diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic')
32 files changed, 374 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js b/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js new file mode 100644 index 000000000..5c580273d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js @@ -0,0 +1,3 @@ +(function () { + scriptsrc1.step(function() { assert_unreached('Unsafe inline script ran.') }); +})(); diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html new file mode 100644 index 000000000..c3778f816 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html @@ -0,0 +1,35 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>default-src should cascade to img-src directive</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='../support/siblingPath.js'></script> +</head> +<body> + <h1>default-src should cascade to img-src directive</h1> + <div id='log'></div> + + <script> + var imgsrc = async_test("Verify cascading of default-src to img-src policy"); + var onerrorFired = false; + </script> + + <img id='imgfail' src='' + onload='imgsrc.step(function() { assert_unreached("Image load was not blocked."); });' + onerror='onerrorFired = true;'> + <img src='../support/pass.png' + onload='imgsrc.step(function() { assert_true(true, "Image load was blocked."); });'> + + <script> + document.getElementById('imgfail').src = buildSiblingPath('www1', '../support/fail.png'); + onload = function() { + imgsrc.step(function() { assert_true(onerrorFired, "onerror handler for blocked img didn't fire");}); + imgsrc.done(); + } + </script> + + <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=default-src%20%27self%27%20%27unsafe-inline%27'></script> + +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html.sub.headers new file mode 100644 index 000000000..61bdc0a30 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_1-img-src={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: default-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html new file mode 100644 index 000000000..740b2a553 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html @@ -0,0 +1,35 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>default-src should cascade to script-src directive</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='../support/siblingPath.js'></script> +</head> +<body> + <h1>default-src should cascade to script-src directive</h1> + <div id='log'></div> + + <script> + var scriptsrc1 = async_test("Verify cascading of default-src to script-src policy: block"); + var scriptsrc2 = async_test("Verify cascading of default-src to script-src policy: allow"); + var allowedScriptRan = false; + </script> + + <script src='pass-0_1.js'></script> + + <script> + var inlineScript = document.createElement('script'); + inlineScript.src = buildSiblingPath('www1', 'fail-0_1.js'); + document.getElementById('log').appendChild(inlineScript); + onload = function() { + scriptsrc1.done(); + scriptsrc2.step( function() { assert_true(allowedScriptRan, "allowed script didn't run") }); + scriptsrc2.done(); + } + </script> + + <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=default-src%20%27self%27%20%27unsafe-inline%27'></script> + +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html.sub.headers new file mode 100644 index 000000000..b3ff8c460 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_1-script-src={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: default-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.html new file mode 100644 index 000000000..703e50b44 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.html @@ -0,0 +1,21 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>test implicit port number matching (requires port 80)</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://www." + location.hostname + "/content-security-policy/generic/positiveTest.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>test implicit port number matching (requires port 80)</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportExists=false'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.html.sub.headers new file mode 100644 index 000000000..c58b0536f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_10={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' www.{{host}} 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html new file mode 100644 index 000000000..c66640de3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>implicit port number matching fails with a different port</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='negativeTests.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://www." + location.hostname + ":{{ports[http][1]}}/content-security-policy/generic/unreached.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>implicit port number matching fails with a different port</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27%20www.{{host}}%20%27unsafe-inline%27'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html.sub.headers new file mode 100644 index 000000000..e8fcf07c2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_10_1={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' www.{{host}} 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html new file mode 100644 index 000000000..130bfadad --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html @@ -0,0 +1,15 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>'self' keyword positive test</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='positiveTest.js'></script> +</head> +<body> + <h1>'self' keyword positive test</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportExists=false'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html.sub.headers new file mode 100644 index 000000000..776112de6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_2={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html new file mode 100644 index 000000000..9d274ea59 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>'self' fails with a different port</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='negativeTests.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://" + location.hostname + ":{{ports[http][1]}}/content-security-policy/generic/unreached.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>'self' fails with a different port</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27%20%27unsafe-inline%27'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html.sub.headers new file mode 100644 index 000000000..769ccc154 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_2_2={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html new file mode 100644 index 000000000..ff4b8db8a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='negativeTests.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://www." + location.hostname + ":" + location.port + "/content-security-policy/generic/unreached.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27%20%27unsafe-inline%27'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html.sub.headers new file mode 100644 index 000000000..0a8defccd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_2_3={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.html new file mode 100644 index 000000000..2e7df3776 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>test wildcard host name matching (*.web-platform.test is good)</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='wildcardHostTest.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://www." + location.hostname + ":" + location.port + "/content-security-policy/generic/wildcardHostTestSuceeds.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>test wildcard host name matching (*.web-platform.test is good)</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportExists=false'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.html.sub.headers new file mode 100644 index 000000000..34756f9db --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_8={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' *.{{host}}:{{ports[http][0]}} 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html new file mode 100644 index 000000000..167b4458d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html @@ -0,0 +1,21 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>test wildcard host name matching (www*.web-platform.test is bad, *www.web-platform.test is bad)</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='wildcardHostTestFailure.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://www." + location.hostname + ":" + location.port + "/content-security-policy/generic/wildcardHostTestSuceeds.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>test wildcard host name matching (www*.web-platform.test is bad, *www.web-platform.test is bad)</h1> + <div id='log'></div> + <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27%20*w.{{host}}:{{ports[http][0]}}%20w*.{{host}}:{{ports[http][0]}}%20%27unsafe-inline%27'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html.sub.headers new file mode 100644 index 000000000..57a038a05 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_8_1={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' *w.{{host}}:{{ports[http][0]}} w*.{{host}}:{{ports[http][0]}} 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html new file mode 100644 index 000000000..cadeb178f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>test wildcard port number matching</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src='wildcardPortTest.js'></script> + <script> + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = "http://" + location.hostname + ":{{ports[http][1]}}/content-security-policy/generic/wildcardPortTestSuceeds.js"; + head.appendChild(script); + </script> +</head> +<body> + <h1>test wildcard port number matching</h1> + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportExists=false'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html.sub.headers new file mode 100644 index 000000000..2f2336009 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: generic-0_9={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: script-src 'self' {{host}}:* 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/negativeTests.js b/testing/web-platform/tests/content-security-policy/generic/negativeTests.js new file mode 100644 index 000000000..44b4d7f68 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/negativeTests.js @@ -0,0 +1,3 @@ +var t1 = async_test("Prevents access to external scripts."); + +onload = function() {t1.done();} diff --git a/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html new file mode 100644 index 000000000..933986800 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>no default src doesn't behave exactly like *</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"> </script> + <script src='positiveTest.js'></script> + <!-- enforcing policy: foobar; report-uri ... + --> +</head> +<body> + <h1>no default src doesn't behave exactly like *</h1> + This page has a CSP header but an unknown directive. + This should have no impact on an img loaded from a data: + uri, or an inline script, although that would be blocked by a default-src policy of *. + <br> + <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKgAAABACAIAAAABPqsMAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH1QoMCC8h3if5rgAAAB10RVh0Q29tbWVudABDcmVhdGVkIHdpdGggVGhlIEdJTVDvZCVuAAAGD0lEQVR42u2aa0yTVxiA39ILxa4KIkKrVCCIitzrqkAXQiXDSFjQHyZDBRRdtoDzgooao5uaoInID4hRJFC8RBOzxQuKigyYokuDSB0WlaJQlQrITRCwte1+nKVhpbT9aGUue59fb84573dO+uR7v/drS4OfAPkf4oQfAYpHUDyC4hEUj6B4BMUjKB5B8QiKR1A8guIRFI+geATFIygeQfEIikdQPEIVxmd1GsN+w9hBrV7bN9Kn7FHWqmqLHxY3vW2ycIWtS7Yeiz9G4h0VO47eO2rj1p4cz7WhayW+kuCZwdNdpjsznIe0Q53vO1X9qsbOxrr2uprWmrb+Nofn/lvQPqs/W5oVb0KBrCDrVpZGpzE7++iHR8Ezg0ms6FIsPL7Qho+Ali3O3h+zn81gW1n5M82BuVjqqZEpyjyVeMrs1CL+IqN1AAj0CBTNElm9YGFiYc7SHKvmHJ6Lpd7K/cF0YvK5/KV+S3eLd/tP9weAlNAUaYO0qrXKJGtd2DoS6A16J5oTGZG9llnYKDEgcUPEBhI/636WL8uvelHV1t82rB1mM9geHA8fV58QzxAhTxjjE+PAXCz15ku92cLIZXFr1tWEe4UDwLk/z635dc3oWWe6s3q72o3tBgD7qvYdiD0AAH0jfbxc3sjHkfF2LF9dvsx/GQDcbLmZdCHJwkrH5mKpp8CAZiC7IpvEUd5RJrMrFqwg1pU9ykO/H2rpbQEAV7brygUrLVxz8ezFJNh2cxtVc/bkonhq3Ht5jwReX3iNV+elDVIDGKQNUpNxs0x1nkoCZY+S6mHsyUXxE30oGP7R/3tP9Y7ziyNP91J5KQCUNpTqDXoAkPhKBNME412ne6ibBEEzg6iewZ5cFE8NY4XveN8xejw1LJV0cxXPK169ewUAL9+9vP38NgA40ZxSQ1OtlpDCxMI50+ZMrPxMIBfFU4DD5ByOO2zyoRPSwtJIUPyw2DhojNPC0mhg/jU67488AxgAQMgTNv/YfPXbq5miTNEskQvDxep57MnFrt56V890YvK4vFif2D1f7QlwDyCDcafjKl9UkjhmTkx1WjUA9Az38HP5H3Qfxvb5saWx1a3VZjfdsmRL7te5pGAY0Rl0ii7FnbY7l55cqnxRSZ4ajs1F8WbEW8bkXU6aJCXFvEBWsKl80+iVBcsLMr7MAIDT8tOpl8Yt+JGzIw9KDkp8JWYLg7JHmXUr68rTKw7PRfEUxJ98cHJz+Wbjbc1lcdXb1RwmBwCEhcJ6df3oxUKesO67OgAY0g55HfUa0AxYuLJgmmD53OVigTiCFxHgHkCn0UfP7rq960jtkU+Ri+LH/ZGmf6S/pbelVlVb0lDS2Nk4ejY9PL3omyIAkHfIw06EjU2Xfy8P8QwBgI1XNxbVF9l4EheGi5AvTJibkB6R7jHFAwAMYBAXi016C4fn4jPe1p807q6/G+0dbWMTHl0cTfVIbmy3suQy8jZxUXFx1cVVk5OLXb0lAtwDbLROXgWNvaHt9I70ZlzPILFYIJ60XBRvCcvfytm/ntDU9fc/AEjdnrTcTwrjv2udTqOnhKaQOOlC0uWnl8dbmTA3oSy5DABSQlP2/rZXZ9BR2mjejHkksNwbOjwX73jzxPvH87l8AOh433Gt+ZqFlTeUN9SDagDgc/nx/vGUdpnCnJIXn0fiB+0PJi0X73jrdfvso7Mf9R8trNQZdGfkZ3ZG7yRZ15uvG6dUW1W1qtp6db2iS9HW36YeUA9qBrV6LYfJ8XPzk/hKMkWZfm5+ZLHJS4E9udjVT7Crd3dxb89qZ9FZABB0POhx12PL6+fPmN+U0QQAGp2Gn8vvHu6m9JWR2bbcnlws9RNkdchqYl32WmbVOgA8efvk/qv7AMCis5KDkyntpdFpcu7mJP+SPIFz2pOLpd5SnS9pKLExpeRhSeTsSABYH74+X5ZPBgV5gijvqAheRKBHoI+rD4/L47K4TDpzWDv8ZvCNoktR3Vp9vvF8+0D72Avak4ulHsFSj6B4BMUjKB5B8QiKR1A8guIRFI+geATFo3gExSMoHkHxCIpHUDyC4hEUj6B45HPmL9so2ZKs94sNAAAAAElFTkSuQmCC'> + <script> + var allowedScriptRan = true; + </script> + + <div id='log'></div> + + <script async defer src='../support/checkReport.sub.js?reportExists=false'></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers new file mode 100644 index 000000000..a7337acce --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: no-default-src={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: foobar; report-uri ../support/report.py?op=put&reportID={{$id}}
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js b/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js new file mode 100644 index 000000000..3a08dd562 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js @@ -0,0 +1,3 @@ +(function () { + allowedScriptRan = true; +})(); diff --git a/testing/web-platform/tests/content-security-policy/generic/positiveTest.js b/testing/web-platform/tests/content-security-policy/generic/positiveTest.js new file mode 100644 index 000000000..63c999196 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/positiveTest.js @@ -0,0 +1,6 @@ +onload = function() { + test(function() { + assert_true(true, 'Script ran.')}, + "Allows scripts from the same host." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/unreached.js b/testing/web-platform/tests/content-security-policy/generic/unreached.js new file mode 100644 index 000000000..893fb5eba --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/unreached.js @@ -0,0 +1,3 @@ +onload = function() { + t1.step(function() {assert_unreached("Script should not have ran.");}); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js new file mode 100644 index 000000000..da3e2790f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js @@ -0,0 +1,8 @@ +wildcardHostTestRan = false; + +onload = function() { + test(function() { + assert_true(wildcardHostTestRan, 'Script should have ran.')}, + "Wildcard host matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js new file mode 100644 index 000000000..75ec8cf80 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js @@ -0,0 +1,8 @@ +wildcardHostTestRan = false; + +onload = function() { + test(function() { + assert_false(wildcardHostTestRan, 'Script should not have ran.')}, + "Wildcard host matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js new file mode 100644 index 000000000..8b115d7fc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js @@ -0,0 +1 @@ +wildcardHostTestRan = true; diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js new file mode 100644 index 000000000..3cd1d2eae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js @@ -0,0 +1,8 @@ +wildcardPortTestRan = false; + +onload = function() { + test(function() { + assert_true(wildcardPortTestRan, 'Script should have ran.')}, + "Wildcard port matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js new file mode 100644 index 000000000..0138deb2e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js @@ -0,0 +1 @@ +wildcardPortTestRan = true;
\ No newline at end of file |