Update web-platform-tests to revision be5419e845d39089ba6dc338c1bd0fa279108317

2025-08-27 16:18:21 +01:00 · 2018-01-04 13:44:24 -05:00 · 2018-01-04 13:44:24 -05:00 · 2b6f573eb5
commit 2b6f573eb5
parent aa199307c8
3440 changed files with 109438 additions and 41750 deletions
--- a/tests/wpt/web-platform-tests/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html
+++ b/tests/wpt/web-platform-tests/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html
@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<head>
+  <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' 'self'">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <!-- Tests that mutations inside a context that inherits a copy of the CSP list
+       does not affect the parent context -->
+</head>
+<body>
+  <script>
+    var t1 = async_test("Test that parent document image loads");
+    var t2 = async_test("Test that embedded iframe document image does not load");
+    var t3 = async_test("Test that spv event is fired");
+
+    window.onmessage = function(e) {
+      if (e.data.type == 'spv') {
+        t3.step(function() {
+          assert_equals(e.data.violatedDirective, "img-src");
+          t3.done();
+        });
+      } else if (e.data.type == 'imgload') {
+        var img = document.createElement('img');
+        img.src = "../support/pass.png";
+        img.onload = function() { t1.done(); };
+        img.onerror = t1.unreached_func('Should have loaded the image');
+        document.body.appendChild(img);
+
+        t2.step(function() {
+          assert_false(e.data.loaded, "Should not have loaded image inside the frame because of its CSP");
+          t2.done();
+        });
+      }
+    }
+
+    var srcdoc = ['<meta http-equiv="Content-Security-Policy" content="img-src \'none\'">',
+                  '<script>',
+                  ' window.addEventListener("securitypolicyviolation", function(e) {',
+                  '  window.top.postMessage({type: "spv", violatedDirective: e.violatedDirective}, "*");',
+                  ' });',
+                  '</scr' + 'ipt>',
+                  '<img src="../support/fail.png"',
+                  '  onload="window.top.postMessage({type: \'imgload\', loaded: true}, \'*\')"',
+                  '  onerror="window.top.postMessage({type: \'imgload\', loaded: false}, \'*\')">'].join('\n');
+    var i = document.createElement('iframe');
+    i.srcdoc = srcdoc;
+    document.body.appendChild(i);
+  </script>
+</body>
+</html>