Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-06 22:15:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 0d318188757a9c996e20b82db201fd04de5aa255

Browse source
This commit is contained in:
James Graham 2015-03-27 09:15:38 +00:00
parent b2a5225831
commit 1a81b18b9f
12321 changed files with 544385 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/wpt/web-platform-tests/content-security-policy/script-src/10_1_support_1.js Normal file
View file

@ -0,0 +1 @@
var dataScriptRan = false;

3
tests/wpt/web-platform-tests/content-security-policy/script-src/10_1_support_2.js Normal file
View file

@ -0,0 +1,3 @@
test(function () {
assert_true(dataScriptRan, "data script ran");
}, "Verify that data: as script src runs with this policy");

18
tests/wpt/web-platform-tests/content-security-policy/script-src/addInlineTestsWithDOMManipulation.js Normal file
View file

@ -0,0 +1,18 @@
(function () {
var dmTest = async_test("DOM manipulation inline tests");
var attachPoint = document.getElementById('attachHere');
var inlineScript = document.createElement('script');
var scriptText = document.createTextNode('dmTest.step(function() {assert_unreached("Unsafe inline script ran - createTextNode.")});');
inlineScript.appendChild(scriptText);
attachPoint.appendChild(inlineScript);
document.getElementById('emptyScript').innerHTML = 'dmTest.step(function() {assert_unreached("Unsafe inline script ran - innerHTML.")});';
document.getElementById('emptyDiv').outerHTML = '<script id=outerHTMLScript>dmTest.step(function() {assert_unreached("Unsafe inline script ran - outerHTML.")});</script>';
document.write('<script>dmTest.step(function() {assert_unreached("Unsafe inline script ran - document.write")});</script>');
document.writeln('<script>dmTest.step(function() {assert_unreached("Unsafe inline script ran - document.writeln")});</script>');
dmTest.done();
})();

21
tests/wpt/web-platform-tests/content-security-policy/script-src/buildInlineWorker.js Normal file
View file

@ -0,0 +1,21 @@
(function ()
{
var test = new async_test("test inline worker");
var workerSource = document.getElementById('inlineWorker');
var blob = new Blob([workerSource.textContent]);
// can I create a new script tag like this? ack...
var url = window.URL.createObjectURL(blob);
var worker = new Worker(url);
worker.addEventListener('message', function(e) {
test.step(function () {
assert_not_equals(e.data, 'fail', 'inline script ran');
test.done();
})
}, false);
worker.postMessage('');
})();

8
tests/wpt/web-platform-tests/content-security-policy/script-src/inlineSuccessTest.js Normal file
View file

@ -0,0 +1,8 @@
var inlineRan = false;
onload = function() {
test(function() {
assert_true(inlineRan, 'Unsafe inline script ran.')},
'Inline script in a script tag should run with an unsafe-inline directive'
);
}

4
tests/wpt/web-platform-tests/content-security-policy/script-src/inlineTests.js Normal file
View file

@ -0,0 +1,4 @@
var t1 = async_test("Inline script block");
var t2 = async_test("Inline event handler");
onload = function() {t1.done(); t2.done()}

22
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_1.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Inline script should not run without 'unsafe-inline' script-src directive.</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
<script src='inlineTests.js'></script>
</head>
<body>
<h1>Inline script should not run without 'unsafe-inline' script-src directive.</h1>
<div id='log'></div>
<script>
t1.step(function() {assert_unreached('Unsafe inline script ran.');});
</script>
<img src='doesnotexist.jpg' onerror='t2.step(function() { assert_unreached("Unsafe inline event handler ran.") });'>
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27'></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_1.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_1={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: script-src 'self'; report-uri ../support/report.py?op=put&reportID={{$id}}

27
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_10.html Normal file
View file

@ -0,0 +1,27 @@
<!DOCTYPE HTML>
<html>
<head>
<title>data: as script src should not run with a policy that doesn't specify data: as an allowed source</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body>
<h1>data: as script src should not run with a policy that doesn't specify data: as an allowed source</h1>
<div id='log'></div>
<script>
var dataScriptRan = false;
</script>
<!-- This is our test case, but we don't expect it to actually execute if CSP is working. -->
<script src="data:text/javascript;charset=utf-8;base64,ZGF0YVNjcmlwdFJhbiA9IHRydWU7"></script>
<script>
test(function () {
assert_false(dataScriptRan, "data script ran");
}, "Verify that data: as script src doesn't run with this policy");
</script>
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=default-src%20%27self%27+%27unsafe-inline%27'></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_10.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_10={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: default-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

20
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_10_1.html Normal file
View file

@ -0,0 +1,20 @@
<!DOCTYPE HTML>
<html>
<head>
<title>data: as script src should run with a policy that specifies data: as an allowed source but not 'unsafe-inline'</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body>
<h1>data: as script src should run with a policy that specifies data: as an allowed source but not 'unsafe-inline'</h1>
<div id='log'></div>
<script src="10_1_support_1.js"></script>
<script src="data:text/javascript;charset=utf-8;base64,ZGF0YVNjcmlwdFJhbiA9IHRydWU7"></script>
<script src="10_1_support_2.js"></script>
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_10_1.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_10_1={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: script-src 'self' data:; report-uri ../support/report.py?op=put&reportID={{$id}}

23
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_2_1.html Normal file
View file

@ -0,0 +1,23 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Inline script attached by DOM manipulation should not run without an 'unsafe-inline' script-src policy, even with default-src *</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body>
<h1>Inline script attached by DOM manipulation should not run without an 'unsafe-inline' script-src policy, even with default-src *</h1>
<div id="log"></div>
<div id=attachHere></div>
<script id=emptyScript></script>
<div id=emptyDiv></div>
<script src="addInlineTestsWithDOMManipulation.js"></script>
<script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20*"></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_2_1.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_2_1={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: script-src *; report-uri ../support/report.py?op=put&reportID={{$id}}

20
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_3.html Normal file
View file

@ -0,0 +1,20 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Positive test case: Inline script should run 'unsafe-inline' script-src directive.</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
<script src='inlineSuccessTest.js'></script>
</head>
<body>
<h1>Positive test case: Inline script should run 'unsafe-inline' script-src directive.</h1>
<div id='log'></div>
<script>
inlineRan = true;
</script>
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_3.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_3={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

22
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_4.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE HTML>
<html>
<head>
<title>eval() should not run without 'unsafe-eval' script-src directive.</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body>
<h1>eval() should not run without 'unsafe-eval' script-src directive.</h1>
<div id='log'></div>
<script>
var evalRan = false;
test(function() {assert_throws(new EvalError(), function() { eval('evalRan = true;') })}, "eval() should throw without 'unsafe-eval' keyword source in script-src directive.");
</script>
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27+%27unsafe-inline%27'></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_4.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_4={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

22
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_9.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Worker created from inline text and loaded via blob URI should not run with policy default-src *</title>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body>
<h1>Worker created from inline text and loaded via blob URI should not run with policy default-src *</h1>
<div id='log'></div>
<script id="inlineWorker" type="app/worker">
addEventListener('message', function() {
postMessage('fail');
}, false);
</script>
<script src="buildInlineWorker.js"></script>
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=default-src%20*'></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-1_9.html.sub.headers Normal file
View file

@ -0,0 +1,6 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: script-src-1_9={{$id:uuid()}}; Path=/content-security-policy/script-src/
Content-Security-Policy: default-src *; report-uri ../support/report.py?op=put&reportID={{$id}}