diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /dom/security/test/sri/test_require-sri-for_csp_directive.html | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'dom/security/test/sri/test_require-sri-for_csp_directive.html')
-rw-r--r-- | dom/security/test/sri/test_require-sri-for_csp_directive.html | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/dom/security/test/sri/test_require-sri-for_csp_directive.html b/dom/security/test/sri/test_require-sri-for_csp_directive.html new file mode 100644 index 000000000..ef1b3603f --- /dev/null +++ b/dom/security/test/sri/test_require-sri-for_csp_directive.html @@ -0,0 +1,76 @@ +<!-- + Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ +--> +<!DOCTYPE HTML> +<html> +<head> + <title>Test for SRI require-sri-for CSP directive</title> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1265318">Mozilla Bug 1265318</a><br> +<iframe style="width:200px;height:200px;" id="test_frame"></iframe><br> +<iframe style="width:200px;height:200px;" id="test_frame_no_csp"></iframe> +</body> +<script type="application/javascript"> + var finished = 0; + SpecialPowers.setBoolPref("security.csp.experimentalEnabled", true); + SimpleTest.waitForExplicitFinish(); + function handler(event) { + switch (event.data) { + case 'good_sriLoaded': + ok(true, "Eligible SRI resources was correctly loaded."); + break; + case 'bad_nonsriLoaded': + ok(false, "Eligible non-SRI resource should be blocked by the CSP!"); + break; + case 'good_nonsriBlocked': + ok(true, "Eligible non-SRI resources was correctly blocked by the CSP."); + break; + case 'bad_svg_nonsriLoaded': + ok(false, 'Eligible non-SRI resource should be blocked by the CSP.'); + break; + case 'good_svg_nonsriBlocked': + ok(true, 'Eligible non-SRI svg script was correctly blocked by the CSP.'); + break; + case 'bad_worker_could_load': + ok(false, 'require-sri-for failed to block loading a Worker with no integrity metadata.'); + break; + case 'good_worker_could_load': + ok(true, "Loaded a worker that has require-sri-for set (but its parent doesnt).") + break; + case 'bad_worker_could_load_via_importScripts': + ok(false, 'require-sri-for failed to block loading importScript in a worker though we require SRI via CSP'); + break; + case 'good_worker_after_importscripts': + ok(true, 'Worker continued after failed importScript due to require-sri-for'); + break; + case 'finish': + finished++; + if (finished > 1) { + // need finish message from iframe_require-sri-for_main onload event and + // from iframe_require-sri-for_no_csp, which spawns a Worker + var blackText = frame.contentDocument.getElementById('black-text'); + var blackTextColor = frame.contentWindow.getComputedStyle(blackText, null).getPropertyValue('color'); + ok(blackTextColor == 'rgb(0, 0, 0)', "The second part should not be black."); + removeEventListener('message', handler); + SimpleTest.finish(); + } + break; + default: + ok(false, 'Something is wrong here'); + break; + } + } + addEventListener("message", handler); + // This frame has a CSP that requires SRI + var frame = document.getElementById("test_frame"); + frame.src = "iframe_require-sri-for_main.html"; + // This frame has no CSP to require SRI. + // Used for testing require-sri-for in a Worker. + var frame_no_csp = document.getElementById("test_frame_no_csp"); + frame_no_csp.src = "iframe_require-sri-for_no_csp.html"; +</script> +</html> |