mirror of
https://github.com/servo/servo.git
synced 2025-10-04 02:29:12 +01:00
Update web-platform-tests to revision 2c89bbecfab9a69190906abd7610c3bc62303dd4
This commit is contained in:
WPT Sync Bot
parent
48bb94ded8
commit
b33912a5ce
87 changed files with 1442 additions and 452 deletions
|
|
@ -1,14 +1,13 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child)");
|
||||
var t = async_test("Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'success');
|
||||
});
|
||||
|
|
|
|||
|
|
@ -6,7 +6,14 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
<iframe srcdoc="<iframe src='support/navigate_parent.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}'>"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
|
||||
</body>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -12,5 +12,5 @@
|
|||
assert_equals(e.data.result, 'success');
|
||||
});
|
||||
</script>
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html">
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html&report_id=dummy">
|
||||
</body>
|
||||
|
|
@ -12,5 +12,5 @@
|
|||
assert_equals(e.data.result, 'success');
|
||||
});
|
||||
</script>
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html">
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27self%27%3B&action=post_message_to_frame_owner.html&report_id=dummy">
|
||||
</body>
|
||||
|
|
@ -13,5 +13,5 @@
|
|||
assert_equals(e.data.violatedDirective, 'form-action');
|
||||
});
|
||||
</script>
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html">
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html&report_id=dummy">
|
||||
</body>
|
||||
|
|
@ -13,5 +13,5 @@
|
|||
assert_equals(e.data.violatedDirective, 'form-action');
|
||||
});
|
||||
</script>
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html">
|
||||
<iframe src="../support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27%3B%20form-action%20%27none%27%3B&action=post_message_to_frame_owner.html&report_id=dummy">
|
||||
</body>
|
||||
|
|
@ -6,6 +6,13 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&action=post_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,13 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&action=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,14 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
|
||||
<iframe src="support/form_action_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&action=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -7,6 +7,12 @@
|
|||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
|
||||
window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html", "_blank");
|
||||
</script>
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,12 @@
|
|||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
|
||||
window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
|
||||
</script>
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,12 @@
|
|||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
|
||||
window.open("support/href_location_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html", "_blank");
|
||||
</script>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,14 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
</body>
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
|
|
|||
|
|
@ -1,12 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
|
||||
<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
|
|
|||
|
|
@ -1,12 +1,18 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
<iframe src="support/link_click_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,14 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
|
||||
<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27none%27&report_id={{$id:uuid()}}&target=post_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27none%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,14 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
|
||||
<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=http%3A%2F%2F{{domains[www1]}}:{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,14 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is not allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
</script>
|
||||
|
||||
<iframe src="support/meta_refresh_navigation.sub.html?csp=navigate-to%20%27self%27&report_id={{$id:uuid()}}&target=redirect_to_post_message_to_frame_owner.py%3Flocation%3Dhttp%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}%2Fcontent-security-policy%2Fnavigate-to%2Fsupport%2Fpost_message_to_frame_owner.html"></iframe>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20%27self%27&reportID={{$id}}'></script>
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the parent can navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent)");
|
||||
var t = async_test("Test that the parent can navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to 'self'`)");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'success');
|
||||
});
|
||||
|
|
@ -23,4 +23,4 @@
|
|||
i.src = "support/wait_for_navigation.html?csp=navigate-to%20%none%27";
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
</body>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -7,6 +7,12 @@
|
|||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the parent can't navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to support/wait_for_navigation.html;`)");
|
||||
window.onmessage = t.unreached_func("Should not have received a message as the navigation should not have been successful");
|
||||
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
|
||||
assert_equals(e.violatedDirective, 'navigate-to');
|
||||
}));
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
var src_changed = false;
|
||||
i.onload = function() {
|
||||
|
|
@ -17,5 +23,6 @@
|
|||
i.src = "support/wait_for_navigation.html?csp=navigate-to%20%27self%27";
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=navigate-to%20support%2Fwait_for_navigation.html'></script>
|
||||
</body>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<!-- This tests that a navigation initiator that has been replaced by the time
|
||||
the navigation it initiates is blocked, will not receive the SPV event.
|
||||
|
||||
An iframe will navigate another iframe and the navigate itself.
|
||||
The second iframe's navigation response will be delayed by the server but will
|
||||
eventually be blocked by the CSP of the first iframe.
|
||||
By the time this happens the first iframe should be an entirely different
|
||||
document and it should not receive a SPV event -->
|
||||
<script>
|
||||
var t = async_test("Test that no spv event is raised");
|
||||
window.onmessage = t.step_func(function(e) {
|
||||
if (e.data == "end_test") t.done();
|
||||
else assert_unreached("Should not have raised a spv event");
|
||||
});
|
||||
|
||||
var frames_loaded_count = 0;
|
||||
var frame_loaded = function() {
|
||||
if (++frames_loaded_count == 2) {
|
||||
// both child frame have loaded we can start the
|
||||
// test now, send a message to iframe1 so it knows to start
|
||||
document.getElementById('iframe1').contentWindow.postMessage('start_test', '*');
|
||||
}
|
||||
}
|
||||
var i1 = document.createElement('iframe');
|
||||
i1.src = "support/spv-test-iframe1.sub.html?report_id={{$id:uuid()}}";
|
||||
i1.id = "iframe1";
|
||||
i1.name = "iframe1";
|
||||
i1.onload = frame_loaded;
|
||||
document.body.appendChild(i1);
|
||||
|
||||
var i2 = document.createElement('iframe');
|
||||
i2.src = "support/spv-test-iframe2.sub.html";
|
||||
i2.id = "iframe2";
|
||||
i2.name = "iframe2";
|
||||
i2.onload = frame_loaded;
|
||||
document.body.appendChild(i2);
|
||||
</script>
|
||||
|
||||
<script async defer src='../support/checkReport.sub.js?reportExists=false&reportID={{$id}}'></script>
|
||||
|
||||
</body>
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
import time
|
||||
def main(request, response):
|
||||
time.sleep(1)
|
||||
headers = [("Content-Type", "text/html")]
|
||||
return headers, '''
|
||||
<!DOCTYPE html>
|
||||
<head>
|
||||
</head>
|
||||
<body>
|
||||
DELAYED FRAME
|
||||
</body
|
||||
'''
|
||||
|
|
@ -6,6 +6,10 @@
|
|||
|
||||
<body>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
opener.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
|
||||
});
|
||||
|
||||
try {
|
||||
location.href = "{{GET[target]}}";
|
||||
} catch(ex) {}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,10 @@
|
|||
<body>
|
||||
<a href="{{GET[target]}}" id="link">dummy link</a>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
top.postMessage({result: 'fail', violatedDirective: e.violatedDirective}, '*');
|
||||
});
|
||||
|
||||
document.getElementById('link').click();
|
||||
</script>
|
||||
</body>
|
||||
|
|
@ -3,4 +3,4 @@ def main(request, response):
|
|||
if "location" in request.GET:
|
||||
response.headers.set("Location", request.GET["location"])
|
||||
else:
|
||||
response.headers.set("Location", "post_message_to_frame_owner.html")
|
||||
response.headers.set("Location", "post_message_to_frame_owner.html")
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<head>
|
||||
<script>
|
||||
window.onmessage = function(e) {
|
||||
if (e.data == "start_test") {
|
||||
document.getElementById('link').click();
|
||||
location.href = "{{location[server]}}/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html";
|
||||
}
|
||||
}
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
top.postMessage({iframe: 'iframe1', violatedDirective: e.violatedDirective}, '*');
|
||||
});
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<a href="{{location[server]}}/content-security-policy/navigate-to/support/delayed_frame.py" id="link" target="iframe2">dummy link</a>
|
||||
IFRAME 1
|
||||
</body>
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Pragma: no-cache
|
||||
Content-Security-Policy: navigate-to {{location[server]}}/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html 'unsafe-allow-redirects'; report-uri /content-security-policy/support/report.py?op=put&reportID={{GET[report_id]}}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
<!DOCTYPE html>
|
||||
<head>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
top.postMessage({iframe: 'iframe1', violatedDirective: e.violatedDirective}, '*');
|
||||
});
|
||||
setTimeout(function() {
|
||||
top.postMessage("end_test", "*");
|
||||
}, 4000);
|
||||
</script>
|
||||
IFRAME 2
|
||||
</body>
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
<!DOCTYPE html>
|
||||
<head>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
top.postMessage({iframe: 'iframe3', violatedDirective: e.violatedDirective}, '*');
|
||||
});
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
IFRAME 3
|
||||
</body>
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'success');
|
||||
});
|
||||
|
||||
// the iframe will navigate to:
|
||||
// [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
|
||||
// [www1]/..../post_message_to_frame_owner.html which is not exactly in
|
||||
// the list but the check should be reduced to an origin check since there has been a redirect.
|
||||
// Because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = "../support/link_click_navigation.sub.html" +
|
||||
"?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/some-path/ 'unsafe-allow-redirects'") +
|
||||
"&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
|
||||
encodeURIComponent("{{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is allowed");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'success');
|
||||
});
|
||||
|
||||
// the iframe will navigate to:
|
||||
// [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
|
||||
// [www1]/..../post_message_to_frame_owner.html which is in the list
|
||||
// because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = "../support/link_click_navigation.sub.html" +
|
||||
"?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}} 'unsafe-allow-redirects'") +
|
||||
"&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
|
||||
encodeURIComponent("{{location[scheme]}}://{{domains[www1]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
<!DOCTYPE html>
|
||||
|
||||
<head>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
var t = async_test("Test that the child iframe navigation is blocked");
|
||||
window.onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.data.result, 'fail');
|
||||
assert_equals(e.data.violatedDirective, 'navigate-to');
|
||||
});
|
||||
|
||||
// the iframe will navigate to:
|
||||
// [www2]/..../redirect.py (which is not in the navigate-to source list) which will in turn navigate to
|
||||
// [www2]/..../post_message_to_frame_owner.html which is also not in the list
|
||||
// because of 'unsafe-allow-redirects' only the second one is checked since the first is a redirect
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = "../support/link_click_navigation.sub.html" +
|
||||
"?csp=" + encodeURIComponent("navigate-to {{location[scheme]}}://{{domains[www1]}}:{{location[port]}} 'unsafe-allow-redirects'") +
|
||||
"&target=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/common/redirect.py?location=" +
|
||||
encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/navigate-to/support/post_message_to_frame_owner.html"));
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
|
||||
</body>
|
||||
Loading…
Add table
Add a link
Reference in a new issue