1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
<!DOCTYPE HTML>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
<html>
<head>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
<script type="application/javascript">
function check_styles() {
var redText = document.getElementById('red-text');
var greenText = document.getElementById('green-text');
var blueText = document.getElementById('blue-text');
var redTextColor = window.getComputedStyle(redText, null).getPropertyValue('color');
var greenTextColor = window.getComputedStyle(greenText, null).getPropertyValue('color');
var blueTextColor = window.getComputedStyle(blueText, null).getPropertyValue('color');
ok(redTextColor == 'rgb(255, 0, 0)', "The first part should be red.");
ok(greenTextColor == 'rgb(0, 255, 0)', "The second part should be green.");
ok(blueTextColor == 'rgb(0, 0, 255)', "The third part should be blue.");
}
SimpleTest.waitForExplicitFinish();
window.onload = function() {
check_styles();
SimpleTest.finish();
}
</script>
<script>
function good_correctHashCORSLoaded() {
ok(true, "A CORS cross-domain stylesheet with correct hash was correctly loaded.");
}
function bad_correctHashCORSBlocked() {
ok(false, "We should load CORS cross-domain stylesheets with hashes that match!");
}
function good_correctHashBlocked() {
ok(true, "A non-CORS cross-domain stylesheet with correct hash was correctly blocked.");
}
function bad_correctHashLoaded() {
ok(false, "We should block non-CORS cross-domain stylesheets with hashes that match!");
}
function good_incorrectHashBlocked() {
ok(true, "A non-CORS cross-domain stylesheet with incorrect hash was correctly blocked.");
}
function bad_incorrectHashLoaded() {
ok(false, "We should load non-CORS cross-domain stylesheets with incorrect hashes!");
}
function bad_correctDataBlocked() {
ok(false, "We should not block non-CORS cross-domain stylesheets in data: URI!");
}
function good_correctDataLoaded() {
ok(true, "A non-CORS cross-domain stylesheet with data: URI was correctly loaded.");
}
function bad_correctDataCORSBlocked() {
ok(false, "We should not block CORS stylesheets in data: URI!");
}
function good_correctDataCORSLoaded() {
ok(true, "A CORS stylesheet with data: URI was correctly loaded.");
}
function good_correctHashOpaqueBlocked() {
ok(true, "A non-CORS(Opaque) cross-domain stylesheet with correct hash was correctly blocked.");
}
function bad_correctHashOpaqueLoaded() {
ok(false, "We should not load non-CORS(Opaque) cross-domain stylesheets with correct hashes!");
}
</script>
<!-- valid CORS sha256 hash -->
<link rel="stylesheet" href="http://example.com/tests/dom/security/test/sri/style1.css"
crossorigin="anonymous"
integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
onerror="bad_correctHashCORSBlocked()"
onload="good_correctHashCORSLoaded()">
<!-- valid non-CORS sha256 hash -->
<link rel="stylesheet" href="style_301.css"
integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
onerror="good_correctHashBlocked()"
onload="bad_correctHashLoaded()">
<!-- invalid non-CORS sha256 hash -->
<link rel="stylesheet" href="style_301.css?again"
integrity="sha256-bogus"
onerror="good_incorrectHashBlocked()"
onload="bad_incorrectHashLoaded()">
<!-- valid non-CORS sha256 hash in a data: URL -->
<link rel="stylesheet" href="data:text/css,.green-text{color:rgb(0, 255, 0)}"
integrity="sha256-EhVtGGyovvffvYdhyqJxUJ/ekam7zlxxo46iM13cwP0="
onerror="bad_correctDataBlocked()"
onload="good_correctDataLoaded()">
<!-- valid CORS sha256 hash in a data: URL -->
<link rel="stylesheet" href="data:text/css,.blue-text{color:rgb(0, 0, 255)}"
crossorigin="anonymous"
integrity="sha256-m0Fs2hNSyPOn1030Dp+c8pJFHNmwpeTbB+8J/DcqLss="
onerror="bad_correctDataCORSBlocked()"
onload="good_correctDataCORSLoaded()">
<!-- valid non-CORS sha256 hash -->
<link rel="stylesheet" href="http://example.com/tests/dom/security/test/sri/style1.css"
integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
onerror="good_correctHashOpaqueBlocked()"
onload="bad_correctHashOpaqueLoaded()">
</head>
<body>
<p><span id="red-text">This should be red</span> but
<span id="green-text" class="green-text">this should be green</span> and
<span id="blue-text" class="blue-text">this should be blue</span></p>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
</pre>
</body>
</html>
|