR - to www1 as this resource's policy is connect-src 'self - and a guid Worker should inherit is parent's policy. - A report should be sent to the report-uri specified - with this resource.</p> -<body> - <script> - try { - var blob = new Blob([ - "var xhr = new XMLHttpRequest;" + - "xhr.onerror = function () {" + - " postMessage('xhr blocked');" + - " postMessage('TEST COMPLETE');" + - "};" + - "xhr.onload = function () {" + - " if (xhr.responseText == 'FAIL') {" + - " postMessage('xhr allowed');" + - " } else {" + - " postMessage('xhr blocked');" + - " }" + - " postMessage('TEST COMPLETE');" + - "};" + - "try { " + - " xhr.open(" + - " 'GET'," + - " 'http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.asis'," + - " true" + - " );" + - " xhr.send();" + - "} catch (e) {" + - " postMessage('xhr blocked');" + - " postMessage('TEST COMPLETE');" + - "}"], - {type : 'application/javascript'}); - var url = URL.createObjectURL(blob); - var worker = new Worker(url); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-from-guid.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-from-guid.sub.html.sub.headers deleted file mode 100644 index d94d31ace..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-from-guid.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-from-guid={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline' blob:; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html deleted file mode 100644 index 1db574780..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html +++ /dev/null @@ -1,38 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-function-function-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["Function() function blocked"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <p>This test loads a worker, delivered with its own policy. - The Function constructor should be forbidden by that - policy. No report should be generated because the worker - policy does not set a report-uri (although this parent - resource does).</p> - <script> - try { - var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-function-function.js'); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html.sub.headers deleted file mode 100644 index b012518ec..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-function-function-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html deleted file mode 100644 index 9ec49c030..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html +++ /dev/null @@ -1,43 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-importscripts-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> - <script src="../support/alertAssert.sub.js?alerts=[]"></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 127.0.0.1:8000; connect-src 'self'; ---> - <script></script> -</head> - -<body> - <script> - window.wasPostTestScriptParsed = true; - var result = ''; - try { - var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-importscripts.js'); - worker.onmessage = function(event) { - result = event.data; - test(function() { - assert_equals(result, 'importScripts blocked') - }); - log("TEST COMPLETE"); - }; - } catch (e) { - result = e; - test(function() { - assert_equals(result, 'importScripts blocked') - }); - log("TEST COMPLETE"); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html.sub.headers deleted file mode 100644 index 04de51d14..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-importscripts-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-script-src.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-script-src.sub.html deleted file mode 100644 index 9caf77224..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-script-src.sub.html +++ /dev/null @@ -1,33 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-script-src</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <script> - try { - var foo = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/post-message.js'); - foo.onmessage = function(event) { - alert_assert("PASS"); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-script-src.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-script-src.sub.html.sub.headers deleted file mode 100644 index 76e5a3ba2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-script-src.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-script-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html deleted file mode 100644 index 119121ca5..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html +++ /dev/null @@ -1,33 +0,0 @@ -<!DOCTYPE html> -<html> - -<head> - <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> - <title>worker-set-timeout-blocked</title> - <script src="/resources/testharness.js"></script> - <script src="/resources/testharnessreport.js"></script> - <script src="../support/logTest.sub.js?logs=[]"></script> - <script src='../support/alertAssert.sub.js?alerts=["setTimeout blocked"]'></script> - <!-- enforcing policy: -script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; ---> - -</head> - -<body> - <script> - try { - var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-set-timeout.js'); - worker.onmessage = function(event) { - alert_assert(event.data); - }; - } catch (e) { - alert_assert(e); - } - - </script> - <div id="log"></div> - <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> -</body> - -</html> diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html.sub.headers deleted file mode 100644 index fb6b3d0a2..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html.sub.headers +++ /dev/null @@ -1,6 +0,0 @@ -Expires: Mon, 26 Jul 1997 05:00:00 GMT -Cache-Control: no-store, no-cache, must-revalidate -Cache-Control: post-check=0, pre-check=0, false -Pragma: no-cache -Set-Cookie: worker-set-timeout-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib -Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/xsl-blocked-expected.png b/testing/web-platform/tests/content-security-policy/blink-contrib/xsl-blocked-expected.png Binary files differdeleted file mode 100644 index b5daa8555..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/xsl-blocked-expected.png +++ /dev/null diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/xsl-unaffected-by-style-src-1-expected.png b/testing/web-platform/tests/content-security-policy/blink-contrib/xsl-unaffected-by-style-src-1-expected.png Binary files differdeleted file mode 100644 index b5daa8555..000000000 --- a/testing/web-platform/tests/content-security-policy/blink-contrib/xsl-unaffected-by-style-src-1-expected.png +++ /dev/null |
