Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-15 02:15:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 14cfa4d648cc1c853b4153268df672d21425f8c1

Browse source
This commit is contained in:
Josh Matthews 2017-10-30 09:31:22 -04:00
parent 1b73cf3352
commit 75736751d9
1213 changed files with 19434 additions and 12344 deletions
Download patch file Download diff file Expand all files Collapse all files

40
tests/wpt/web-platform-tests/content-security-policy/style-src/injected-inline-style-allowed.sub.html Normal file
View file

@ -0,0 +1,40 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>injected-inline-style-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS: 2 stylesheets on the page."]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<div id="test1">
FAIL 1/2
</div>
<div id="test2">
FAIL 2/2
</div>
<script src="support/inject-style.js"></script>
<script>
if (document.styleSheets.length === 2)
log("PASS: 2 stylesheets on the page.");
else
log("FAIL: " + document.styleSheets.length + " stylesheets on the page (should be 2).");
</script>
<div id="log"></div>
</body>
</html>

36
tests/wpt/web-platform-tests/content-security-policy/style-src/injected-inline-style-blocked.sub.html Normal file
View file

@ -0,0 +1,36 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>injected-inline-style-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=style-src","PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
<div id="test1">
PASS 1/2
</div>
<div id="test2">
PASS 2/2
</div>
<script src="support/inject-style.js"></script>
<script>
log(document.styleSheets.length == 0 ? "PASS" : "FAIL");
</script>
<div id="log"></div>
</body>
</html>

127
tests/wpt/web-platform-tests/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html Normal file
View file

@ -0,0 +1,127 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>inline-style-allowed-while-cloning-objects</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
var t = async_test("Test that violation report event was fired");
window.addEventListener("securitypolicyviolation", t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "style-src");
}));
window.onload = function() {
window.nodes = document.getElementById('nodes');
window.node1 = document.getElementById('node1');
window.node1.style.background = "yellow";
window.node1.style.color = "red";
window.node2 = document.getElementById('node1').cloneNode(true);
window.node2.id = "node2";
window.node3 = document.getElementById('node3');
window.node3.style.background = "blue";
window.node3.style.color = "green";
window.node4 = document.getElementById('node3').cloneNode(false);
window.node4.id = "node4";
window.node4.innerHTML = "Node #4";
nodes.appendChild(node1);
nodes.appendChild(node2);
nodes.appendChild(node3);
nodes.appendChild(node4);
test(function() {
assert_equals(node1.style.background.match(/yellow/)[0], "yellow")
});
test(function() {
assert_equals(node2.style.background.match(/yellow/)[0], "yellow")
});
test(function() {
assert_equals(node3.style.background.match(/blue/)[0], "blue")
});
test(function() {
assert_equals(node4.style.background.match(/blue/)[0], "blue")
});
test(function() {
assert_equals(node1.style.color, "red")
});
test(function() {
assert_equals(node2.style.color, "red")
});
test(function() {
assert_equals(node3.style.color, "green")
});
test(function() {
assert_equals(node4.style.color, "green")
});
test(function() {
assert_equals(window.getComputedStyle(node1).background, window.getComputedStyle(node2).background)
});
test(function() {
assert_equals(window.getComputedStyle(node3).background, window.getComputedStyle(node4).background)
});
test(function() {
assert_equals(window.getComputedStyle(node1).color, window.getComputedStyle(node2).color)
});
test(function() {
assert_equals(window.getComputedStyle(node3).color, window.getComputedStyle(node4).color)
});
window.ops = document.getElementById('ops');
ops.style.color = 'red';
window.clonedOps = ops.cloneNode(true);
window.violetOps = document.getElementById('violetOps');
violetOps.style.background = 'rgb(238, 130, 238)';
document.getElementsByTagName('body')[0].appendChild(clonedOps);
test(function() {
assert_equals(ops.style.background, "")
});
test(function() {
assert_equals(ops.style.color, "red")
});
test(function() {
assert_equals(clonedOps.style.background, "")
});
test(function() {
assert_equals(violetOps.style.background.match(/rgb\(238, 130, 238\)/)[0], "rgb(238, 130, 238)")
});
test(function() {
assert_equals(window.getComputedStyle(clonedOps).background, window.getComputedStyle(ops).background)
});
test(function() {
assert_equals(window.getComputedStyle(clonedOps).color, window.getComputedStyle(ops).color)
});
test(function() {
assert_equals(window.getComputedStyle(ops).background, window.getComputedStyle(violetOps).background)
});
test(function() {
assert_equals(window.getComputedStyle(clonedOps).background, window.getComputedStyle(violetOps).background)
});
test(function() {
assert_equals(ops.id, "ops")
});
test(function() {
assert_equals(ops.id, clonedOps.id)
});
};
</script>
</head>
<body>
<p>
This test ensures that styles can be set by object.cloneNode()
</p>
<div id="nodes">
This is a div (nodes)
<div id="node1"> This is a div. (node 1 or 2)</div>
<div id="node3"> This is a div. (node 3 or 4)</div>
</div>
<div id="ops" style="background: rgb(238, 130, 238)">
Yet another div.
</div>
<div id="violetOps">
Yet another div.
</div>
<div id="log"></div>
</body>
</html>

34
tests/wpt/web-platform-tests/content-security-policy/style-src/inline-style-allowed.sub.html Normal file
View file

@ -0,0 +1,34 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';">
<title>inline-style-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<style>
.target {
background-color: blue;
}
</style>
</head>
<body class="target">
<script>
log(document.styleSheets.length > 0 ? 'PASS' : 'FAIL');
</script>
<div id="log"></div>
</body>
</html>

28
tests/wpt/web-platform-tests/content-security-policy/style-src/inline-style-attribute-allowed.sub.html Normal file
View file

@ -0,0 +1,28 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';">
<title>inline-style-attribute-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body style="background-color: blue;">
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<script>
log(document.body.style.length > 0 ? 'PASS' : 'FAIL');
</script>
<div id="log"></div>
</body>
</html>

27
tests/wpt/web-platform-tests/content-security-policy/style-src/inline-style-attribute-blocked.sub.html Normal file
View file

@ -0,0 +1,27 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';">
<title>inline-style-attribute-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=style-src","PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
</head>
<body style="background-color: blue;">
<script>
log(document.body.style.length > 0 ? 'FAIL' : 'PASS');
</script>
<div id="log"></div>
</body>
</html>

28
tests/wpt/web-platform-tests/content-security-policy/style-src/inline-style-attribute-on-html.sub.html Normal file
View file

@ -0,0 +1,28 @@
<!DOCTYPE html>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<html style="background-color: blue;">
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'">
<title>inline-style-attribute-on-html</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<p>Even though this page has a CSP policy the blocks inline style, the style attribute on the HTML element still takes effect because it preceeds the meta element.
</p>
<script>
log(document.documentElement.style.length > 0 ? 'PASS' : 'FAIL');
</script>
<div id="log"></div>
</body>
</html>

33
tests/wpt/web-platform-tests/content-security-policy/style-src/inline-style-blocked.sub.html Normal file
View file

@ -0,0 +1,33 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';">
<title>inline-style-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
<style>
.target {
background-color: blue;
}
</style>
</head>
<body class="target">
<script>
log(document.styleSheets.length > 0 ? 'FAIL' : 'PASS');
</script>
<div id="log"></div>
</body>
</html>

3
tests/wpt/web-platform-tests/content-security-policy/style-src/resources/allowed.css Normal file
View file

@ -0,0 +1,3 @@
#test {
color: green;
}

28
tests/wpt/web-platform-tests/content-security-policy/style-src/style-allowed.sub.html Normal file
View file

@ -0,0 +1,28 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';">
<title>style-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<link rel="stylesheet" href="resources/blue.css">
</head>
<body>
<script>
log(document.styleSheets.length > 0 ? 'PASS' : 'FAIL');
</script>
<div id="log"></div>
</body>
</html>

28
tests/wpt/web-platform-tests/content-security-policy/style-src/style-blocked.sub.html Normal file
View file

@ -0,0 +1,28 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';">
<title>style-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=style-src","PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
<link rel="stylesheet" href="resources/blue.css">
</head>
<body>
<script>
log(document.styleSheets.length > 0 ? 'FAIL' : 'PASS');
</script>
<div id="log"></div>
</body>
</html>

81
tests/wpt/web-platform-tests/content-security-policy/style-src/stylehash-allowed.sub.html Normal file
View file

@ -0,0 +1,81 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'self' 'sha256-pAKi9r4/WB7fHydbE3F3t8i8602ij2JN8zHJpL2T5BM=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>stylehash-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../support/logTest.sub.js?logs=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
alert_assert("Fail");
});
var t_alert = async_test('Expecting alerts: ["PASS (1/4): The \'#p1\' element\'s text is green, which means the style was correctly applied.","PASS (2/4): The \'#p2\' element\'s text is green, which means the style was correctly applied.","PASS (3/4): The \'#p3\' element\'s text is green, which means the style was correctly applied.","PASS (4/4): The \'#p4\' element\'s text is green, which means the style was correctly applied."]');
var expected_alerts = ["PASS (1/4): The '#p1' element's text is green, which means the style was correctly applied.", "PASS (2/4): The '#p2' element's text is green, which means the style was correctly applied.", "PASS (3/4): The '#p3' element's text is green, which means the style was correctly applied.", "PASS (4/4): The '#p4' element's text is green, which means the style was correctly applied."];
function alert_assert(msg) {
t_alert.step(function() {
if (msg.match(/^FAIL/i)) {
assert_unreached(msg);
t_alert.done();
}
for (var i = 0; i < expected_alerts.length; i++) {
if (expected_alerts[i] == msg) {
assert_true(expected_alerts[i] == msg);
expected_alerts.splice(i, 1);
if (expected_alerts.length == 0) {
t_alert.done();
}
return;
}
}
assert_unreached('unexpected alert: ' + msg);
t_log.done();
});
}
</script>
<!-- enforcing policy:
style-src 'sha256-pAKi9r4/WB7fHydbE3F3t8i8602ij2JN8zHJpL2T5BM=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self';
-->
</head>
<body>
<p id="p1">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p1 is fired.</p>
<p id="p2">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p2 is fired.</p>
<p id="p3">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p3 is fired.</p>
<p id="p4">This tests the result of a valid style hash. It passes if this text is green, and a &quot;PASS&quot; alert for p4 is fired.</p>
<style>p#p1 { color: green; }</style>
<style>p#p2 { color: green; }</style>
<style>p#p3 { color: green; }</style>
<style>p#p4 { color: green; }</style>
<script>
var color = window.getComputedStyle(document.querySelector('#p1')).color;
if (color === "rgb(0, 128, 0)")
alert_assert("PASS (1/4): The '#p1' element's text is green, which means the style was correctly applied.");
else
alert_assert("FAIL (1/4): The '#p1' element's text is " + color + ", which means the style was incorrectly applied.");
var color = window.getComputedStyle(document.querySelector('#p2')).color;
if (color === "rgb(0, 128, 0)")
alert_assert("PASS (2/4): The '#p2' element's text is green, which means the style was correctly applied.");
else
alert_assert("FAIL (2/4): The '#p2' element's text is " + color + ", which means the style was incorrectly applied.");
var color = window.getComputedStyle(document.querySelector('#p3')).color;
if (color === "rgb(0, 128, 0)")
alert_assert("PASS (3/4): The '#p3' element's text is green, which means the style was correctly applied.");
else
alert_assert("FAIL (3/4): The '#p3' element's text is " + color + ", which means the style was incorrectly applied.");
var color = window.getComputedStyle(document.querySelector('#p4')).color;
if (color === "rgb(0, 128, 0)")
alert_assert("PASS (4/4): The '#p4' element's text is green, which means the style was correctly applied.");
else
alert_assert("FAIL (4/4): The '#p4' element's text is " + color + ", which means the style was incorrectly applied.");
</script>
<div id="log"></div>
</body>
</html>

62
tests/wpt/web-platform-tests/content-security-policy/style-src/stylehash-basic-blocked.sub.html Normal file
View file

@ -0,0 +1,62 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'self' 'sha256-FSRZotz4y83Ib8ZaoVj9eXKaeWXVUawM8zAPfYeYySs='; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>stylehash-basic-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../support/logTest.sub.js?logs=[]"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
alert_assert("violated-directive=" + e.violatedDirective);
});
var t_alert = async_test('Expecting alerts: ["PASS: The \'p\' element\'s text is green, which means the style was correctly applied.", "violated-directive=style-src"]');
var expected_alerts = ["PASS: The 'p' element's text is green, which means the style was correctly applied.", "violated-directive=style-src"];
function alert_assert(msg) {
t_alert.step(function() {
if (msg.match(/^FAIL/i)) {
assert_unreached(msg);
t_alert.done();
}
for (var i = 0; i < expected_alerts.length; i++) {
if (expected_alerts[i] == msg) {
assert_true(expected_alerts[i] == msg);
expected_alerts.splice(i, 1);
if (expected_alerts.length == 0) {
t_alert.done();
}
return;
}
}
assert_unreached('unexpected alert: ' + msg);
t_log.done();
});
}
</script>
<style>p { color: green; }</style>
<style>p { color: red; }</style>
<style>p { color: purple; }</style>
<style>p { color: blue; }</style>
</head>
<body>
<p>
This tests the effect of a valid style-hash value, with one valid style and several invalid ones. It passes if the valid style is applied and a CSP violation is generated.
</p>
<script>
var color = window.getComputedStyle(document.querySelector('p')).color;
if (color === "rgb(0, 128, 0)")
alert_assert("PASS: The 'p' element's text is green, which means the style was correctly applied.");
else
alert_assert("FAIL: The 'p' element's text is " + color + ", which means the style was incorrectly applied.");
</script>
<div id="log"></div>
</body>
</html>

26
tests/wpt/web-platform-tests/content-security-policy/style-src/stylehash-default-src.sub.html Normal file
View file

@ -0,0 +1,26 @@
<!DOCTYPE html>
<html>
<head>
<title>stylehash allowed from default-src</title>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'sha256-SXMrww9+PS7ymkxYbv91id+HfXeO7p1uCY0xhNb4MIw='; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
test(function() { assert_unreached("securitypolicyviolat was fired")});
});
</script>
</head>
<body>
<p id="p">Test</p>
<style>p#p { color: green; }</style>
<script>
var color = window.getComputedStyle(document.querySelector('#p')).color;
assert_equals(color, "rgb(0, 128, 0)");
done();
</script>
<div id="log"></div>
</body>
</html>

58
tests/wpt/web-platform-tests/content-security-policy/style-src/stylenonce-allowed.sub.html Normal file
View file

@ -0,0 +1,58 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'self' 'nonce-noncynonce' 'nonce-noncy+/nonce='; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>stylenonce-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../support/logTest.sub.js?logs=[]"></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
var t_spv = async_test("Should fire securitypolicyviolation");
window.addEventListener('securitypolicyviolation', t_spv.step_func_done(function(e) {
assert_equals(e.violatedDirective, "style-src");
}));
</script>
<style nonce="noncynonce">
#test1 {
color: green;
}
</style>
<style>
#test1 {
color: red;
}
</style>
<style nonce="noncynonce">
#test2 {
color: green;
}
</style>
</head>
<body>
<p id="test1">This text should be green.</p>
<p id="test2">This text should also be green.</p>
<script>
var el = document.querySelector('#test1');
test(function() {
assert_equals(window.getComputedStyle(el).color, "rgb(0, 128, 0)")
});
var el = document.querySelector('#test2');
test(function() {
assert_equals(window.getComputedStyle(el).color, "rgb(0, 128, 0)")
});
</script>
<p>Style correctly whitelisted via a 'nonce-*' expression in 'style-src' should be applied to the page.</p>
<div id="log"></div>
</body>
</html>

40
tests/wpt/web-platform-tests/content-security-policy/style-src/stylenonce-blocked.sub.html Normal file
View file

@ -0,0 +1,40 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>stylenonce-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<link rel="stylesheet" type="text/css" href="../style-src/resources/allowed.css">
<script src="../support/logTest.sub.js?logs=[]"></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<script>
var t_spv = async_test("Should fire securitypolicyviolation");
window.addEventListener('securitypolicyviolation', t_spv.step_func_done(function(e) {
assert_equals(e.violatedDirective, "style-src");
}));
</script>
<style nonce="noncynonce">
#test {
color: red;
}
</style>
</head>
<body>
<p id="test">This text should be green.</p>
<script>
var el = document.querySelector('#test');
test(function() {
assert_equals(window.getComputedStyle(el).color, "rgb(0, 128, 0)")
});
</script>
<p>Style that does not match a 'nonce-*' expression in 'style-src' should not be applied to the page.</p>
<div id="log"></div>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/style-src/support/inject-style.js Normal file
View file

@ -0,0 +1,5 @@
document.write("<style>#test1 { display: none; }</style>");
var s = document.createElement('style');
s.textContent = "#test2 { display: none; }";
document.body.appendChild(s);