Add m-esr52 at 52.6.0

9 files changed, 200 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/svg/including.sub.svg b/testing/web-platform/tests/content-security-policy/svg/including.sub.svg
new file mode 100644
index 000000000..99b416b5e
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/including.sub.svg
@@ -0,0 +1,18 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="6cm" height="5cm" viewBox="0 0 600 500"
+     xmlns="http://www.w3.org/2000/svg" version="1.1">
+  <desc>using SVG as a resource doc should apply this doc's CSP</desc>
+
+  <use xlink:href="scripted.svg#postmessagescript" />
+
+  <circle cx="300" cy="225" r="100" fill="lawngreen"/>
+
+  <text x="300" y="250"
+        font-family="Verdana"
+        font-size="50"
+        text-anchor="middle">
+      PASS
+    </text>
+</svg>
diff --git a/testing/web-platform/tests/content-security-policy/svg/including.sub.svg.sub.headers b/testing/web-platform/tests/content-security-policy/svg/including.sub.svg.sub.headers
new file mode 100644
index 000000000..0f3f281d9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/including.sub.svg.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: including={{$id:uuid()}}; Path=/content-security-policy/svg
+Content-Security-Policy: script-src 'none';
diff --git a/testing/web-platform/tests/content-security-policy/svg/scripted.svg b/testing/web-platform/tests/content-security-policy/svg/scripted.svg
new file mode 100644
index 000000000..a8aca4e30
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/scripted.svg
@@ -0,0 +1,20 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="6cm" height="5cm" viewBox="0 0 600 500"
+     xmlns="http://www.w3.org/2000/svg" version="1.1">
+  <desc>Example script01 - redirect</desc>
+
+  <script id="postmessagescript" type="application/ecmascript"> <![CDATA[
+    location = "/content-security-policy/blink-contrib/resources/postmessage-fail.html";
+  ]]> </script>
+
+  <circle cx="300" cy="225" r="100" fill="lawngreen"/>
+
+  <text x="300" y="250"
+        font-family="Verdana"
+        font-size="50"
+        text-anchor="middle">
+      PASS
+    </text>
+</svg>
diff --git a/testing/web-platform/tests/content-security-policy/svg/scripted.svg.sub.headers b/testing/web-platform/tests/content-security-policy/svg/scripted.svg.sub.headers
new file mode 100644
index 000000000..0e90e147a
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/scripted.svg.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scripted={{$id:uuid()}}; Path=/content-security-policy/svg
+Content-Security-Policy: script-src 'none';
diff --git a/testing/web-platform/tests/content-security-policy/svg/svg-from-guid.html b/testing/web-platform/tests/content-security-policy/svg/svg-from-guid.html
new file mode 100644
index 000000000..b565e94a4
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/svg-from-guid.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>svg-from-guid</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <script>
+        window.addEventListener("message", function(event) {
+            alert_assert(event.data);
+        }, false);
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                log("TEST COMPLETE");
+            }, 1);
+        });
+    </script>
+</head>
+
+<body>
+    <p>Tests that an SVG loaded in an iframe with a policy enforces it, not
+    the policy enforced by this parent frame.  The SVG should render and
+    not redirect to a different resource.</p>
+    <!--
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="6cm" height="5cm" viewBox="0 0 600 500"
+     xmlns="http://www.w3.org/2000/svg" version="1.1">
+  <desc>Example script01 - redirect</desc>
+
+  <script id="postmessagescript" type="application/ecmascript"> <![CDATA[
+    location = "/content-security-policy/blink-contrib/resources/postmessage-fail.html";
+  ]]> </script>
+
+  <circle cx="300" cy="225" r="100" fill="lawngreen"/>
+
+  <text x="300" y="250"
+        font-family="Verdana"
+        font-size="50"
+        text-anchor="middle">
+      PASS
+    </text>
+</svg>
+    -->
+    <iframe name="test_target" id="test_iframe" src="data:image/svg+xml;charset=utf-8;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBzdGFuZGFsb25lPSJubyI/Pg0KPCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIg0KICAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj4NCjxzdmcgd2lkdGg9IjZjbSIgaGVpZ2h0PSI1Y20iIHZpZXdCb3g9IjAgMCA2MDAgNTAwIg0KICAgICB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZlcnNpb249IjEuMSI+DQogIDxkZXNjPkV4YW1wbGUgc2NyaXB0MDEgLSByZWRpcmVjdDwvZGVzYz4NCg0KICA8c2NyaXB0IGlkPSJwb3N0bWVzc2FnZXNjcmlwdCIgdHlwZT0iYXBwbGljYXRpb24vZWNtYXNjcmlwdCI+IDwhW0NEQVRBWw0KICAgIGxvY2F0aW9uID0gIi9jb250ZW50LXNlY3VyaXR5LXBvbGljeS9ibGluay1jb250cmliL3Jlc291cmNlcy9wb3N0bWVzc2FnZS1mYWlsLmh0bWwiOw0KICBdXT4gPC9zY3JpcHQ+DQoNCiAgPGNpcmNsZSBjeD0iMzAwIiBjeT0iMjI1IiByPSIxMDAiIGZpbGw9Imxhd25ncmVlbiIvPg0KDQogIDx0ZXh0IHg9IjMwMCIgeT0iMjUwIg0KICAgICAgICBmb250LWZhbWlseT0iVmVyZGFuYSINCiAgICAgICAgZm9udC1zaXplPSI1MCINCiAgICAgICAgdGV4dC1hbmNob3I9Im1pZGRsZSI+DQogICAgICBQQVNTDQogICAgPC90ZXh0Pg0KPC9zdmc+"></iframe>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html b/testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html
new file mode 100644
index 000000000..7beb295f1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>svg-policy-with-resource</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <p>Tests that an SVG loaded in an iframe with a policy enforces it, not
+    the policy enforced by this parent frame.  The SVG should render and
+    not redirect to a different resource.</p>
+    <div id="log"></div>
+    <?xml version="1.0" standalone="no"?>
+<svg width="6cm" height="5cm" viewBox="0 0 600 500"
+     xmlns="http://www.w3.org/2000/svg" version="1.1">
+
+    <script type="application/ecmascript"
+            xlink:href="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/.js">
+    </script>
+
+  <circle cx="300" cy="225" r="100" fill="lawngreen"/>
+
+  <text x="300" y="250"
+        font-family="Verdana"
+        font-size="50"
+        text-anchor="middle">
+      PASS
+    </text>
+</svg>
+
+    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27+%27unsafe-inline%27'></script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html.sub.headers
new file mode 100644
index 000000000..a846c4b16
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/svg-inline.sub.html.sub.headers
@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: svg-inline={{$id:uuid()}}; Path=/content-security-policy/svg/
+Content-Security-Policy: script-src 'self' 'unsafe-inline'; report-uri  ../support/report.py?op=put&reportID={{$id}}
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/svg/svg-policy-resource-doc-includes.html b/testing/web-platform/tests/content-security-policy/svg/svg-policy-resource-doc-includes.html
new file mode 100644
index 000000000..3ca626240
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/svg-policy-resource-doc-includes.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>svg-policy-with-resource</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <script>
+        window.addEventListener("message", function(event) {
+            alert_assert(event.data);
+        }, false);
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                log("TEST COMPLETE");
+            }, 0);
+        });
+    </script>
+</head>
+
+<body>
+    <p>Tests that an SVG loaded in an iframe with a policy enforces it, not
+    the policy enforced by this parent frame.  The SVG should render and
+    not redirect to a different resource.</p>
+    <iframe name="test_target" id="test_iframe" src="scripted.svg"></iframe>
+    <div id="log"></div>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/svg/svg-policy-with-resource.html b/testing/web-platform/tests/content-security-policy/svg/svg-policy-with-resource.html
new file mode 100644
index 000000000..88ba0b3e6
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/svg/svg-policy-with-resource.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>svg-policy-with-resource</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <script>
+        window.addEventListener("message", function(event) {
+            alert_assert(event.data);
+        }, false);
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                log("TEST COMPLETE");
+            }, 0);
+        });
+    </script>
+</head>
+
+<body>
+    <p>Tests that an SVG loaded in an iframe with a policy enforces it, not
+    the policy enforced by this parent frame.  The SVG should render and
+    not redirect to a different resource.</p>
+    <iframe name="test_target" id="test_iframe" src="scripted.svg"></iframe>
+    <object type="image/svg+xml" data="scripted.svg"></object>
+    <div id="log"></div>
+</body>
+
+</html>