Run all CSP tests in CI by default. (#36436)

Extending the original set from #36402 since there are additional tests relevant to the work happening in #36409 and #36363. Testing: New tests in CI. Fixes: Part of https://github.com/servo/servo/issues/4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-08-30 09:38:19 +01:00 · 2025-04-10 04:09:23 -04:00 · 2025-04-10 04:09:23 -04:00 · c16ca22970
commit c16ca22970
parent a0730d7154
509 changed files with 5492 additions and 12 deletions
--- a/tests/wpt/meta/content-security-policy/navigation/javascript-url-navigation-evaluated-to-string-inherits-csp.html.ini
+++ b/tests/wpt/meta/content-security-policy/navigation/javascript-url-navigation-evaluated-to-string-inherits-csp.html.ini
@ -0,0 +1,3 @@
+[javascript-url-navigation-evaluated-to-string-inherits-csp.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-check-csp-order.html.ini
+++ b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-check-csp-order.html.ini
@ -0,0 +1,22 @@
+[to-javascript-parent-initiated-check-csp-order.html]
+  expected: TIMEOUT
+  [Executing the javascript URL should violate the parent's CSP for\n          iframe.contentWindow.location.href]
+    expected: TIMEOUT
+
+  [Executing the javascript URL should violate the parent's CSP for\n          iframe.src]
+    expected: NOTRUN
+
+  [Executing the javascript URL should violate the parent's CSP for\n          a[target=iframeWithScriptSrcNone\].href]
+    expected: NOTRUN
+
+  [Executing the javascript URL should violate the parent's CSP for\n          a[target=otherTabWithScriptSrcNone\].href]
+    expected: NOTRUN
+
+  [Executing the javascript URL should violate the parent's CSP for\n          area[target=iframeWithScriptScrcNone\].href]
+    expected: NOTRUN
+
+  [Executing the javascript URL should violate the parent's CSP for\n          area[target=otherTabWithScriptSrcNone\].href]
+    expected: NOTRUN
+
+  [Executing the javascript URL should violate the parent's CSP for\n          otherTabWithScriptSrcNone.location.href]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini
+++ b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini
@ -0,0 +1,19 @@
+[to-javascript-parent-initiated-child-csp.html]
+  expected: TIMEOUT
+  [Should not have executed the javascript URL for\n        iframe.contentWindow.location.href with child's CSP "script-src 'none'"]
+    expected: TIMEOUT
+
+  [Should not have executed the javascript URL for\n        iframe.src with child's CSP "script-src 'none'"]
+    expected: NOTRUN
+
+  [Should not have executed the javascript URL for\n        otherTabWithScriptSrcNone.location.href with child's CSP "script-src 'none'"]
+    expected: NOTRUN
+
+  [Should not have executed the javascript URL for\n        a[target=iframeWithScriptSrcNone\].href with child's CSP "script-src 'none'"]
+    expected: NOTRUN
+
+  [Should not have executed the javascript URL for\n        area[target=iframeWithScriptSrcNone\].href with child's CSP "script-src 'none'"]
+    expected: NOTRUN
+
+  [Should not have executed the javascript URL for\n        area[target=otherTabWithScriptSrcNone\].href with child's CSP "script-src 'none'"]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini
+++ b/tests/wpt/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini
@ -0,0 +1,22 @@
+[to-javascript-parent-initiated-parent-csp.html]
+  expected: TIMEOUT
+  [Should not have executed the javascript url for\n      iframe.contentWindow.location.href]
+    expected: FAIL
+
+  [Should not have executed the javascript url for\n      iframe.src]
+    expected: FAIL
+
+  [Should not have executed the javascript url for\n      otherTab.location.href]
+    expected: TIMEOUT
+
+  [Should not have executed the javascript url for\n      area[target=iframe\].href]
+    expected: NOTRUN
+
+  [Should not have executed the javascript url for\n      area[target=otherTab\].href]
+    expected: NOTRUN
+
+  [Should not have executed the javascript url for\n      a[target=otherTab\].href]
+    expected: NOTRUN
+
+  [Should not have executed the javascript url for\n      a[target=iframe\].href]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini
+++ b/tests/wpt/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini
@ -0,0 +1,13 @@
+[to-javascript-url-script-src.html]
+  expected: TIMEOUT
+  [<iframe src='javascript:'> blocked without 'unsafe-inline'.]
+    expected: TIMEOUT
+
+  [<iframe> navigated to 'javascript:' blocked without 'unsafe-inline'.]
+    expected: NOTRUN
+
+  [<iframe src='...'> with 'unsafe-inline' navigated to 'javascript:' blocked in this document]
+    expected: NOTRUN
+
+  [<iframe src='...'> without 'unsafe-inline' navigated to 'javascript:' blocked in this document.]
+    expected: NOTRUN