Auto merge of #6584 - Ms2ger:wpt_20150709, r=jdm

Update web-platform-tests to revision 5e3ea8f49fee68c327388bfd1dd1375a8ce12a0e.



<!-- Reviewable:start -->
[<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/6584)
<!-- Reviewable:end -->

tests/wpt/metadata/FileAPI/progress.html.ini

@@ -1,3 +0,0 @@
-[progress.html]
-  type: testharness
-  expected: TIMEOUT

tests/wpt/metadata/XMLHttpRequest/response-method.htm.ini

@@ -0,0 +1,5 @@
+[response-method.htm]
+  type: testharness
+  [HEAD]
+    expected: FAIL
+

tests/wpt/metadata/XMLHttpRequest/send-authentication-basic-setrequestheader.htm.ini

@@ -0,0 +1,5 @@
+[send-authentication-basic-setrequestheader.htm]
+  type: testharness
+  [XMLHttpRequest: send() - "Basic" authenticated request using setRequestHeader()]
+    expected: FAIL
+

tests/wpt/metadata/dom/nodes/ChildNode-after.html.ini

@@ -0,0 +1,11 @@
+[ChildNode-after.html]
+  type: testharness
+  [Comment.after() with one sibling of child and text as arguments.]
+    expected: FAIL
+
+  [Element.after() with one sibling of child and text as arguments.]
+    expected: FAIL
+
+  [Text.after() with one sibling of child and text as arguments.]
+    expected: FAIL
+

tests/wpt/metadata/dom/nodes/ChildNode-before.html.ini

@@ -0,0 +1,11 @@
+[ChildNode-before.html]
+  type: testharness
+  [Comment.before() with context object itself as the argument.]
+    expected: FAIL
+
+  [Element.before() with context object itself as the argument.]
+    expected: FAIL
+
+  [Text.before() with context object itself as the argument.]
+    expected: FAIL
+

tests/wpt/metadata/dom/nodes/ChildNode-replaceWith.html.ini

@@ -0,0 +1,11 @@
+[ChildNode-replaceWith.html]
+  type: testharness
+  [Comment.replaceWith() with one sibling of child and child itself as arguments.]
+    expected: FAIL
+
+  [Element.replaceWith() with one sibling of child and child itself as arguments.]
+    expected: FAIL
+
+  [Text.replaceWith() with one sibling of child and child itself as arguments.]
+    expected: FAIL
+

tests/wpt/metadata/html/infrastructure/urls/terminology-0/document-base-url.html.ini

@@ -4,12 +4,12 @@
   [The document base URL of a document containing one or more base elements with href attributes is the frozen base URL of the first base element in the document that has an href attribute, in tree order.]
     expected: FAIL
 
-  [The fallback base URL of a document containing no base element is the document's address.]
-    expected: PASS
-
   [The fallback base URL of a document whose address is about:blank is the document base URL of the creator document.]
     expected: TIMEOUT
 
   [The fallback base URL of an iframe srcdoc document is the document base URL of the document's browsing context's browsing context container's document.]
     expected: TIMEOUT
 
+  [about:blank with a base element.]
+    expected: TIMEOUT
+

tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html.ini

@@ -0,0 +1,5 @@
+[toBlob.jpeg.html]
+  type: testharness
+  [toBlob with image/jpeg returns a JPEG Blob]
+    expected: FAIL
+

tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.png.html.ini

@@ -0,0 +1,5 @@
+[toBlob.png.html]
+  type: testharness
+  [toBlob with image/png returns a PNG Blob]
+    expected: FAIL
+

tests/wpt/metadata/html/semantics/tabular-data/the-table-element/delete-caption.html.ini

@@ -0,0 +1,20 @@
+[delete-caption.html]
+  type: testharness
+  [deleteCaption() delete only caption on table]
+    expected: FAIL
+
+  [deleteCaption() returns undefined]
+    expected: FAIL
+
+  [deleteCaption()]
+    expected: FAIL
+
+  [deleteCaption() does not throw any exceptions when called on a table without a caption]
+    expected: FAIL
+
+  [deleteCaption() does not delete captions in descendent tables]
+    expected: FAIL
+
+  [deleteCaption() handles captions from different namespaces]
+    expected: FAIL
+

tests/wpt/metadata/mozilla-sync

@@ -1 +1 @@
-836463b9e03f441aaf213ff48c99d50d8c1be5a5
+f52a4a292aa30b1dcb3e36812f82aeef1e2bdd20

tests/wpt/metadata/url/url-constructor.html.ini

@@ -177,3 +177,6 @@
   [Parsing: <sc://ñ.test/> against <about:blank>]
     expected: FAIL
 
+  [Parsing: <http://%30%78%63%30%2e%30%32%35%30.01%2e> against <http://other.com/>]
+    expected: FAIL
+

tests/wpt/metadata/webstorage/event_basic.html.ini

@@ -0,0 +1,8 @@
+[event_basic.html]
+  type: testharness
+  [sessionStorage mutations fire StorageEvents that are caught by the event listener set via window.onstorage.]
+    expected: FAIL
+
+  [localStorage mutations fire StorageEvents that are caught by the event listener set via window.onstorage.]
+    expected: FAIL
+

tests/wpt/metadata/webstorage/event_body_attribute.html.ini

@@ -0,0 +1,8 @@
+[event_body_attribute.html]
+  type: testharness
+  [sessionStorage mutations fire StorageEvents that are caught by the event listener specified as an attribute on the body.]
+    expected: FAIL
+
+  [localStorage mutations fire StorageEvents that are caught by the event listener specified as an attribute on the body.]
+    expected: FAIL
+

tests/wpt/metadata/webstorage/event_case_sensitive.html.ini

@@ -0,0 +1,9 @@
+[event_case_sensitive.html]
+  type: testharness
+  expected: TIMEOUT
+  [sessionStorage storage events fire even when only the case of the value changes.]
+    expected: TIMEOUT
+
+  [localStorage storage events fire even when only the case of the value changes.]
+    expected: TIMEOUT
+

tests/wpt/metadata/webstorage/event_setattribute.html.ini

@@ -0,0 +1,8 @@
+[event_setattribute.html]
+  type: testharness
+  [sessionStorage mutations fire StorageEvents that are caught by the event listener attached via setattribute.]
+    expected: FAIL
+
+  [localStorage mutations fire StorageEvents that are caught by the event listener attached via setattribute.]
+    expected: FAIL
+

tests/wpt/metadata/webstorage/storage_local_window_open.html.ini

@@ -1,5 +1,5 @@
 [storage_local_window_open.html]
   type: testharness
-  [A new window to make sure there is a copy of the previous window's localStorage, and that they diverge after a change]
+  [A new window to make sure there is a copy of the previous window's localStorage, and that they do not diverge after a change]
     expected: FAIL
 

tests/wpt/metadata/webstorage/storage_local_window_open_second.html.ini

@@ -1,5 +0,0 @@
-[storage_local_window_open_second.html]
-  type: testharness
-  [A new window to make sure there is a copy of the previous window's localStorage, and that they diverge after a change]
-    expected: FAIL
-

tests/wpt/metadata/webstorage/storage_session_window_open_second.html.ini

@@ -1,5 +0,0 @@
-[storage_session_window_open_second.html]
-  type: testharness
-  [A new window to make sure there is a copy of the previous window's sessionStorage, and that they diverge after a change]
-    expected: FAIL
-

tests/wpt/metadata/workers/MessagePort_initial_disabled.htm.ini

@@ -1,5 +0,0 @@
-[MessagePort_initial_disabled.htm]
-  type: testharness
-  [ MessageChannel: port message queue is initially disabled ]
-    expected: FAIL
-

tests/wpt/metadata/workers/MessagePort_onmessage_start.htm.ini

@@ -1,5 +0,0 @@
-[MessagePort_onmessage_start.htm]
-  type: testharness
-  [ MessageChannel: port.onmessage enables message queue ]
-    expected: FAIL
-

tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_canvas_9.html

@@ -38,7 +38,6 @@ try {
     destCtx.fillRect(0, 0,  destCanvas.width, destCanvas.height);
 }
 catch(err) {
-  console.err("Exception Thrown");
 }
 
 </script>

tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_13.html

@@ -33,7 +33,6 @@ try {
     destCtx.fillRect(0, 0,  destCanvas.width, destCanvas.height);
 }
 catch(err) {
-  console.log("Exception: " + err.message);
 }
 
 </script>

tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_9.html

@@ -32,7 +32,6 @@ try {
     destCtx.fillRect(0, 0,  destCanvas.width, destCanvas.height);
 }
 catch(err) {
-  console.err("Exception Thrown");
 }
 
 </script>

tests/wpt/web-platform-tests/2dcontext/tools/tests.yaml

@@ -448,6 +448,23 @@
 
 
 
+- name: toBlob.png
+  desc: toBlob with image/png returns a PNG Blob
+  testing:
+    - toBlob.png
+  code: |
+    canvas.toBlob(function(data){
+      @assert data.type === "image/png";
+    }, 'image/png');
+
+- name: toBlob.jpeg
+  desc: toBlob with image/jpeg returns a JPEG Blob
+  testing:
+    - toBlob.jpeg
+  code: |
+    canvas.toBlob(function(data){
+      @assert data.type === "image/jpeg";
+    }, 'image/jpeg');
 
 - name: toDataURL.default
   desc: toDataURL with no arguments returns a PNG

tests/wpt/web-platform-tests/XMLHttpRequest/event-error.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>XMLHttpRequest Test: event - error</title>
+<link rel="author" title="Intel" href="http://www.intel.com">
+<meta name="assert" content="Check if event onerror is fired When the request has failed.">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script>
+
+async_test(function (t) {
+  var client = new XMLHttpRequest();
+  client.onerror = t.step_func(function(e) {
+    assert_true(e instanceof ProgressEvent);
+    assert_equals(e.type, "error");
+    t.done();
+  });
+
+  client.open("GET", "http://example.nonexist");
+  client.send("null");
+}, document.title);
+
+</script>

tests/wpt/web-platform-tests/XMLHttpRequest/getallresponseheaders-status.htm

@@ -12,6 +12,10 @@
       var test = async_test()
       test.step(function() {
         var client = new XMLHttpRequest()
+        var headersUnsent = client.getAllResponseHeaders();
+         test.step(function() {
+           assert_equals(headersUnsent, "")
+         });
         client.onreadystatechange = function() {
           test.step(function() {
             var headers = client.getAllResponseHeaders().toLowerCase()

tests/wpt/web-platform-tests/XMLHttpRequest/resources/echo-method.py

@@ -0,0 +1,6 @@
+def main(request, response):
+    response.send_body_for_head_request = True
+    headers = [("Content-type", "text/plain")]
+    content = request.method
+
+    return headers, content

tests/wpt/web-platform-tests/XMLHttpRequest/response-method.htm

@@ -0,0 +1,21 @@
+<!doctype html>
+<html>
+  <head>
+    <title>XMLHttpRequest: influence of HTTP method on response</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <div id="log"></div>
+    <script>
+      ["GET", "HEAD", "POST"].forEach(function(method) {
+        test(function() {
+          var client = new XMLHttpRequest()
+          client.open(method, "resources/echo-method.py", false)
+          client.send()
+          assert_equals(client.responseText, (method === "HEAD" ? "" : method))
+        }, method)
+      })
+    </script>
+  </body>
+</html>

tests/wpt/web-platform-tests/XMLHttpRequest/responseText-status.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>XMLHttpRequest Test: responseText - status</title>
+<link rel="author" title="Intel" href="http://www.intel.com">
+<meta name="assert" content="Check if XMLHttpRequest.responseText return empty string if state is not LOADING or DONE">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+
+<script>
+
+async_test(function (t) {
+  var client = new XMLHttpRequest();
+  t.step(function () {
+    assert_equals(client.responseText, "");
+  });
+
+  client.onreadystatechange = t.step_func(function () {
+    if (client.readyState == 1 || client.readyState == 2) {
+      assert_equals(client.responseText, "");
+    }
+
+    if (client.readyState == 3) {
+      t.done();
+    }
+  });
+
+  client.open("GET", "resources/headers.py")
+  client.send(null)
+}, document.title);
+
+</script>

tests/wpt/web-platform-tests/XMLHttpRequest/responsexml-document-properties.htm

@@ -43,7 +43,7 @@
       }
 
       test(function() {
-        assert_equals((new Date(client.getResponseHeader('Last-Modified'))).getTime(), (new Date(client.responseXML.lastModified)).getTime()) 
+        assert_true((new Date(client.getResponseHeader('Last-Modified'))).getTime() == (new Date(client.responseXML.lastModified)).getTime(), 'responseXML.lastModified time shoud be equal to time in response Last-Modified header')
       }, 'lastModified set according to HTTP header')
 
       test(function() {

tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-basic-setrequestheader-existing-session.htm

@@ -25,7 +25,7 @@
         client.setRequestHeader('X-User', open_user)
         // initial request - this will get a 401 response and re-try with HTTP auth
         client.send(null)
-        assert_equals(client.responseText, open_user + '\nopen-pass')
+        assert_true(client.responseText == (open_user + '\nopen-pass'), 'responseText should contain the right user and password')
         assert_equals(client.status, 200)
         assert_equals(client.getResponseHeader('x-challenge'), 'DID')
         // Another request, this time user,pass is omitted and an Authorization header set explicitly

tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm

@@ -34,7 +34,7 @@
           client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2)
           client.setRequestHeader("x-user", userwin)
           client.send(null)
-          assert_equals(client.responseText, (userwin||'') + "\n" + (passwin||''))
+          assert_true(client.responseText == ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password')
 
           // We want to send multiple requests to the same realm here, so we try to make the UA forget its (cached) credentials between each test..
           // forcing a 401 response to (hopefully) "log out"

tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader.htm

@@ -25,7 +25,7 @@
         client.onreadystatechange = function () {
           if (client.readyState < 4) {return}
           test.step( function () {
-            assert_equals(client.responseText, user + '\npass')
+            assert_true(client.responseText == (user + '\npass'), 'responseText should contain the right user and password')
             assert_equals(client.status, 200)
             assert_equals(client.getResponseHeader('x-challenge'), 'DID-NOT')
             test.done()

tests/wpt/web-platform-tests/XMLHttpRequest/status-basic.htm

@@ -17,7 +17,9 @@
         counter++
         test(function() {
           var client = new XMLHttpRequest()
+          assert_equals(client.status, 0);
           client.open(method, "resources/status.py?code=" + code + "&text=" + encodeURIComponent(text) + "&content=" + encodeURIComponent(content) + "&type=" + encodeURIComponent(type), false)
+          assert_equals(client.status, 0);
           client.send(null)
           assert_equals(client.status, code)
           assert_equals(client.statusText, text)

tests/wpt/web-platform-tests/conformance-checkers/html-aria/_functional/tree/js/aria.js

@@ -20,7 +20,6 @@ var Aria = {
 Aria.Tree = Class.create();
 Aria.Tree.prototype = {
 	initialize: function(inNode){
-		if(!$(inNode) && console.error) console.error('Error from aria.js: Aria.Tree instance initialized with invalid element, '+ inNode);
 		this.el = $(inNode);
 		this.index = Aria.Trees.length; // each tree should know its index in the Aria singleton's list, in order to concatenate id strings
 		this.strActiveDescendant = this.el.getAttribute('aria-activedescendant');
@@ -113,7 +112,6 @@ Aria.Tree.prototype = {
 			case Event.KEY_RIGHT:    this.keyRight(); break;
 			case Event.KEY_DOWN:     this.keyDown();  break;
 			default:
-				//console.log(inEvent.keyCode);
 				return;
 		}
 		Event.stop(inEvent);

tests/wpt/web-platform-tests/conformance-checkers/messages.json

@@ -1388,13 +1388,13 @@
     "html/elements/kbd/model-novalid.html": "End tag \u201cp\u201d implied, but there were open elements.",
     "html/elements/keygen/id-bad-novalid.html": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.",
     "html/elements/keygen/id-missing-novalid.html": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.",
-    "html/elements/keygen/id-redundant-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.",
+    "html/elements/keygen/id-redundant-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.",
     "html/elements/keygen/keytype-bad-value-novalid.html": "Bad value \u201cdsa\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.",
     "html/elements/keygen/keytype-empty-novalid.html": "Bad value \u201c\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.",
     "html/elements/keygen/model-novalid.html": "The element \u201ckeygen\u201d must not appear as a descendant of the \u201ca\u201d element.",
     "html/elements/keygen/non-void-novalid.html": "Stray end tag \u201ckeygen\u201d.",
     "html/elements/label/for-descendant-no-id-novalid.html": "Any \u201cinput\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.",
-    "html/elements/label/multiple-descendants-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.",
+    "html/elements/label/multiple-descendants-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.",
     "html/elements/link/href-empty-novalid.html": "Bad value \u201c\u201d for attribute \u201chref\u201d on element \u201clink\u201d: Bad URL: Must be non-empty.",
     "html/elements/link/href-missing-novalid.html": "Element \u201clink\u201d is missing required attribute \u201chref\u201d.",
     "html/elements/link/href-whitespace-only-novalid.html": "Bad value \u201c\t \n\u201d for attribute \u201chref\u201d on element \u201clink\u201d: Bad URL: Must be non-empty.",
@@ -2167,9 +2167,9 @@
     "html/media-queries/022-novalid.html": "Bad value \u201cscreen,\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Media query ended prematurely.",
     "html/media-queries/023-novalid.html": "Bad value \u201c,screen\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Media query ended prematurely.",
     "html/media-queries/024-novalid.html": "Bad value \u201cscreen and (min-width: 400)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Non-zero lengths require a unit.",
-    "html/media-queries/device-aspect-ratio-novalid.html": "Bad value \u201cscreen and (device-aspect-ratio: 16/9)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Expected a CSS media feature but saw \u201cdevice-aspect-ratio\u201d instead.",
-    "html/media-queries/projection-novalid.html": "Bad value \u201cprojection\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Expected a CSS media type but the query ended.",
-    "html/media-queries/tv-novalid.html": "Bad value \u201ctv and (scan: progressive)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Expected a CSS media type but saw \u201ctv\u201d instead.",
+    "html/media-queries/device-aspect-ratio-novalid.html": "Bad value \u201cscreen and (device-aspect-ratio: 16/9)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Deprecated media feature \u201cdevice-aspect-ratio\u201d. For guidance, see the Deprecated Media Features section in the current Media Queries specification.",
+    "html/media-queries/projection-novalid.html": "Bad value \u201cprojection\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Deprecated media type \u201cprojection\u201d. For guidance, see the Media Types section in the current Media Queries specification.",
+    "html/media-queries/tv-novalid.html": "Bad value \u201ctv and (scan: progressive)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Deprecated media type \u201ctv\u201d. For guidance, see the Media Types section in the current Media Queries specification.",
     "html/microdata/itemid-scheme-data-contains-fragment-haswarn.html": "Bad value \u201cdata:text/html,test#test\u201d for attribute \u201citemid\u201d on element \u201cdiv\u201d: Bad URL: Fragment is not allowed for data: URIs according to RFC 2397.",
     "html/microdata/itemid/fragment-backslash-novalid.html": "Bad value \u201c#\\\u201d for attribute \u201citemid\u201d on element \u201cdiv\u201d: Bad URL: Illegal character in fragment: not a URL code point.",
     "html/microdata/itemid/fragment-contains-hash-novalid.html": "Bad value \u201chttp://foo/path#f#g\u201d for attribute \u201citemid\u201d on element \u201cdiv\u201d: Bad URL: Illegal character in fragment: not a URL code point.",
@@ -2370,12 +2370,12 @@
     "xhtml/elements/keygen/057-novalid.xhtml": "Bad value \u201c\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.",
     "xhtml/elements/keygen/058-novalid.xhtml": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.",
     "xhtml/elements/keygen/059-novalid.xhtml": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.",
-    "xhtml/elements/keygen/060-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.",
+    "xhtml/elements/keygen/060-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.",
     "xhtml/elements/keygen/061-novalid.xhtml": "The element \u201ckeygen\u201d must not appear as a descendant of the \u201ca\u201d element.",
     "xhtml/elements/keygen/154-novalid.xhtml": "Text not allowed in element \u201ckeygen\u201d in this context.",
     "xhtml/elements/keygen/157-novalid.xhtml": "Bad value \u201c\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.",
     "xhtml/elements/keygen/359-novalid.xhtml": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.",
-    "xhtml/elements/keygen/360-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.",
+    "xhtml/elements/keygen/360-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.",
     "xhtml/elements/keygen/361-novalid.xhtml": "The element \u201ckeygen\u201d must not appear as a descendant of the \u201ca\u201d element.",
     "xhtml/elements/link/001-novalid.xhtml": "Element \u201clink\u201d is missing required attribute \u201chref\u201d.",
     "xhtml/elements/menu/001-haswarn.xhtml": "The \u201cmenu\u201d element is not supported by browsers yet. It would probably be better to wait for implementations.",

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/allowed.css

@@ -0,0 +1,3 @@
+#test {
+	color: green;
+}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>base-uri-allow</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+base-uri http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self';
+-->
+    <base href="http://www1.{{host}}:{{ports[http][0]}}/">
+    <script>
+        console.info('Check that base URIs can be set if they do not violate the page\'s policy.');
+        test(function() {
+            assert_equals(document.baseURI, 'http://www1.{{host}}:{{ports[http][0]}}/');
+            log("TEST COMPLETE")
+        });
+
+    </script>
+</head>
+
+<body>
+    <div id="log"></div>
+    <script async defer src="./content-security-policy/support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: base-uri-allow={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: base-uri http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>base-uri-deny</title>
+    <base href="http://www1.{{host}}:{{ports[http][0]}}/">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["PASS document.baseURI is document.location.href","TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+base-uri 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        console.info('Check that base URIs cannot be set if they violate the page\'s policy.');
+        var base = document.createElement('base');
+        base.href = 'http://www1.{{host}}:{{ports[http][0]}}/';
+        document.head.appendChild(base);
+        if (document.baseURI == document.location.href) {
+            log("PASS document.baseURI is document.location.href");
+            log("TEST COMPLETE");
+        }
+
+    </script>
+</head>
+
+<body>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=base-uri%20&apos;self&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: base-uri-deny={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: base-uri 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                document.getElementById('submit').click();
+                log("TEST COMPLETE");
+            }, 0);
+        });
+
+    </script>
+</head>
+
+<body>
+    <form action="../support/pass.png" id="theform" method="post" target="_blank">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                document.getElementById('submit').click();
+                log("TEST COMPLETE");
+            }, 0);
+        });
+        setTimeout(function() {}, 1000);
+
+    </script>
+</head>
+
+<body>
+    <form action="../content-security-policy/support/fail.png" id="theform" method="post">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-default-ignored</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                document.getElementById('submit').click();
+                log("TEST COMPLETE");
+            }, 0);
+        });
+
+    </script>
+</head>
+
+<body>
+    <form action="../support/pass.png" id="theform" method="post" target="_blank">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that default-src does. If this test passes, you will see a page indicating a form was POSTed or a blocked pop-up warning.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-default-ignored={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-get-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                document.getElementById('submit').click();
+                log("TEST COMPLETE");
+            }, 0);
+        });
+
+    </script>
+</head>
+
+<body>
+    <form action="../support/pass.png" id="theform" method="get" target="_blank">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed or a blocked pop-up warning.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-get-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-get-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {}, 1000);
+            document.getElementById('submit').click();
+            log("TEST COMPLETE");
+        });
+
+    </script>
+</head>
+
+<body>
+    <form action="/navigation/resources/form-target.pl" id="theform" method="get">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-get-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-javascript-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                document.getElementById('submit').click();
+                log("TEST COMPLETE");
+            }, 0);
+        });
+
+    </script>
+</head>
+
+<body>
+    <form action="javascript:alert_assert(&quot;FAIL!&quot;)" id="theform" method="post">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a JavaScript alert.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-javascript-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>form-action-src-redirect-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+form-action 127.0.0.1:8000; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        window.addEventListener('load', function() {
+            setTimeout(function() {
+                document.getElementById('submit').click();
+                log("TEST COMPLETE");
+            }, 0);
+        });
+        setTimeout(function() {}, 1000);
+
+    </script>
+</head>
+
+<body>
+    <form id="form1" action="/navigation/resources/redirection-response.php?host=localhost:8000&amp;status=302&amp;target=form-target.pl" method="post">
+        <input type="text" name="fieldname" value="fieldvalue">
+        <input type="submit" id="submit" value="submit">
+    </form>
+    <p>Tests that blocking form redirect works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20127.0.0.1:8000"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: form-action-src-redirect-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: form-action 127.0.0.1:8000; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>meta-outside-head</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script src='../support/alertAssert.sub.js?alerts=["PASS (1/1)"]'></script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'none'; connect-src 'self';
+-->
+</head>
+
+<body>
+    <meta http-equiv="Content-Security-Policy" content="script-src 'none'">
+    <p>This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document&apos;s head.</p>
+    <script>
+        alert_assert("PASS (1/1)");
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: meta-outside-head={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'none'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>plugintypes-mismatched-data</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+
+</head>
+
+<body>
+    This tests that plugin content that doesn&apos;t match the declared type doesn&apos;t load, even if the document&apos;s CSP would allow it. This test passes if &quot;FAIL!&quot; isn&apos;t logged.
+    <object type="application/x-invalid-type" data="data:application/x-webkit-test-netscape,logifloaded" log="FAIL!"></object>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: plugintypes-mismatched-data={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>plugintypes-mismatched-url</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+
+</head>
+
+<body>
+    This tests that plugin content that doesn&apos;t match the declared type doesn&apos;t load, even if the document&apos;s CSP would allow it. This test passes if no iframe is dumped (meaning that no PluginDocument was created).
+    <object type="application/x-invalid-type" data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: plugintypes-mismatched-url={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>plugintypes-notype-data</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["PASS"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there&apos;s a CSP report and &quot;FAIL!&quot; isn&apos;t logged.
+    <object data="data:application/x-webkit-test-netscape" onload="log('FAIL');" onerror="log('PASS');"></object>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=plugin-types+application/x-invalid-type"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: plugintypes-notype-data={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>plugintypes-notype-url</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+
+</head>
+
+<body>
+    Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there&apos;s an error report is sent.
+    <object data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=plugin-types%20application/x-invalid-type"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: plugintypes-notype-url={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>plugintypes-nourl-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+plugin-types application/x-webkit-test-netscape; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    This test passes if there isn&apos;t a CSP violation sayingthe plugin was blocked.
+    <object type="application/x-webkit-test-netscape"></object>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: plugintypes-nourl-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: plugin-types application/x-webkit-test-netscape; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>plugintypes-nourl-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    This test passes if there is a CSP violation sayingthe plugin was blocked.
+    <object type="application/x-webkit-test-netscape"></object>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=plugin-types%20text/plain"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: plugintypes-nourl-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scripthash-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/content-security-policy/support/alertAssert.sub.js?alerts=%5B%22PASS%20(1%2F4)%22%2C%22PASS%20(2%2F4)%22%2C%22PASS%20(3%2F4)%22%2C%22PASS%20(4%2F4)%22%5D">
+
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'sha256-IFmozo9WnnsMXVl_Ka8XzJ3Nd8yzS2zA2ME0mwtd-Ck=' 'sha256-jSpTmJKcrnHttKdYM_wCCDJoQY5tdSxNf7zd2prwFfI=' 'sha256-qbgA2XjB2EZKjn_UmK7v_K77t-fvfxA89QT_K9qPNyE=' 'sha256-K-7X5Ip3msvRvyQzf6fkrWZziuhaUIee1aLnlP5nX10='; connect-src 'self'; connect-src 'self';
+-->
+    <script>
+        alert_assert('PASS (1/4)');
+
+    </script>
+    <script>
+        alert_assert('PASS (2/4)');
+
+    </script>
+    <script>
+        alert_assert('PASS (3/4)');
+
+    </script>
+    <script>
+        alert_assert('PASS (4/4)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests the effect of a valid script-hash value. It passes if no CSP violation is generated, and the alert_assert() is executed.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scripthash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'sha256-IFmozo9WnnsMXVl_Ka8XzJ3Nd8yzS2zA2ME0mwtd-Ck=' 'sha256-jSpTmJKcrnHttKdYM_wCCDJoQY5tdSxNf7zd2prwFfI=' 'sha256-qbgA2XjB2EZKjn_UmK7v_K77t-fvfxA89QT_K9qPNyE=' 'sha256-K-7X5Ip3msvRvyQzf6fkrWZziuhaUIee1aLnlP5nX10='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html

@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scripthash-basic-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script>
+        var t_alert = async_test('Expecting alerts: ["PASS (1/1)"]');
+        var expected_alerts = ["PASS (1/1)"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='; connect-src 'self';
+-->
+    <script>
+        alert_assert('PASS (1/1)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (1/4)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (2/4)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (3/4)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (4/4)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests the effect of a valid script-hash value, with one valid script and several invalid ones. It passes if one alert is executed and a CSP violation is reported.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=script-src%20&apos;sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scripthash-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html

@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scripthash-ignore-unsafeinline</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script>
+        var t_alert = async_test('Expecting alerts: ["PASS (1/1)"]');
+        var expected_alerts = ["PASS (1/1)"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'; connect-src 'self';
+-->
+    <script>
+        alert_assert('PASS (1/1)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (1/1)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests that a valid hash value disables inline JavaScript, even if &apos;unsafe-inline&apos; is present.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=script-src%20&apos;sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=&apos;%20&apos;unsafe-inline&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scripthash-ignore-unsafeinline={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scripthash-unicode-normalization</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/content-security-policy/support/alertAssert.sub.js?alerts=%5B%22PASS%22%2C%22PASS%22%5D">
+
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'sha256-xy4iRAvdlFCq-M5-4yu4B7dy0Kc2FfljmZO4Jkj3Yhw='; connect-src 'self';
+-->
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <!-- The following two scripts contain two separate code points (U+00C5
+        and U+212B, respectively) which, depending on your text editor, might be
+        rendered the same. However, their difference is important as they should
+        be NFC normalized to the same code point, thus they should hash to the
+        same value.-->
+    <script>
+        'Å';
+        alert_assert('PASS');
+
+    </script>
+    <script>
+        'Å';
+        alert_assert('PASS');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scripthash-unicode-normalization={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'sha256-xy4iRAvdlFCq-M5-4yu4B7dy0Kc2FfljmZO4Jkj3Yhw='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scriptnonce-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script nonce="noncynonce">
+        function log(msg) {
+            test(function() {
+                assert_unreached(msg)
+            });
+        }
+
+    </script>
+    <script nonce="noncynonce">
+        var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]');
+        var expected_alerts = ["PASS (1/2)", "PASS (2/2)"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/=nonce'; connect-src 'self';
+-->
+    <script nonce="noncynonce">
+        alert_assert('PASS (1/2)');
+
+    </script>
+    <script nonce="noncy+/=nonce">
+        alert_assert('PASS (2/2)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests the effect of a valid script-nonce value. It passes if no CSP violation is generated and the alerts are executed.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scriptnonce-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'nonce-noncynonce' 'nonce-noncy+/=nonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html

@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scriptnonce-and-scripthash</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script nonce="nonceynonce">
+        function log(msg) {
+            test(function() {
+                assert_unreached(msg)
+            });
+        }
+
+    </script>
+    <script nonce="nonceynonce">
+        var t_alert = async_test('Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"]');
+        var expected_alerts = ["PASS (1/3)", "PASS (2/3)", "PASS (3/3)"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'sha256-LS8v1E1Ff0Hc8FobgWKNKY3sbW4rljPlZNQHyyutfKU=' 'nonce-nonceynonce'; connect-src 'self';
+-->
+    <script nonce="nonceynonce">
+        alert_assert('PASS (1/3)');
+
+    </script>
+    <script>
+        alert_assert('PASS (2/3)');
+
+    </script>
+    <script nonce="nonceynonce">
+        alert_assert('PASS (3/3)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (1/2)');
+
+    </script>
+    <script nonce="notanonce">
+        alert_assert('FAIL (2/2)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests the combined use of script hash and script nonce. It passes if a CSP violation is generated and the three alerts show PASS.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=script-src%20&apos;sha1-MfuEFRkC2LmR31AMy9KW2ZLDegA=&apos;%20&apos;sha1-p70t5PXyndLfjKNjbyBBOL1gFiM=&apos;%20&apos;nonce-nonceynonce&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scriptnonce-and-scripthash={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'sha256-LS8v1E1Ff0Hc8FobgWKNKY3sbW4rljPlZNQHyyutfKU=' 'nonce-nonceynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html

@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scriptnonce-basic-blocked</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script nonce='noncynonce'>
+        function log(msg) {
+            test(function() {
+                assert_unreached(msg)
+            });
+        }
+
+    </script>
+    <script nonce='noncynonce'>
+        var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]');
+        var expected_alerts = ["PASS (1/2)", "PASS (2/2)"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self';
+-->
+    <script nonce="noncynonce">
+        alert_assert('PASS (1/2)');
+
+    </script>
+    <script nonce="   noncynonce    ">
+        alert_assert('PASS (2/2)');
+
+    </script>
+    <script nonce="noncynonce noncynonce">
+        alert_assert('FAIL (1/3)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (2/3)');
+
+    </script>
+    <script nonce="noncynonceno?">
+        alert_assert('FAIL (3/3)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests the effect of a valid script-nonce value. It passes if a CSP violation is generated, and the two PASS alerts are executed.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=script-src%20&apos;nonce-noncynonce&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scriptnonce-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html

@@ -0,0 +1,72 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scriptnonce-ignore-unsafeinline</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script nonce='noncynonce'>
+        function log(msg) {
+            test(function() {
+                assert_unreached(msg)
+            });
+        }
+
+    </script>
+    <script nonce='noncynonce'>
+        var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]');
+        var expected_alerts = ["PASS (1/2)", "PASS (2/2)"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/=nonce' 'unsafe-inline'; connect-src 'self';
+-->
+    <script nonce="noncynonce">
+
+
+    </script>
+    <script nonce="noncynonce">
+        alert_assert('PASS (1/2)');
+
+    </script>
+    <script nonce="noncy+/=nonce">
+        alert_assert('PASS (2/2)');
+
+    </script>
+    <script>
+        alert_assert('FAIL (1/1)');
+
+    </script>
+</head>
+
+<body>
+    <p>
+        This tests that a valid nonce disables inline JavaScript, even if &apos;unsafe-inline&apos; is present.
+    </p>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=script-src%20&apos;nonce-noncynonce&apos;%20&apos;nonce-noncy+/=nonce&apos;%20&apos;unsafe-inline&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scriptnonce-ignore-unsafeinline={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/=nonce' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html

@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>scriptnonce-redirect</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script nonce="noncynonce">
+        function log(msg) {
+            test(function() {
+                assert_unreached(msg)
+            });
+        }
+
+    </script>
+    <script nonce="noncynonce">
+        var t_alert = async_test('Expecting alerts: ["PASS"]');
+        var expected_alerts = ["PASS"];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self';
+-->
+</head>
+
+<body>
+    This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
+    <script nonce="noncynonce" src="/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/content-security-policy/support/alert-pass.js"></script>
+    <script nonce="noncynonce">
+
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: scriptnonce-redirect={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>securitypolicyviolation-block-cross-origin-image-from-script</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    <script>
+        var x = document.createElement('script');
+        x.src = 'http://{{host}}:{{ports[http][0]}}/content-security-policy/support/inject-image.js';
+        document.body.appendChild(x);
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=img-src%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: securitypolicyviolation-block-cross-origin-image-from-script={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>securitypolicyviolation-block-cross-origin-image</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    <script>
+        console.info('Check that a SecurityPolicyViolationEvent strips detail from cross-origin blocked URLs.');
+        var img = document.createElement('img');
+        img.src = 'http://{{host}}:{{ports[http][0]}}/security/resources/abe.png';
+        document.body.appendChild(img);
+        log("TEST COMPLETE");
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=img-src%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: securitypolicyviolation-block-cross-origin-image={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>securitypolicyviolation-block-image-from-script</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    <script>
+        console.info('Check that a SecurityPolicyViolationEvent is fired upon blocking an image injected via script.');
+        var script = document.createElement('script');
+        script.src = '../support/inject-image.js';
+        document.body.appendChild(script);
+        log("TEST COMPLETE");
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=img-src%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: securitypolicyviolation-block-image-from-script={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>securitypolicyviolation-block-image</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+    <!-- enforcing policy:
+img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    <script>
+        console.info('Check that a SecurityPolicyViolationEvent is fired upon blocking an image.');
+        var img = document.createElement('img');
+        img.src = '../support/fail.png';
+        img.onerror = function() {
+            log("TEST COMPLETE");
+        };
+        img.onload = function() {
+            log("FAIL");
+        };
+        document.body.appendChild(img);
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=img-src%20&apos;none&apos;"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: securitypolicyviolation-block-image={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html

@@ -0,0 +1,77 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <title>stylehash-allowed</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="../support/logTest.sub.js?logs=[]"></script>
+    <script>
+        var t_alert = async_test('Expecting alerts: ["PASS (1/4): The \'#p1\' element\'s text is green, which means the style was correctly applied.","PASS (2/4): The \'#p2\' element\'s text is green, which means the style was correctly applied.","PASS (3/4): The \'#p3\' element\'s text is green, which means the style was correctly applied.","PASS (4/4): The \'#p4\' element\'s text is green, which means the style was correctly applied."]');
+        var expected_alerts = ["PASS (1/4): The '#p1' element's text is green, which means the style was correctly applied.", "PASS (2/4): The '#p2' element's text is green, which means the style was correctly applied.", "PASS (3/4): The '#p3' element's text is green, which means the style was correctly applied.", "PASS (4/4): The '#p4' element's text is green, which means the style was correctly applied."];
+
+        function alert_assert(msg) {
+            t_alert.step(function() {
+                if (msg.match(/^FAIL/i)) {
+                    assert_unreached(msg);
+                    t_alert.done();
+                }
+                for (var i = 0; i < expected_alerts.length; i++) {
+                    if (expected_alerts[i] == msg) {
+                        assert_true(expected_alerts[i] == msg);
+                        expected_alerts.splice(i, 1);
+                        if (expected_alerts.length == 0) {
+                            t_alert.done();
+                        }
+                        return;
+                    }
+                }
+                assert_unreached('unexpected alert: ' + msg);
+                t_log.done();
+            });
+        }
+
+    </script>
+    <!-- enforcing policy:
+style-src 'sha1-eYyYGmKWdhpUewohaXk9o8IaLSw=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+</head>
+
+<body>
+    <p id="p1">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p1 is fired.</p>
+    <p id="p2">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p2 is fired.</p>
+    <p id="p3">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p3 is fired.</p>
+    <p id="p4">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p4 is fired.</p>
+    <style>p#p1 { color: green; }</style>
+    <style>p#p2 { color: green; }</style>
+    <style>p#p3 { color: green; }</style>
+    <style>p#p4 { color: green; }</style>
+    <script>
+        var color = window.getComputedStyle(document.querySelector('#p1')).color;
+        if (color === "rgb(0, 128, 0)")
+            alert_assert("PASS (1/4): The '#p1' element's text is green, which means the style was correctly applied.");
+        else
+            alert_assert("FAIL (1/4): The '#p1' element's text is " + color + ", which means the style was incorrectly applied.");
+        var color = window.getComputedStyle(document.querySelector('#p2')).color;
+        if (color === "rgb(0, 128, 0)")
+            alert_assert("PASS (2/4): The '#p2' element's text is green, which means the style was correctly applied.");
+        else
+            alert_assert("FAIL (2/4): The '#p2' element's text is " + color + ", which means the style was incorrectly applied.");
+        var color = window.getComputedStyle(document.querySelector('#p3')).color;
+        if (color === "rgb(0, 128, 0)")
+            alert_assert("PASS (3/4): The '#p3' element's text is green, which means the style was correctly applied.");
+        else
+            alert_assert("FAIL (3/4): The '#p3' element's text is " + color + ", which means the style was incorrectly applied.");
+        var color = window.getComputedStyle(document.querySelector('#p4')).color;
+        if (color === "rgb(0, 128, 0)")
+            alert_assert("PASS (4/4): The '#p4' element's text is green, which means the style was correctly applied.");
+        else
+            alert_assert("FAIL (4/4): The '#p4' element's text is " + color + ", which means the style was incorrectly applied.");
+
+    </script>
+    <div id="log"></div>
+    <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>

tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html.sub.headers

@@ -0,0 +1,6 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: stylehash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
+Content-Security-Policy: style-src 'self' 'sha1-eYyYGmKWdhpUewohaXk9o8IaLSw=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}