From ce4ca9ee98ecc30dd7d35034ec3cb6ec6becfc70 Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Tue, 8 Apr 2025 10:46:25 -0400 Subject: [PATCH] Run subset of CSP tests by default. (#36402) This will establish a baseline for the changes from #36363. Testing: New tests in CI. Fixes: Part of #4577 Signed-off-by: Josh Matthews --- tests/wpt/include.ini | 8 +++ .../child-src/child-src-blocked.sub.html.ini | 3 ++ ...ild-src-conflicting-frame-src.sub.html.ini | 3 ++ .../child-src-cross-origin-load.sub.html.ini | 3 ++ .../child-src-redirect-blocked.sub.html.ini | 3 ++ .../child-src-worker-blocked.sub.html.ini | 7 +++ .../connect-src-beacon-allowed.sub.html.ini | 3 ++ .../connect-src-beacon-blocked.sub.html.ini | 3 ++ ...rc-beacon-redirect-to-blocked.sub.html.ini | 3 ++ ...nnect-src-eventsource-blocked.sub.html.ini | 3 ++ ...entsource-redirect-to-blocked.sub.html.ini | 3 ++ ...nnect-src-json-import-allowed.sub.html.ini | 2 + ...nnect-src-json-import-blocked.sub.html.ini | 2 + ...rc-syncxmlhttprequest-blocked.sub.html.ini | 3 ++ ...tprequest-redirect-to-blocked.sub.html.ini | 3 ++ ...connect-src-websocket-blocked.sub.html.ini | 3 ++ ...ct-src-xmlhttprequest-blocked.sub.html.ini | 3 ++ ...tprequest-redirect-to-blocked.sub.html.ini | 3 ++ ...ed-worker-connect-src-allowed.sub.html.ini | 4 ++ ...ed-worker-connect-src-blocked.sub.html.ini | 3 ++ .../worker-connect-src-blocked.sub.html.ini | 3 ++ .../connect-src/worker-from-guid.sub.html.ini | 3 ++ .../default-src-inline-blocked.sub.html.ini | 3 ++ .../default-src-sri_hash.sub.html.ini | 9 ++++ ...-strict_dynamic_and_unsafe_inline.html.ini | 4 ++ .../blockeduri-eval.html.ini | 4 ++ .../blockeduri-inline.html.ini | 4 ++ .../blockeduri-ws-wss-scheme.html.ini | 13 +++++ .../idlharness.window.js.ini | 54 +++++++++++++++++++ ...-redirect-upgrade-reporting.https.html.ini | 4 ++ .../img-src-redirect.sub.html.ini | 3 ++ .../inside-dedicated-worker.html.ini | 7 +++ .../inside-service-worker.https.html.ini | 2 + .../inside-shared-worker.html.ini | 2 + .../linenumber.tentative.html.ini | 3 ++ .../script-sample-no-opt-in.html.ini | 13 +++++ .../script-sample.html.ini | 19 +++++++ ...ross-origin-image-from-script.sub.html.ini | 4 ++ ...tion-block-cross-origin-image.sub.html.ini | 4 ++ ...ation-block-image-from-script.sub.html.ini | 4 ++ ...typolicyviolation-block-image.sub.html.ini | 4 ++ .../source-file-blob-scheme.html.ini | 4 ++ .../source-file-data-scheme.html.ini | 4 ++ .../source-file.html.ini | 51 ++++++++++++++++++ .../style-sample-no-opt-in.html.ini | 7 +++ .../style-sample.html.ini | 7 +++ .../targeting.html.ini | 16 ++++++ ...insecure-requests-reporting.https.html.ini | 10 ++++ 48 files changed, 333 insertions(+) create mode 100644 tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini create mode 100644 tests/wpt/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini diff --git a/tests/wpt/include.ini b/tests/wpt/include.ini index 4ae1cc3203a..b806365a66c 100644 --- a/tests/wpt/include.ini +++ b/tests/wpt/include.ini @@ -12,6 +12,14 @@ skip: true [samesite] skip: true [content-security-policy] + [child-src] + skip: false + [connect-src] + skip: false + [default-src] + skip: false + [securitypolicyviolation] + skip: false [unsafe-eval] skip: false [wasm-unsafe-eval] diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini new file mode 100644 index 00000000000..b1dc13e61d8 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[child-src-blocked.sub.html] + [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini new file mode 100644 index 00000000000..c070a772235 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini @@ -0,0 +1,3 @@ +[child-src-conflicting-frame-src.sub.html] + [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini new file mode 100644 index 00000000000..39402f3584f --- /dev/null +++ b/tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini @@ -0,0 +1,3 @@ +[child-src-cross-origin-load.sub.html] + [Two of the three iframe are expected to load.] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini new file mode 100644 index 00000000000..47d275f8682 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[child-src-redirect-blocked.sub.html] + [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini new file mode 100644 index 00000000000..5ebb7865fa1 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini @@ -0,0 +1,7 @@ +[child-src-worker-blocked.sub.html] + expected: ERROR + [Should throw a securitypolicyviolation event] + expected: TIMEOUT + + [Should block worker because it does not match any directive including the deprecated 'child-src'] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini new file mode 100644 index 00000000000..ba79b872b4a --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-beacon-allowed.sub.html] + [Expecting logs: ["Pass"\]] + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini new file mode 100644 index 00000000000..d1a7e7f312a --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-beacon-blocked.sub.html] + [Expecting logs: ["Pass", "violated-directive=connect-src"\]] + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini new file mode 100644 index 00000000000..94269848821 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-beacon-redirect-to-blocked.sub.html] + [Expecting logs: ["violated-directive=connect-src"\]] + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini new file mode 100644 index 00000000000..7345d867a6e --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-eventsource-blocked.sub.html] + [Expecting logs: ["blocked","violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini new file mode 100644 index 00000000000..79f00815258 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-eventsource-redirect-to-blocked.sub.html] + [Expecting logs: ["PASS EventSource() did not follow the disallowed redirect.","TEST COMPLETE", "violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html.ini new file mode 100644 index 00000000000..a9cc8da56d7 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html.ini @@ -0,0 +1,2 @@ +[connect-src-json-import-allowed.sub.html] + expected: ERROR diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html.ini new file mode 100644 index 00000000000..f84b0f2c95c --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html.ini @@ -0,0 +1,2 @@ +[connect-src-json-import-blocked.sub.html] + expected: ERROR diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html.ini new file mode 100644 index 00000000000..09941cf212d --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-syncxmlhttprequest-blocked.sub.html] + [Expecting logs: ["Pass","violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini new file mode 100644 index 00000000000..e6156eab928 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html] + [Expecting logs: ["PASS Sync XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini new file mode 100644 index 00000000000..452db76f3b8 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-websocket-blocked.sub.html] + [Expecting logs: ["blocked","violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini new file mode 100644 index 00000000000..a21678cc8fd --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-xmlhttprequest-blocked.sub.html] + [Expecting logs: ["Pass","violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini new file mode 100644 index 00000000000..9b86b6b2d9c --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[connect-src-xmlhttprequest-redirect-to-blocked.sub.html] + [Expecting logs: ["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini new file mode 100644 index 00000000000..1c774a2fb7a --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini @@ -0,0 +1,4 @@ +[shared-worker-connect-src-allowed.sub.html] + expected: ERROR + [Expecting logs: ["xhr allowed","TEST COMPLETE"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini new file mode 100644 index 00000000000..17ef48ba8e1 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[shared-worker-connect-src-blocked.sub.html] + [Expecting logs: ["xhr blocked","TEST COMPLETE"\]] + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini new file mode 100644 index 00000000000..edd86ff9e10 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[worker-connect-src-blocked.sub.html] + [Expecting logs: ["xhr blocked","TEST COMPLETE"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini b/tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini new file mode 100644 index 00000000000..3de3b52028c --- /dev/null +++ b/tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini @@ -0,0 +1,3 @@ +[worker-from-guid.sub.html] + [Expecting logs: ["violated-directive=connect-src","xhr blocked","TEST COMPLETE"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini new file mode 100644 index 00000000000..c2b9c5f26c7 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini @@ -0,0 +1,3 @@ +[default-src-inline-blocked.sub.html] + [Expecting logs: ["violated-directive=script-src-elem","violated-directive=script-src-elem"\]] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini new file mode 100644 index 00000000000..b86623fcf06 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini @@ -0,0 +1,9 @@ +[default-src-sri_hash.sub.html] + [multiple matching integrity] + expected: FAIL + + [partially matching integrity] + expected: FAIL + + [External script in a script tag with matching SRI hash should run.] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini new file mode 100644 index 00000000000..e1b9ec3f770 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini @@ -0,0 +1,4 @@ +[default-src-strict_dynamic_and_unsafe_inline.html] + expected: TIMEOUT + [Should fire a security policy violation for the inline block] + expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini new file mode 100644 index 00000000000..bebd42f2743 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini @@ -0,0 +1,4 @@ +[blockeduri-eval.html] + expected: TIMEOUT + [Eval violations have a blockedURI of 'eval'] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini new file mode 100644 index 00000000000..9c191e43078 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini @@ -0,0 +1,4 @@ +[blockeduri-inline.html] + expected: TIMEOUT + [Inline violations have a blockedURI of 'inline'] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini new file mode 100644 index 00000000000..6ebb357445f --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini @@ -0,0 +1,13 @@ +[blockeduri-ws-wss-scheme.html] + expected: TIMEOUT + [ws] + expected: FAIL + + [wss] + expected: FAIL + + [cross-origin] + expected: FAIL + + [redirect] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini new file mode 100644 index 00000000000..5db26da0f4d --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini @@ -0,0 +1,54 @@ +[idlharness.window.html] + [CSPViolationReportBody interface: existence and properties of interface object] + expected: FAIL + + [CSPViolationReportBody interface object length] + expected: FAIL + + [CSPViolationReportBody interface object name] + expected: FAIL + + [CSPViolationReportBody interface: existence and properties of interface prototype object] + expected: FAIL + + [CSPViolationReportBody interface: existence and properties of interface prototype object's "constructor" property] + expected: FAIL + + [CSPViolationReportBody interface: existence and properties of interface prototype object's @@unscopables property] + expected: FAIL + + [CSPViolationReportBody interface: operation toJSON()] + expected: FAIL + + [CSPViolationReportBody interface: attribute documentURL] + expected: FAIL + + [CSPViolationReportBody interface: attribute referrer] + expected: FAIL + + [CSPViolationReportBody interface: attribute blockedURL] + expected: FAIL + + [CSPViolationReportBody interface: attribute effectiveDirective] + expected: FAIL + + [CSPViolationReportBody interface: attribute originalPolicy] + expected: FAIL + + [CSPViolationReportBody interface: attribute sourceFile] + expected: FAIL + + [CSPViolationReportBody interface: attribute sample] + expected: FAIL + + [CSPViolationReportBody interface: attribute disposition] + expected: FAIL + + [CSPViolationReportBody interface: attribute statusCode] + expected: FAIL + + [CSPViolationReportBody interface: attribute lineNumber] + expected: FAIL + + [CSPViolationReportBody interface: attribute columnNumber] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini new file mode 100644 index 00000000000..6f040a33d88 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini @@ -0,0 +1,4 @@ +[img-src-redirect-upgrade-reporting.https.html] + expected: TIMEOUT + [Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini new file mode 100644 index 00000000000..95cb135df4e --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini @@ -0,0 +1,3 @@ +[img-src-redirect.sub.html] + [The blocked URI in the security policy violation event should be the original URI before redirects.] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini new file mode 100644 index 00000000000..e9b33bc5d39 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini @@ -0,0 +1,7 @@ +[inside-dedicated-worker.html] + expected: TIMEOUT + [SecurityPolicyViolation event fired on global.] + expected: FAIL + + [SecurityPolicyViolation event fired on global with the correct blockedURI.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini new file mode 100644 index 00000000000..16431d7ffdd --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini @@ -0,0 +1,2 @@ +[inside-service-worker.https.html] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini new file mode 100644 index 00000000000..ccf09801bc1 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini @@ -0,0 +1,2 @@ +[inside-shared-worker.html] + expected: ERROR diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini new file mode 100644 index 00000000000..e8114229ab9 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini @@ -0,0 +1,3 @@ +[linenumber.tentative.html] + [linenumber] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini new file mode 100644 index 00000000000..a7ebd4aff51 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini @@ -0,0 +1,13 @@ +[script-sample-no-opt-in.html] + expected: ERROR + [Inline script should not have a sample.] + expected: TIMEOUT + + [Inline event handlers should not have a sample.] + expected: TIMEOUT + + [JavaScript URLs in iframes should not have a sample.] + expected: TIMEOUT + + [eval()-alikes should not have a sample.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini new file mode 100644 index 00000000000..d5f06d70c53 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini @@ -0,0 +1,19 @@ +[script-sample.html] + expected: ERROR + [Inline script should have a sample.] + expected: TIMEOUT + + [Inline event handlers should have a sample.] + expected: TIMEOUT + + [JavaScript URLs in iframes should have a sample.] + expected: TIMEOUT + + [eval() should have a sample.] + expected: TIMEOUT + + [setInterval() should have a sample.] + expected: TIMEOUT + + [setTimeout() should have a sample.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini new file mode 100644 index 00000000000..0aae557d47e --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini @@ -0,0 +1,4 @@ +[securitypolicyviolation-block-cross-origin-image-from-script.sub.html] + expected: TIMEOUT + [Non-redirected cross-origin URLs are not stripped.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini new file mode 100644 index 00000000000..ee494c4a569 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini @@ -0,0 +1,4 @@ +[securitypolicyviolation-block-cross-origin-image.sub.html] + expected: TIMEOUT + [Non-redirected cross-origin URLs are not stripped.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini new file mode 100644 index 00000000000..bbe38a8c9f8 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini @@ -0,0 +1,4 @@ +[securitypolicyviolation-block-image-from-script.sub.html] + expected: TIMEOUT + [Non-redirected cross-origin URLs are not stripped.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini new file mode 100644 index 00000000000..0e4f66ed1c6 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini @@ -0,0 +1,4 @@ +[securitypolicyviolation-block-image.sub.html] + expected: TIMEOUT + [Non-redirected same-origin URLs are not stripped.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini new file mode 100644 index 00000000000..03d164a4050 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini @@ -0,0 +1,4 @@ +[source-file-blob-scheme.html] + expected: TIMEOUT + [Violations from data:-URL scripts have a sourceFile of 'blob'] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini new file mode 100644 index 00000000000..387a7e2ff98 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini @@ -0,0 +1,4 @@ +[source-file-data-scheme.html] + expected: TIMEOUT + [Violations from data:-URL scripts have a sourceFile of 'data'] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini new file mode 100644 index 00000000000..36fcab9f04d --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini @@ -0,0 +1,51 @@ +[source-file.html] + [Basic HTTPS URL] + expected: FAIL + + [Basic HTTP URL] + expected: FAIL + + [Basic WSS URL] + expected: FAIL + + [Basic WS URL] + expected: FAIL + + [Fragment] + expected: FAIL + + [Query] + expected: FAIL + + [Port] + expected: FAIL + + [User:password] + expected: FAIL + + [User] + expected: FAIL + + [Invalid URL] + expected: FAIL + + [file:] + expected: FAIL + + [Custom protocol] + expected: FAIL + + [about:blank] + expected: FAIL + + [about:custom] + expected: FAIL + + [data:] + expected: FAIL + + [blob:] + expected: FAIL + + [javascript:] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini new file mode 100644 index 00000000000..eb10ad61b2c --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini @@ -0,0 +1,7 @@ +[style-sample-no-opt-in.html] + expected: TIMEOUT + [Inline style blocks should not have a sample.] + expected: TIMEOUT + + [Inline style attributes should not have a sample.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini new file mode 100644 index 00000000000..460e21bd6cd --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini @@ -0,0 +1,7 @@ +[style-sample.html] + expected: TIMEOUT + [Inline style blocks should have a sample.] + expected: TIMEOUT + + [Inline style attributes should have a sample.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini new file mode 100644 index 00000000000..88da5e48238 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini @@ -0,0 +1,16 @@ +[targeting.html] + expected: TIMEOUT + [These tests should not fail.] + expected: NOTRUN + + [Inline violations target the right element.] + expected: TIMEOUT + + [Correct targeting inside shadow tree (inline handler).] + expected: TIMEOUT + + [Correct targeting inside shadow tree (style).] + expected: TIMEOUT + + [Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.] + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini new file mode 100644 index 00000000000..da41ac13664 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini @@ -0,0 +1,10 @@ +[upgrade-insecure-requests-reporting.https.html] + expected: TIMEOUT + [Upgraded image is reported] + expected: TIMEOUT + + [Upgraded iframe is reported] + expected: TIMEOUT + + [Navigated iframe is upgraded and reported] + expected: TIMEOUT