Add m-esr52 at 52.6.0

14 files changed, 427 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html
new file mode 100644
index 000000000..d912b86bb
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Video element src attribute must match src list - positive test</title>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Video element src attribute must match src list - positive test</h1>
+    <div id='log'></div>
+
+  <script>
+    var src_test = async_test("In-policy async video src");
+    var source_test = async_test("In-policy async video source element");
+
+    function media_loaded(t) {
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.step( function () {
+          assert_unreached("Media error handler should be triggered for non-allowed domain.");
+      });
+      t.done();
+    }
+  </script>
+
+    <video id="videoObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)">
+        <source id="videoSourceObject"
+                type="video/mp4"
+                onerror="media_error_handler(source_test)"
+                src="/media/white.mp4">
+    </video>
+    <video id="videoObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_test)"
+           onloadeddata="media_loaded(src_test)"
+           src="/media/white.mp4">
+
+  <script async defer src="../support/checkReport.sub.js?reportExists=false">
+  </script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html.sub.headers
new file mode 100644
index 000000000..9361207e8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-7_1={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.html
new file mode 100644
index 000000000..61d4b1425
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.html
@@ -0,0 +1,55 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Video element src attribute must match src list - negative test</title>
+    <meta name=timeout content=long>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Video element src attribute must match src list - negative test</h1>
+    <div id='log'></div>
+
+  <script>
+      var src_test = async_test("Disallowed async video src");
+      var source_test = async_test("Disallowed async video source element");
+
+      // we assume tests are run from 'hostname' and 'www.hostname' or 'www2.hostname' is a valid alias
+      var mediaURL = location.protocol +
+        "//www2." +
+        location.hostname +
+        ":" +
+        location.port +
+        "/media/white.mp4";
+
+    function media_loaded(t) {
+      t.step( function () {
+          assert_unreached("Media error handler should be triggered for non-allowed domain.");
+      });
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.done();
+    }
+  </script>
+
+    <video id="videoObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)">
+        <source id="videoSourceObject"
+                type="video/mp4"
+                onerror="media_error_handler(source_test)">
+    </video>
+    <video id="videoObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_test)"
+           onloadeddata="media_loaded(src_test)">
+
+    <script>
+        document.getElementById("videoSourceObject").src = mediaURL;
+        document.getElementById("videoObject2").src = mediaURL;
+    </script>
+
+    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=media-src%20%27self%27'></script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.html.sub.headers
new file mode 100644
index 000000000..036da8673
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_1_2.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-7_1_2={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html
new file mode 100644
index 000000000..7509d7b05
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Audio element src attribute must match src list - positive test</title>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Audio element src attribute must match src list - positive test</h1>
+    <div id='log'></div>
+
+  <script>
+    var src_test = async_test("In-policy audio src");
+    var source_test = async_test("In-policy audio source element");
+
+    function media_loaded(t) {
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.step( function () {
+          assert_unreached("Media error handler should be triggered for non-allowed domain.");
+      });
+      t.done();
+    }
+  </script>
+
+    <audio id="audioObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)">
+        <source id="audioSourceObject"
+                type="audio/mpeg"
+                onerror="media_error_handler(source_test)"
+                src="/media/sound_5.mp3">
+    </audio>
+    <audio id="audioObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_test)"
+           onloadeddata="media_loaded(src_test)"
+           src="/media/sound_5.mp3">
+
+  <script async defer src="../support/checkReport.sub.js?reportExists=false">
+  </script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html.sub.headers
new file mode 100644
index 000000000..0f59cd9ff
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-7_2={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.html
new file mode 100644
index 000000000..9b6134296
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.html
@@ -0,0 +1,55 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Audio element src attribute must match src list - negative test</title>
+    <meta name=timeout content=long>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Audio element src attribute must match src list - negative test</h1>
+    <div id='log'></div>
+
+  <script>
+      var src_test = async_test("Disallaowed audio src");
+      var source_test = async_test("Disallowed audio source element");
+
+      // we assume tests are run from 'hostname' and 'www.hostname' or 'www2.hostname' is a valid alias
+      var mediaURL = location.protocol +
+        "//www2." +
+        location.hostname +
+        ":" +
+        location.port +
+        "/media/sound_5.mp3";
+
+    function media_loaded(t) {
+      t.step( function () {
+          assert_unreached("Media error handler should be triggered for non-allowed domain.");
+      });
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.done();
+    }
+  </script>
+
+    <audio id="audioObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)">
+        <source id="audioSourceObject"
+                type="audio/mpeg"
+                onerror="media_error_handler(source_test)">
+    </audio>
+    <audio id="audioObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_test)"
+           onloadeddata="media_loaded(src_test)">
+
+    <script>
+        document.getElementById("audioSourceObject").src = mediaURL;
+        document.getElementById("audioObject2").src = mediaURL;
+    </script>
+
+    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=media-src%20%27self%27'></script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.html.sub.headers
new file mode 100644
index 000000000..685978de3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_2_2.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-7_2_2={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.html
new file mode 100644
index 000000000..321877082
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Video track src attribute must match src list - positive test</title>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Video track src attribute must match src list - positive test</h1>
+    <div id='log'></div>
+
+  <script>
+    var source_test = async_test("In-policy track element");
+
+      var trackURL = location.protocol +
+        "//www." +
+        location.hostname +
+        ":" +
+        location.port +
+        "/media/foo.vtt";
+
+    function media_loaded(t) {
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.step( function () {
+          assert_unreached("Error handler called for allowed track source.");
+      });
+      t.done();
+    }
+  </script>
+
+    <video id="videoObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)" crossorigin>
+        <source id="audioSourceObject"
+                type="audio/mpeg"
+                src="/media/white.mp4">
+        <track id="trackObject"
+               kind="subtitles"
+               srclang="en"
+               label="English"
+               onerror="media_error_handler(source_test)">
+    </video>
+    <script>
+        document.getElementById("trackObject").src = trackURL;
+    </script>
+
+  <script async defer src="../support/checkReport.sub.js?reportExists=false">
+  </script>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.html.sub.headers
new file mode 100644
index 000000000..b764189ad
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-7_3={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src 'self' www.{{host}}:{{ports[http][0]}}; report-uri  ../support/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.html
new file mode 100644
index 000000000..597ac7f8f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.html
@@ -0,0 +1,68 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Video track src attribute must match src list - negative test</title>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Video track src attribute must match src list - negative test</h1>
+    <div id='log'></div>
+
+  <script>
+    var source_test =
+        async_test("Disallowed track element onerror handler fires.");
+
+      var trackURL = location.protocol +
+        "//www." +
+        location.hostname +
+        ":" +
+        location.port +
+        "/media/foo.vtt";
+
+    function media_loaded(t) {
+     t.step( function () {
+          assert_unreached("Disllowed track source loaded.");
+      });
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.done();
+    }
+  </script>
+
+    <video id="videoObject" width="320" height="240" controls
+           onerror="media_error_handler(source_test)"
+           crossorigin>
+        <source id="audioSourceObject"
+                type="audio/mpeg"
+                src="/media/white.mp4">
+        <track default
+               id="trackObject"
+               kind="subtitles"
+               srclang="en"
+               label="English"
+               onerror="media_error_handler(source_test)"
+               onload="media_loaded(source_test)"
+               onloadeddata="media_loaded(source_test)">
+    </video>
+    <script>
+        document.getElementById("trackObject").src = trackURL;
+        source_test.step(function() {
+            source_test.set_status(source_test.FAIL);
+        });
+
+        setTimeout(function() { 
+          if(source_test.phase != source_test.phases.COMPLETE) {
+		source_test.step( function () { assert_unreached("Onerror event never fired for track element."); });
+		source_test.done();
+	   }
+        }, 2 * 1000);
+    </script>
+
+  <script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=media-src%20%27self%27">
+  </script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.html.sub.headers
new file mode 100644
index 000000000..2cfe51fe8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-7_3_2.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-7_3_2={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html b/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html
new file mode 100644
index 000000000..b83511930
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html
@@ -0,0 +1,66 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <title>Video element src attribute must match src list - positive test</title>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <h1>Video element in media-src list - redirect test</h1>
+    <div id='log'></div>
+    
+  <p>This test tests a buggy interaction in Chrome 46.  Two hosts (self and www2) are both allowed
+    as media-src, but only one (self) is allowed for connect-src.  If a video src starts on
+    an allowed host (self), and is redirected to another allowed media-src host, it should succeed. But a bug
+    causes the redirect to be done in a fetch context to which connect-src is being applied instead, so
+    the load is blocked. (This test passes in Firefox 45, modulo an event listener not firing.)</p>
+
+  <script>
+    var src_test = async_test("In-policy async video src");
+    var src_redir_test = async_test("in-policy async video src w/redir")
+    var source_test = async_test("In-policy async video source element");
+    var source_redir_test = async_test("In-policy async video source element w/redir");
+
+    function media_loaded(t) {
+      t.done();
+    }
+
+    function media_error_handler(t) {
+      t.step( function () {
+          assert_unreached("Media error handler shouldn't be triggered for allowed domain.");
+      });
+      t.done();
+    }
+  </script>
+
+    <video id="videoObject" width="320" height="240" controls
+           onloadeddata="media_loaded(source_test)">
+        <source id="videoSourceObject"
+                type="video/mp4"
+                onerror="media_error_handler(source_test)"
+                src="http://www2.{{host}}:{{ports[http][0]}}/media/white.mp4">
+    </video>
+    
+    <video id="videoObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_test)"
+           onloadeddata="media_loaded(src_test)"
+           src="http://www2.{{host}}:{{ports[http][0]}}/media/white.mp4">
+
+    <video id="videoObject3" width="320" height="240" controls
+           onloadeddata="media_loaded(source_redir_test)">
+        <source id="videoSourceObject"
+                type="video/mp4"
+                onerror="media_error_handler(source_test)"
+                src="/common/redirect.py?location=http://www2.{{host}}:{{ports[http][0]}}/media/white.mp4">
+    </video>
+        
+    <video id="videoObject2" width="320" height="240" controls
+           onerror="media_error_handler(src_redir_test)"
+           onloadeddata="media_loaded(src_redir_test)"
+           src="/common/redirect.py?location=http://www2.{{host}}:{{ports[http][0]}}/media/white.mp4">
+        
+  <script async defer src="../support/checkReport.sub.js?reportExists=false">
+  </script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html.sub.headers
new file mode 100644
index 000000000..4ce3e428a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/media-src/media-src-redir-bug.sub.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: media-src-redir-bug={{$id:uuid()}}; Path=/content-security-policy/media-src/
+Content-Security-Policy: script-src * 'unsafe-inline'; media-src http://www2.{{host}}:{{ports[http][0]}}/ 'self'; connect-src 'self'; report-uri  ../support/report.py?op=put&reportID={{$id}}