Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-09-30 08:39:16 +01:00
Code Issues Projects Releases Packages Wiki Activity

Run subset of CSP tests by default. (#36402)

Browse source 
This will establish a baseline for the changes from #36363.

Testing: New tests in CI.
Fixes: Part of #4577

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Josh Matthews 2025-04-08 10:46:25 -04:00 committed by GitHub
parent 95eedb997a
commit ce4ca9ee98
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
48 changed files with 333 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[blockeduri-eval.html]
expected: TIMEOUT
[Eval violations have a blockedURI of 'eval']
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[blockeduri-inline.html]
expected: TIMEOUT
[Inline violations have a blockedURI of 'inline']
expected: TIMEOUT

13
tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini vendored Normal file
View file

@ -0,0 +1,13 @@
[blockeduri-ws-wss-scheme.html]
expected: TIMEOUT
[ws]
expected: FAIL
[wss]
expected: FAIL
[cross-origin]
expected: FAIL
[redirect]
expected: TIMEOUT

54
tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini vendored Normal file
View file

@ -0,0 +1,54 @@
[idlharness.window.html]
[CSPViolationReportBody interface: existence and properties of interface object]
expected: FAIL
[CSPViolationReportBody interface object length]
expected: FAIL
[CSPViolationReportBody interface object name]
expected: FAIL
[CSPViolationReportBody interface: existence and properties of interface prototype object]
expected: FAIL
[CSPViolationReportBody interface: existence and properties of interface prototype object's "constructor" property]
expected: FAIL
[CSPViolationReportBody interface: existence and properties of interface prototype object's @@unscopables property]
expected: FAIL
[CSPViolationReportBody interface: operation toJSON()]
expected: FAIL
[CSPViolationReportBody interface: attribute documentURL]
expected: FAIL
[CSPViolationReportBody interface: attribute referrer]
expected: FAIL
[CSPViolationReportBody interface: attribute blockedURL]
expected: FAIL
[CSPViolationReportBody interface: attribute effectiveDirective]
expected: FAIL
[CSPViolationReportBody interface: attribute originalPolicy]
expected: FAIL
[CSPViolationReportBody interface: attribute sourceFile]
expected: FAIL
[CSPViolationReportBody interface: attribute sample]
expected: FAIL
[CSPViolationReportBody interface: attribute disposition]
expected: FAIL
[CSPViolationReportBody interface: attribute statusCode]
expected: FAIL
[CSPViolationReportBody interface: attribute lineNumber]
expected: FAIL
[CSPViolationReportBody interface: attribute columnNumber]
expected: FAIL

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[img-src-redirect-upgrade-reporting.https.html]
expected: TIMEOUT
[Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests]
expected: TIMEOUT

3
tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[img-src-redirect.sub.html]
[The blocked URI in the security policy violation event should be the original URI before redirects.]
expected: FAIL

7
tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini vendored Normal file
View file

@ -0,0 +1,7 @@
[inside-dedicated-worker.html]
expected: TIMEOUT
[SecurityPolicyViolation event fired on global.]
expected: FAIL
[SecurityPolicyViolation event fired on global with the correct blockedURI.]
expected: TIMEOUT

2
tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini vendored Normal file
View file

@ -0,0 +1,2 @@
[inside-service-worker.https.html]
expected: TIMEOUT

2
tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini vendored Normal file
View file

@ -0,0 +1,2 @@
[inside-shared-worker.html]
expected: ERROR

3
tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[linenumber.tentative.html]
[linenumber]
expected: FAIL

13
tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini vendored Normal file
View file

@ -0,0 +1,13 @@
[script-sample-no-opt-in.html]
expected: ERROR
[Inline script should not have a sample.]
expected: TIMEOUT
[Inline event handlers should not have a sample.]
expected: TIMEOUT
[JavaScript URLs in iframes should not have a sample.]
expected: TIMEOUT
[eval()-alikes should not have a sample.]
expected: TIMEOUT

19
tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini vendored Normal file
View file

@ -0,0 +1,19 @@
[script-sample.html]
expected: ERROR
[Inline script should have a sample.]
expected: TIMEOUT
[Inline event handlers should have a sample.]
expected: TIMEOUT
[JavaScript URLs in iframes should have a sample.]
expected: TIMEOUT
[eval() should have a sample.]
expected: TIMEOUT
[setInterval() should have a sample.]
expected: TIMEOUT
[setTimeout() should have a sample.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
expected: TIMEOUT
[Non-redirected cross-origin URLs are not stripped.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[securitypolicyviolation-block-cross-origin-image.sub.html]
expected: TIMEOUT
[Non-redirected cross-origin URLs are not stripped.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[securitypolicyviolation-block-image-from-script.sub.html]
expected: TIMEOUT
[Non-redirected cross-origin URLs are not stripped.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[securitypolicyviolation-block-image.sub.html]
expected: TIMEOUT
[Non-redirected same-origin URLs are not stripped.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[source-file-blob-scheme.html]
expected: TIMEOUT
[Violations from data:-URL scripts have a sourceFile of 'blob']
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[source-file-data-scheme.html]
expected: TIMEOUT
[Violations from data:-URL scripts have a sourceFile of 'data']
expected: TIMEOUT

51
tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini vendored Normal file
View file

@ -0,0 +1,51 @@
[source-file.html]
[Basic HTTPS URL]
expected: FAIL
[Basic HTTP URL]
expected: FAIL
[Basic WSS URL]
expected: FAIL
[Basic WS URL]
expected: FAIL
[Fragment]
expected: FAIL
[Query]
expected: FAIL
[Port]
expected: FAIL
[User:password]
expected: FAIL
[User]
expected: FAIL
[Invalid URL]
expected: FAIL
[file:]
expected: FAIL
[Custom protocol]
expected: FAIL
[about:blank]
expected: FAIL
[about:custom]
expected: FAIL
[data:]
expected: FAIL
[blob:]
expected: FAIL
[javascript:]
expected: FAIL

7
tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini vendored Normal file
View file

@ -0,0 +1,7 @@
[style-sample-no-opt-in.html]
expected: TIMEOUT
[Inline style blocks should not have a sample.]
expected: TIMEOUT
[Inline style attributes should not have a sample.]
expected: TIMEOUT

7
tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini vendored Normal file
View file

@ -0,0 +1,7 @@
[style-sample.html]
expected: TIMEOUT
[Inline style blocks should have a sample.]
expected: TIMEOUT
[Inline style attributes should have a sample.]
expected: TIMEOUT

16
tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini vendored Normal file
View file

@ -0,0 +1,16 @@
[targeting.html]
expected: TIMEOUT
[These tests should not fail.]
expected: NOTRUN
[Inline violations target the right element.]
expected: TIMEOUT
[Correct targeting inside shadow tree (inline handler).]
expected: TIMEOUT
[Correct targeting inside shadow tree (style).]
expected: TIMEOUT
[Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.]
expected: TIMEOUT

10
tests/wpt/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini vendored Normal file
View file

@ -0,0 +1,10 @@
[upgrade-insecure-requests-reporting.https.html]
expected: TIMEOUT
[Upgraded image is reported]
expected: TIMEOUT
[Upgraded iframe is reported]
expected: TIMEOUT
[Navigated iframe is upgraded and reported]
expected: TIMEOUT