Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-10 16:05:43 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 14cfa4d648cc1c853b4153268df672d21425f8c1

Browse source
This commit is contained in:
Josh Matthews 2017-10-30 09:31:22 -04:00
parent 1b73cf3352
commit 75736751d9
1213 changed files with 19434 additions and 12344 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html
View file

@ -3,22 +3,27 @@
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="child-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>child-src-about-blank-allowed-by-default</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<!-- enforcing policy:
child-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
-->
<p>These frames should not be blocked by Content-Security-Policy.
It&apos;s pointless to block about:blank iframes because
blocking a frame just results in displaying about:blank anyway!
</p>
<script>
var t = async_test("Check that frames load without throwing any violation events");
window.addEventListener("securitypolicyviolation", t.unreached_func("Should not have fired any events"));
</script>
<iframe src="about:blank"></iframe>
<object type="text/html" data="about:blank"></object>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
<script>
t.done();
</script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-about-blank-allowed-by-default={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: child-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

15
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html
View file

@ -3,18 +3,23 @@
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="child-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>child-src-about-blank-allowed-by-scheme</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<!-- enforcing policy:
child-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self';
-->
<p>This frame should not be blocked by Content-Security-Policy.
</p>
<script>
var t = async_test("Check that frames load without throwing any violation events");
window.addEventListener("securitypolicyviolation", t.unreached_func("Should not have fired any events"));
</script>
<iframe src="about:blank"></iframe>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
<script>
t.done();
</script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-about-blank-allowed-by-scheme={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: child-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

9
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-allowed.sub.html
View file

@ -3,6 +3,7 @@
<head>
<title>child-src-allowed</title>
<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event."]'></script>
@ -10,6 +11,10 @@
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);
window.addEventListener("securitypolicyviolation", function(e) {
alert_assert("Fail");
});
var t_alert = async_test('Expecting alerts: ["PASS"]');
var expected_alerts = ["PASS"];
@ -36,9 +41,6 @@
}
</script>
<!-- enforcing policy:
Content-Security-Policy: child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
-->
<p>
This iframe should be allowed.
</p>
@ -57,7 +59,6 @@ Content-Security-Policy: child-src 'self'; script-src 'self' 'unsafe-inline'; co
<body>
<iframe src="/content-security-policy/support/postmessage-pass.html" onload="loadEvent()"></iframe>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-allowed.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-allowed={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

11
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-blocked.sub.html
View file

@ -3,14 +3,19 @@
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="child-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>child-src-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event."]'></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.", "violated-directive=frame-src"]'></script>
<script>
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);
window.addEventListener("securitypolicyviolation", function(e) {
log("violated-directive=" + e.violatedDirective);
});
function alert_assert(msg) {
t_log.step(function() {
@ -34,9 +39,6 @@
}
</script>
<!-- enforcing policy:
child-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
-->
<p>
IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS.
</p>
@ -55,7 +57,6 @@ child-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<body>
<iframe src="/content-security-policy/support/postmessage-fail.html" onload="loadEvent()" onerror="log('FAIL')"></iframe>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=frame-src%20&apos;none&apos;"></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-blocked.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-blocked={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: child-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

8
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html
View file

@ -2,14 +2,19 @@
<html>
<head>
<title>child-src-blocked</title>
<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event."]'></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.", "violated-directive=frame-src"]'></script>
<script>
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);
window.addEventListener("securitypolicyviolation", function(e) {
log("violated-directive=" + e.violatedDirective);
});
function alert_assert(msg) {
t_log.step(function() {
if (msg.match(/^FAIL/i)) {
@ -55,7 +60,6 @@ frame-src 'none'; child-src 'self'; script-src 'self' 'unsafe-inline'; connect-s
<body>
<iframe src="/content-security-policy/support/postmessage-fail.html" onload="loadEvent()" onerror="log('FAIL')"></iframe>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=frame-src%20&apos;none&apos;"></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-conflicting-frame-src={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: frame-src 'none'; child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

8
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-cross-origin-load.sub.html
View file

@ -3,15 +3,20 @@
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="child-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>child-src-cross-origin-load</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.","PASS IFrame %232 generated a load event.","PASS IFrame %233 generated a load event."]'></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.","PASS IFrame %232 generated a load event.","PASS IFrame %233 generated a load event.", "violated-directive=frame-src"]'></script>
<script>
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);
window.addEventListener("securitypolicyviolation", function(e) {
log("violated-directive=" + e.violatedDirective);
});
var t_alert = async_test('Expecting alerts: ["PASS","PASS"]');
var expected_alerts = ["PASS", "PASS"];
@ -62,7 +67,6 @@ child-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'uns
<iframe src="http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/postmessage-pass.html" onload="loadEvent()"></iframe>
<iframe src="http://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/postmessage-fail.html" onload="loadEvent()" onerror="log('FAIL')"></iframe>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=frame-src%20&apos;self&apos;"></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-cross-origin-load.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-cross-origin-load={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: child-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}

8
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-redirect-blocked.sub.html
View file

@ -3,15 +3,20 @@
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>child-src-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event."]'></script>
<script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.", "violated-directive=frame-src"]'></script>
<script>
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);
window.addEventListener("securitypolicyviolation", function(e) {
log("violated-directive=" + e.violatedDirective);
});
function alert_assert(msg) {
t_log.step(function() {
if (msg.match(/^FAIL/i)) {
@ -55,7 +60,6 @@ child-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<body>
<iframe src="/common/redirect.py?location=http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/postmessage-fail.html" onload="loadEvent()" onerror="log('FAIL')"></iframe>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=frame-src%20&apos;none&apos;"></script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/child-src/child-src-redirect-blocked.sub.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: child-src-redirect-blocked={{$id:uuid()}}; Path=/content-security-policy/child-src
Content-Security-Policy: child-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}