mirror of
https://github.com/servo/servo.git
synced 2025-08-17 11:25:35 +01:00
Update web-platform-tests to revision 14cfa4d648cc1c853b4153268df672d21425f8c1
This commit is contained in:
Josh Matthews
parent
1b73cf3352
commit
75736751d9
1213 changed files with 19434 additions and 12344 deletions
|
|
@ -1,3 +0,0 @@
|
|||
#test {
|
||||
color: green;
|
||||
}
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>base-uri-allow</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
base-uri http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self';
|
||||
-->
|
||||
<base href="http://www1.{{host}}:{{ports[http][0]}}/">
|
||||
<script>
|
||||
test(function() {
|
||||
if ('{{ports[http][0]}}' == '80' ||
|
||||
'{{ports[http][0]}}' == '443') {
|
||||
assert_equals(document.baseURI, 'http://www1.{{host}}/');
|
||||
} else {
|
||||
assert_equals(document.baseURI, 'http://www1.{{host}}' + ':{{ports[http][0]}}/');
|
||||
}
|
||||
|
||||
log("TEST COMPLETE")
|
||||
});
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p>Check that base URIs can be set if they do not violate the page's policy.</p>
|
||||
<div id="log"></div>
|
||||
<script async defer src="./content-security-policy/support/checkReport.sub.js?reportExists=false"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: base-uri-allow={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: base-uri http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>base-uri-deny</title>
|
||||
<base href="http://www1.{{host}}:{{ports[http][0]}}/">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["PASS document.baseURI is document.location.href","TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
base-uri 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
<script>
|
||||
var base = document.createElement('base');
|
||||
base.href = 'http://www1.{{host}}:{{ports[http][0]}}/';
|
||||
document.head.appendChild(base);
|
||||
if (document.baseURI == document.location.href) {
|
||||
log("PASS document.baseURI is document.location.href");
|
||||
log("TEST COMPLETE");
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p>Check that base URIs cannot be set if they violate the page's policy.</p>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=base-uri%20'self'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: base-uri-deny={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: base-uri 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-default-ignored={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; frame-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-get-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-get-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-javascript-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: form-action 'none'; script-src 'self' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: form-action-src-redirect-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: meta-outside-head={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'none'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: plugintypes-mismatched-data={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: plugintypes-mismatched-url={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: plugintypes-notype-data={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: plugintypes-notype-url={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: plugintypes-nourl-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: plugin-types application/x-webkit-test-netscape; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>plugintypes-nourl-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
This test passes if there is a CSP violation sayingthe plugin was blocked.
|
||||
<object type="application/x-webkit-test-netscape"></object>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=plugin-types%20text/plain"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: plugintypes-nourl-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: script-src-wildcards-disallowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'nonce-nonce' *; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scripthash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'sha256-IFmozo9WnnsMXVl/Ka8XzJ3Nd8yzS2zA2ME0mwtd+Ck=' 'sha256-jSpTmJKcrnHttKdYM/wCCDJoQY5tdSxNf7zd2prwFfI=' 'sha256-qbgA2XjB2EZKjn/UmK7v/K77t+fvfxA89QT/K9qPNyE=' 'sha256-K+7X5Ip3msvRvyQzf6fkrWZziuhaUIee1aLnlP5nX10='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scripthash-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'sha256-k7iO9DPkNQ7PcwPP+8XyYuRiCJ0p76Ofveol9g3mFNs=' 'sha256-EgE/bwVJ+ZLL9F5hNjDqD4C7nlFFrdDaKeNIJ2cUem4='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>script-hash allowed from default-src</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
|
||||
<script>done();</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scripthash-default-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: default-src 'self' 'sha256-sc3CeiHrlck5tH2tTC4MnBYFnI9D5zp8f9odqnmGQjE='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scripthash-ignore-unsafeinline={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' unsafe-inline' 'sha256-k7iO9DPkNQ7PcwPP+8XyYuRiCJ0p76Ofveol9g3mFNs=' 'sha256-EgE/bwVJ+ZLL9F5hNjDqD4C7nlFFrdDaKeNIJ2cUem4='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scripthash-unicode-normalization={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'nonce-nonceynonce' 'sha256-9UFeeZbvnMa0tLNu76v96T4Hh+UtDWHm2lPQJoTWb9c='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scriptnonce-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'nonce-noncynonce' 'nonce-noncy+/nonce='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scriptnonce-and-scripthash={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'sha256-LS8v1E1Ff0Hc8FobgWKNKY3sbW4rljPlZNQHyyutfKU=' 'nonce-nonceynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scriptnonce-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scriptnonce-ignore-unsafeinline={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/nonce=' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: scriptnonce-redirect={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>securitypolicyviolation-block-cross-origin-image-from-script</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var x = document.createElement('script');
|
||||
x.src = 'http://{{host}}:{{ports[http][0]}}/content-security-policy/support/inject-image.js';
|
||||
document.body.appendChild(x);
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: securitypolicyviolation-block-cross-origin-image-from-script={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>securitypolicyviolation-block-cross-origin-image</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var img = document.createElement('img');
|
||||
img.src = 'http://{{host}}:{{ports[http][0]}}/security/resources/abe.png';
|
||||
document.body.appendChild(img);
|
||||
log("TEST COMPLETE");
|
||||
|
||||
</script>
|
||||
<p>Check that a SecurityPolicyViolationEvent strips detail from cross-origin blocked URLs.</p>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: securitypolicyviolation-block-cross-origin-image={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>securitypolicyviolation-block-image-from-script</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var script = document.createElement('script');
|
||||
script.src = '../support/inject-image.js';
|
||||
document.body.appendChild(script);
|
||||
log("TEST COMPLETE");
|
||||
|
||||
</script>
|
||||
<p>Check that a SecurityPolicyViolationEvent is fired upon blocking an image injected via script.</p>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: securitypolicyviolation-block-image-from-script={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>securitypolicyviolation-block-image</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var img = document.createElement('img');
|
||||
img.src = '../support/fail.png';
|
||||
img.onerror = function() {
|
||||
log("TEST COMPLETE");
|
||||
};
|
||||
img.onload = function() {
|
||||
log("FAIL");
|
||||
};
|
||||
document.body.appendChild(img);
|
||||
|
||||
</script>
|
||||
<p>Check that a SecurityPolicyViolationEvent is fired upon blocking an image.</p>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: securitypolicyviolation-block-image={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: stylehash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: style-src 'self' 'sha256-pAKi9r4/WB7fHydbE3F3t8i8602ij2JN8zHJpL2T5BM=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: stylehash-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: style-src 'self' 'sha1-pfeR5wMA6np45oqDTP6Pj3tLpJo='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: stylehash-default-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: default-src 'self' 'sha256-SXMrww9+PS7ymkxYbv91id+HfXeO7p1uCY0xhNb4MIw='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: stylenonce-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: style-src 'self' 'nonce-noncynonce' 'nonce-noncy+/nonce='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: stylenonce-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
|
||||
Content-Security-Policy: style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: blob-urls-do-not-match-self={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; child-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: blob-urls-match-blob={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' blob:; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: combine-header-and-meta-policies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
HTTP/1.1 200 OK
|
||||
Content-Type: text/html
|
||||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: combine-multiple-policies=d0140e7d-3800-4842-b66d-370840a4569a; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID=d0140e7d-3800-4842-b66d-370840a4569a
|
||||
Content-Security-Policy: img-src 'none'
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
|
||||
<title>combine-multiple-policies</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing multiple policies:
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; styls-src 'self'
|
||||
Content-Security-Policy: img-src 'none'
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
This test checks that we enforce all the supplied policies. This test passe if it doesn't alert fail and if the style doesn't apply.
|
||||
Check that a SecurityPolicyViolationEvent is fired upon blocking an image.
|
||||
<script>
|
||||
var img = document.createElement('img');
|
||||
img.src = '../support/fail.png';
|
||||
img.onerror = function() {
|
||||
log("TEST COMPLETE");
|
||||
};
|
||||
img.onload = function() {
|
||||
log("FAIL");
|
||||
};
|
||||
document.body.appendChild(img);
|
||||
|
||||
</script>
|
||||
<style>
|
||||
body {
|
||||
background-color: blue;
|
||||
}
|
||||
|
||||
</style>
|
||||
<script>
|
||||
var el = document.querySelector('body');
|
||||
test(function() {
|
||||
assert_equals(window.getComputedStyle(el).color, "rgb(0, 0, 0)")
|
||||
});
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-beacon-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>connect-src-beacon-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
if (typeof navigator.sendBeacon != 'function') {
|
||||
t_log.set_status(t_log.NOTRUN, "No navigator.sendBeacon, cannot run test.");
|
||||
t_log.phase = t_log.phases.HAS_RESULT;
|
||||
t_log.done();
|
||||
} else {
|
||||
try {
|
||||
var es = navigator.sendBeacon("http://www1.{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/echo-report.php");
|
||||
log("Pass");
|
||||
} catch (e) {
|
||||
log("Fail");
|
||||
}
|
||||
var report = document.createElement("script");
|
||||
report.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'";
|
||||
report.async = true;
|
||||
report.defer = true;
|
||||
document.body.appendChild(report);
|
||||
}
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-beacon-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-beacon-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-eventsource-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>connect-src-eventsource-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
connect-src 'self'; script-src 'self' 'unsafe-inline';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
try {
|
||||
var es = new EventSource("http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream");
|
||||
// Firefox doesn't throw an exception and takes some time to close async
|
||||
if (es.readyState == EventSource.CONNECTING) {
|
||||
setTimeout( function() {
|
||||
es.readyState != EventSource.CLOSED ? log("Fail") : log("Pass");
|
||||
}, 2);
|
||||
} else if (es.readyState == EventSource.CLOSED) {
|
||||
log("Pass");
|
||||
} else {
|
||||
log("Fail");
|
||||
}
|
||||
|
||||
} catch (e) {
|
||||
log("Pass");
|
||||
}
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-eventsource-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-eventsource-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/resources/redir.php; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-websocket-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-websocket-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-xmlhttprequest-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>connect-src-xmlhttprequest-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
<!-- enforcing policy:
|
||||
connect-src 'self'; script-src 'self' 'unsafe-inline';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
try {
|
||||
var xhr = new XMLHttpRequest;
|
||||
xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", true);
|
||||
xhr.send();
|
||||
xhr.onload = function() {
|
||||
log("Fail");
|
||||
}
|
||||
xhr.onerror = function() {
|
||||
log("Pass");
|
||||
}
|
||||
} catch (e) {
|
||||
log("Pass");
|
||||
}
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-xmlhttprequest-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: connect-src-xmlhttprequest-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: default-src-inline-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: default-src 'self' about: 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>default-src-inline-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<!-- enforcing policy:
|
||||
default-src 'self'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
This test passes if the inline scripts don't create failing tests and a CSP report is sent.
|
||||
<script>
|
||||
test(function() {
|
||||
assert_unreached('FAIL inline script ran')
|
||||
});
|
||||
|
||||
</script>
|
||||
<script src="resources/document-write-alert-fail.js"></script>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=default-src%20'self'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: default-src-inline-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: default-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: duplicate-directive={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; script-src 'none'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-blocked-and-sends-report={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
|
||||
<iframe src="about:blank"></iframe>
|
||||
Eval should be blocked in the iframe, but inline script should be allowed.
|
||||
<script>
|
||||
window.onload = function() {
|
||||
frames[0].log("<script>alert_assert(/PASS/); eval('alert_assert(/FAIL/);');<\/script>");
|
||||
frames[0].document.close();
|
||||
}
|
||||
|
||||
</script>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-blocked-in-about-blank-iframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>eval-scripts-setInterval-allowed</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script>
|
||||
<!-- enforcing policy:
|
||||
script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
<pre>
|
||||
<script>
|
||||
{
|
||||
}
|
||||
var id_string = setInterval("clearInterval(id_string); alert_assert('PASS 1 of 2')", 0);
|
||||
if (id_string == 0)
|
||||
log('FAIL: Return value for string (should not be 0): ' + id_string);
|
||||
var id_function = setInterval(function() {
|
||||
clearInterval(id_function);
|
||||
alert_assert('PASS 2 of 2');
|
||||
}, 0);
|
||||
if (id_function == 0)
|
||||
document.write('FAIL: Return value for function (should not be 0): ' + id_function);
|
||||
</script>
|
||||
</pre>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-scripts-setInterval-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>eval-scripts-setInterval-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
|
||||
<!-- enforcing policy:
|
||||
script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
<pre>
|
||||
<script>
|
||||
{
|
||||
}
|
||||
var id = setInterval("alert_assert('FAIL')", 0);
|
||||
if (id != 0)
|
||||
log('FAIL: Return value for string (should be 0): ' + id);
|
||||
var id = setInterval(function() {
|
||||
clearInterval(id);
|
||||
alert_assert('PASS');
|
||||
}, 0);
|
||||
if (id == 0)
|
||||
document.write('FAIL: Return value for function (should not be 0): ' + id);
|
||||
</script>
|
||||
</pre>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-scripts-setInterval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>eval-scripts-setTimeout-allowed</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script>
|
||||
<!-- enforcing policy:
|
||||
script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
<pre>
|
||||
<script>
|
||||
{
|
||||
}
|
||||
var id = setTimeout("alert_assert('PASS 1 of 2')", 0);
|
||||
if (id == 0)
|
||||
log('FAIL: Return value for string (should not be 0): ' + id);
|
||||
var id = setTimeout(function() {
|
||||
alert_assert('PASS 2 of 2');
|
||||
}, 0);
|
||||
if (id == 0)
|
||||
document.write('FAIL: Return value for function (should not be 0): ' + id);
|
||||
</script>
|
||||
</pre>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-scripts-setTimeout-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>eval-scripts-setTimeout-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
|
||||
<!-- enforcing policy:
|
||||
script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
<pre>
|
||||
<script>
|
||||
{
|
||||
}
|
||||
var id = setTimeout("alert_assert('FAIL')", 0);
|
||||
if (id != 0)
|
||||
log('FAIL: Return value for string (should be 0): ' + id);
|
||||
var id = setTimeout(function() {
|
||||
alert_assert('PASS');
|
||||
}, 0);
|
||||
if (id == 0)
|
||||
document.write('FAIL: Return value for function (should not be 0): ' + id);
|
||||
</script>
|
||||
</pre>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: eval-scripts-setTimeout-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: filesystem-urls-do-not-match-self={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: filesystem-urls-match-filesystem={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' filesystem:; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: frame-src-about-blank-allowed-by-default={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: frame-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: frame-src-about-blank-allowed-by-scheme={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: frame-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: frame-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: frame-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: frame-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: frame-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: frame-src-cross-origin-load={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: frame-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>function-constructor-allowed</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
|
||||
<!-- enforcing policy:
|
||||
script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
(new Function("alert_assert('PASS')"))();
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: function-constructor-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: function-constructor-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<script>
|
||||
{}
|
||||
|
||||
function createLink(rel, src) {
|
||||
var link = document.createElement('link');
|
||||
link.rel = rel;
|
||||
link.href = src;
|
||||
document.head.appendChild(link);
|
||||
}
|
||||
window.addEventListener('DOMContentLoaded', function() {
|
||||
createLink('icon', 'http://localhost/foo?q=from_icon'); {}
|
||||
});
|
||||
|
||||
</script>
|
||||
<p>Use callbacks to show that favicons are loaded as allowed by CSP when link tags are dynamically added to the page.</p>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: icon-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: img-src http://localhost; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<script>
|
||||
function createLink(rel, src) {
|
||||
var link = document.createElement('link');
|
||||
link.rel = rel;
|
||||
link.href = src;
|
||||
document.head.appendChild(link);
|
||||
}
|
||||
window.addEventListener('DOMContentLoaded', function() {
|
||||
createLink('icon', 'http://localhost/foo?q=from_icon'); {}
|
||||
});
|
||||
|
||||
</script>
|
||||
<p>Use callbacks to show that favicons are not loaded in violation of CSP when link tags are dynamically added to the page.</p>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: icon-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1 +0,0 @@
|
|||
<iframe src="resources/sandboxed-eval.php"></iframe>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: iframe-inside-csp={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>image-allowed</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
|
||||
<!-- enforcing policy:
|
||||
img-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="../support/pass.png" onload="alert_assert(this.width == 168 ? 'PASS' : 'FAIL')">
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: image-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: img-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<title>image-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="../support/logTest.sub.js?logs=[]"></script>
|
||||
<script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>
|
||||
<!-- enforcing policy:
|
||||
img-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';
|
||||
-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
This test passes if it doesn't alert FAIL and does alert PASS.
|
||||
<img src="../support/pass.png" onload='alert_assert("FAIL")' onerror='alert_assert("PASS")'>
|
||||
<div id="log"></div>
|
||||
<script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Cache-Control: post-check=0, pre-check=0, false
|
||||
Pragma: no-cache
|
||||
Set-Cookie: image-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib
|
||||
Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue