Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-25 23:28:21 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 0a518aaff73532a26e175789f7e75fa99593ac64

Browse source
This commit is contained in:
Ms2ger 2016-04-21 11:33:07 +02:00
parent 9c172f49d0
commit abcd4b654f
92 changed files with 2869 additions and 642 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html
View file

@ -32,7 +32,7 @@ form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<input type="text" name="fieldname" value="fieldvalue">
<input type="submit" id="submit" value="submit">
</form>
<p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed.</p>
<p>Tests that allowed form actions work correctly.</p>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
</body>

2
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html
View file

@ -31,7 +31,7 @@ form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<input type="text" name="fieldname" value="fieldvalue">
<input type="submit" id="submit" value="submit">
</form>
<p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p>
<p>Tests that blocking form actions works correctly.</p>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20&apos;none&apos;"></script>

3
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html
View file

@ -33,7 +33,8 @@ form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<input type="text" name="fieldname" value="fieldvalue">
<input type="submit" id="submit" value="submit">
</form>
<p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed.</p>
<p>Tests that allowed form actions work correctly
with GET and a redirect.</p>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
</body>

3
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html
View file

@ -33,7 +33,8 @@ form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<input type="text" name="fieldname" value="fieldvalue">
<input type="submit" id="submit" value="submit">
</form>
<p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed.</p>
<p>Tests that disallowed form actions are blocked
with GET and redirects.</p>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20&apos;none&apos;
"></script>

2
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html
View file

@ -33,7 +33,7 @@ form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';
<input type="text" name="fieldname" value="fieldvalue">
<input type="submit" id="submit" value="submit">
</form>
<p>Tests that blocking form redirect works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p>
<p>Tests that blocking a POST form with a redirect works correctly. If this test passes, a CSP violation will be generated.</p>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=form-action%20'self'"></script>
</body>

8
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html
View file

@ -14,14 +14,14 @@ script-src 'self' 'unsafe-inline' 'none'; connect-src 'self';
</head>
<body>
<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
<p>This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document&apos;s head.</p>
<script>
alert_assert("PASS (1/1)");
var aa = "PASS (1/1)";
</script>
<script src="metaHelper.js"></script>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
<script src="../support/checkReport.sub.js?reportExists=false"></script>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/metaHelper.js Normal file
View file

@ -0,0 +1,5 @@
if (typeof aa != 'undefined') {
alert_assert(aa);
} else {
alert_assert("Failed - allowed inline script blocked by meta policy outside head.");
}

4
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html
View file

@ -6,7 +6,7 @@
<title>plugintypes-notype-data</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src='../support/logTest.sub.js?logs=["PASS: object tag onerror handler fired"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
<!-- enforcing policy:
plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';
@ -15,7 +15,7 @@ plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; conn
<body>
Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there&apos;s a CSP report and &quot;FAIL!&quot; isn&apos;t logged.
<object data="data:application/x-webkit-test-netscape" onload="log('FAIL');" onerror="log('PASS');"></object>
<object data="data:application/x-webkit-test-netscape" onload="log('FAIL');" onerror="log('PASS: object tag onerror handler fired');"></object>
<div id="log"></div>
<script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=plugin-types+application/x-invalid-type"></script>
</body>

18
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html
View file

@ -7,7 +7,6 @@
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</script>
<!-- enforcing policy:
script-src 'self' 'nonce-nonceynonce' 'sha256-dWTP4Di8KBjaiXvQ5mRquI9OoBSo921ahYxLfYSiuT8='; connect-src 'self';
-->
@ -34,12 +33,9 @@ script-src 'self' 'nonce-nonceynonce' 'sha256-dWTP4Di8KBjaiXvQ5mRquI9OoBSo921ahY
var scriptContent2 = "window.finish('" + nonMatchingContent + "');";
var script1 = document.createElement('script');
script1.innerHTML = scriptContent1;
var script2 = document.createElement('script');
script2.innerHTML = scriptContent2;
script1.test = async_test("Inline script with hash in CSP");
script2.test = async_test("Inline script without hash in CSP");
script1.test = async_test("Only matching content runs even with NFC normalization.");
var failure = function() {
assert_unreached();
@ -51,16 +47,18 @@ script-src 'self' 'nonce-nonceynonce' 'sha256-dWTP4Di8KBjaiXvQ5mRquI9OoBSo921ahY
script1.test.done();
});
} else {
assert_unreached();
script1.test.step(function() {
assert_unreached("nonMatchingContent script ran");
});
}
}
script1.onerror = failure;
script2.onerror = script2.test.step_func(function() {
script2.test.done();
});
document.body.appendChild(script1);
document.body.appendChild(script2);
script2.textContent = scriptContent2;
document.body.appendChild(script1);
script1.textContent = scriptContent1;
</script>
<p>

39
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html
View file

@ -6,49 +6,16 @@
<title>scriptnonce-basic-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script nonce='noncynonce'>
function log(msg) {
test(function() {
assert_unreached(msg)
});
}
</script>
<script nonce='noncynonce'>
var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]');
var expected_alerts = ["PASS (1/2)", "PASS (2/2)"];
function alert_assert(msg) {
t_alert.step(function() {
if (msg.match(/^FAIL/i)) {
assert_unreached(msg);
t_alert.done();
}
for (var i = 0; i < expected_alerts.length; i++) {
if (expected_alerts[i] == msg) {
assert_true(expected_alerts[i] == msg);
expected_alerts.splice(i, 1);
if (expected_alerts.length == 0) {
t_alert.done();
}
return;
}
}
assert_unreached('unexpected alert: ' + msg);
t_log.done();
});
}
</script>
<script src='../support/alertAssert.sub.js?alerts=["PASS (closely-quoted nonce)","PASS (nonce w/whitespace)"]'></script>
<!-- enforcing policy:
script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self';
-->
<script nonce="noncynonce">
alert_assert('PASS (1/2)');
alert_assert('PASS (closely-quoted nonce)');
</script>
<script nonce=" noncynonce ">
alert_assert('PASS (2/2)');
alert_assert('PASS (nonce w/whitespace)');
</script>
<script nonce="noncynonce noncynonce">

2
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html
View file

@ -34,7 +34,7 @@
</script>
<!-- enforcing policy:
style-src 'sha1-eYyYGmKWdhpUewohaXk9o8IaLSw=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self';
style-src 'sha256-pAKi9r4/WB7fHydbE3F3t8i8602ij2JN8zHJpL2T5BM=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self';
-->
</head>

2
tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html.sub.headers
View file

@ -3,4 +3,4 @@ Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: stylehash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2
Content-Security-Policy: style-src 'self' 'sha1-eYyYGmKWdhpUewohaXk9o8IaLSw=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
Content-Security-Policy: style-src 'self' 'sha256-pAKi9r4/WB7fHydbE3F3t8i8602ij2JN8zHJpL2T5BM=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}