Add m-esr52 at 52.6.0

1 files changed, 76 insertions, 0 deletions

diff --git a/dom/security/test/sri/test_require-sri-for_csp_directive.html b/dom/security/test/sri/test_require-sri-for_csp_directive.html
new file mode 100644
index 000000000..ef1b3603f
--- /dev/null
+++ b/dom/security/test/sri/test_require-sri-for_csp_directive.html
@@ -0,0 +1,76 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test for SRI require-sri-for CSP directive</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1265318">Mozilla Bug 1265318</a><br>
+<iframe style="width:200px;height:200px;" id="test_frame"></iframe><br>
+<iframe style="width:200px;height:200px;" id="test_frame_no_csp"></iframe>
+</body>
+<script type="application/javascript">
+  var finished = 0;
+  SpecialPowers.setBoolPref("security.csp.experimentalEnabled", true);
+  SimpleTest.waitForExplicitFinish();
+  function handler(event) {
+    switch (event.data) {
+      case 'good_sriLoaded':
+        ok(true, "Eligible SRI resources was correctly loaded.");
+        break;
+      case 'bad_nonsriLoaded':
+        ok(false, "Eligible non-SRI resource should be blocked by the CSP!");
+        break;
+      case 'good_nonsriBlocked':
+        ok(true, "Eligible non-SRI resources was correctly blocked by the CSP.");
+        break;
+      case 'bad_svg_nonsriLoaded':
+        ok(false, 'Eligible non-SRI resource should be blocked by the CSP.');
+        break;
+      case 'good_svg_nonsriBlocked':
+        ok(true, 'Eligible non-SRI svg script was correctly blocked by the CSP.');
+        break;
+      case 'bad_worker_could_load':
+        ok(false, 'require-sri-for failed to block loading a Worker with no integrity metadata.');
+      break;
+      case 'good_worker_could_load':
+        ok(true, "Loaded a worker that has require-sri-for set (but its parent doesnt).")
+        break;
+      case 'bad_worker_could_load_via_importScripts':
+        ok(false, 'require-sri-for failed to block loading importScript in a worker though we require SRI via CSP');
+        break;
+      case 'good_worker_after_importscripts':
+        ok(true, 'Worker continued after failed importScript due to require-sri-for');
+        break;
+      case 'finish':
+        finished++;
+        if (finished > 1) {
+          // need finish message from iframe_require-sri-for_main onload event and
+          // from iframe_require-sri-for_no_csp, which spawns a Worker
+          var blackText = frame.contentDocument.getElementById('black-text');
+          var blackTextColor = frame.contentWindow.getComputedStyle(blackText, null).getPropertyValue('color');
+          ok(blackTextColor == 'rgb(0, 0, 0)', "The second part should not be black.");
+          removeEventListener('message', handler);
+          SimpleTest.finish();
+        }
+        break;
+      default:
+        ok(false, 'Something is wrong here');
+        break;
+    }
+  }
+  addEventListener("message", handler);
+  // This frame has a CSP that requires SRI
+  var frame = document.getElementById("test_frame");
+  frame.src = "iframe_require-sri-for_main.html";
+  // This frame has no CSP to require SRI.
+  // Used for testing require-sri-for in a Worker.
+  var frame_no_csp = document.getElementById("test_frame_no_csp");
+  frame_no_csp.src = "iframe_require-sri-for_no_csp.html";
+</script>
+</html>