Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-16 02:45:36 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 58eb04cecbbec2e18531ab440225e38944a9c444

Browse source
This commit is contained in:
Josh Matthews 2017-04-17 12:06:02 +10:00 committed by Anthony Ramine
parent 25e8bf69e6
commit 665817d2a6
35333 changed files with 1818077 additions and 16036 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/wpt/web-platform-tests/content-security-policy/script-src/crossoriginScript.js Normal file
View file

@ -0,0 +1,3 @@
// Identical to simpleSourcedScript.js but with a different hash, thanks to
// this comment!
window.postMessage(document.currentScript.id, "*");

1
tests/wpt/web-platform-tests/content-security-policy/script-src/crossoriginScript.js.headers Normal file
View file

@ -0,0 +1 @@
Access-Control-Allow-Origin: *

1
tests/wpt/web-platform-tests/content-security-policy/script-src/externalScript.js Normal file
View file

@ -0,0 +1 @@
externalRan = true;

104
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-sri_hash.sub.html Normal file
View file

@ -0,0 +1,104 @@
<!DOCTYPE HTML>
<html>
<head>
<title>External scripts with matching SRI hash should be allowed.</title>
<script src='/resources/testharness.js' nonce='dummy'></script>
<script src='/resources/testharnessreport.js' nonce='dummy'></script>
<!-- CSP served: script-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=' -->
</head>
<body>
<h1>External scripts with matching SRI hash should be allowed.</h1>
<div id='log'></div>
<script nonce='dummy'>
var port = "{{ports[http][0]}}";
if (location.protocol === "https:")
port = "{{ports[https][0]}}";
var crossorigin_base = location.protocol + "//{{domains[www]}}:" + port;
// Test name, src, integrity, expected to run.
var test_cases = [
[ 'matching integrity',
'./simpleSourcedScript.js',
'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=',
true ],
[ 'multiple matching integrity',
'./simpleSourcedScript.js',
'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=',
true ],
[ 'no integrity',
'./simpleSourcedScript.js',
'',
false ],
[ 'matching plus unsupported integrity',
'./simpleSourcedScript.js',
'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha999-xyz',
true ],
[ 'mismatched integrity',
'./simpleSourcedScript.js',
'sha256-xyz',
false ],
[ 'multiple mismatched integrity',
'./simpleSourcedScript.js',
'sha256-xyz sha256-zyx',
false ],
[ 'partially matching integrity',
'./simpleSourcedScript.js',
'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha256-xyz',
false ],
[ 'crossorigin no integrity but whitelisted host',
crossorigin_base + '/content-security-policy/script-src/crossoriginScript.js',
'',
true ],
[ 'crossorigin mismatched integrity but whitelisted host',
crossorigin_base + '/content-security-policy/script-src/crossoriginScript.js',
'sha256-kKJ5c48yxzaaSBupJSCmY50hkD8xbVgZgLHLtmnkeAo=',
true ],
];
test(_ => {
for (item of test_cases) {
async_test(t => {
var s = document.createElement('script');
s.id = item[0].replace(' ', '-');
s.src = item[1];
s.integrity = item[2];
s.setAttribute('crossorigin', 'anonymous');
if (item[3]) {
s.onerror = t.unreached_func("Script should load! " + s.src);
window.addEventListener('message', t.step_func(e => {
if (e.data == s.id)
t.done();
}));
} else {
s.onerror = t.step_func_done();
window.addEventListener('message', t.step_func(e => {
if (e.data == s.id)
assert_unreached("Script should not execute!");
}));
}
document.body.appendChild(s);
}, item[0]);
}
}, "Load all the tests.");
</script>
<script nonce='dummy'>
var externalRan = false;
</script>
<script src='./externalScript.js'
integrity="sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0="></script>
<script nonce='dummy'>
test(function() {
assert_true(externalRan, 'External script ran.');
}, 'External script in a script tag with matching SRI hash should run.');
</script>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-sri_hash.sub.html.sub.headers Normal file
View file

@ -0,0 +1,5 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Content-Security-Policy: script-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA='

20
tests/wpt/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html Normal file
View file

@ -0,0 +1,20 @@
<!DOCTYPE html>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
<script src='../support/testharness-helper.js'></script>
<meta http-equiv="content-security-policy" content="script-src 'nonce-abc' 'strict-dynamic'">
<script nonce="abc">
assert_worker_is_loaded(
"../support/ping.js",
"Dedicated worker is allowed via 'strict-dynamic'");
assert_shared_worker_is_loaded(
"../support/ping.js",
"Shared worker is allowed via 'strict-dynamic'");
assert_service_worker_is_loaded(
"../support/ping.js",
"Service worker is allowed via 'strict-dynamic'");
</script>