Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-03 12:40:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision c2b30ef30749b6a8f2cc832761dfe011e63d5e94

Browse source
This commit is contained in:
WPT Sync Bot 2018-10-05 21:34:34 -04:00
parent 987e376ca7
commit eda9b9b73a
142 changed files with 3513 additions and 851 deletions
Download patch file Download diff file Expand all files Collapse all files

66
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-2_1.html
View file

@ -1,66 +0,0 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
<meta name=timeout content=long>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body onLoad="object_loaded()">
<h1>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
<div id="log"></div>
<script>
var relativeMediaURL = "/support/media/flash.swf";
var pageURL = window.location.toString();
var temp1 = pageURL.split("//");
var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/"));
var mediaURL = "http://www2." + temp2 + relativeMediaURL;
var htmlStr = "<object id='flashObject' type='application/x-shockwave-flash' data='" + mediaURL + "' width='200' height='200'></object>";
document.write(htmlStr);
</script>
<script>
var len = navigator.mimeTypes.length;
var allTypes = "";
var flashMimeType = "application/x-shockwave-flash";
for (var i = 0; i < len; i++) {
allTypes += navigator.mimeTypes[i].type;
}
var hasMimeType = allTypes.indexOf(flashMimeType) != -1;
<!-- The actual test. -->
var test1 = async_test("Async SWF load test")
function object_loaded() {
var elem = document.getElementById("flashObject");
var is_loaded = false;
try {
<!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
var pct_loaded = elem.PercentLoaded();
is_loaded = true;
} catch (e) {}
if (hasMimeType) {
test1.step(function () {
assert_false(is_loaded, "External object loaded.")
});
var s = document.createElement('script');
s.async = true;
s.defer = true;
s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
document.lastChild.appendChild(s);
} else {
test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
test1.phase = test1.phases.HAS_RESULT;
}
test1.done();
}
</script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-2_1.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: object-src-2_1={{$id:uuid()}}; Path=/content-security-policy/object-src/
Content-Security-Policy: script-src * 'unsafe-inline'; object-src 'self'; report-uri ../support/report.py?op=put&reportID={{$id}}

61
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-2_2.html
View file

@ -1,61 +0,0 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Objects loaded using src attribute of &lt;embed&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
<meta name=timeout content=long>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body onLoad="object_loaded()">
<h1>Objects loaded using src attribute of &lt;embed&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
<div id="log"></div>
<script>
var relativeMediaURL = "/support/media/flash.swf";
var pageURL = window.location.toString();
var temp1 = pageURL.split("//");
var temp2 = temp1[1].substring (0, temp1[1].lastIndexOf("/object-src/"));
var mediaURL = "http://www2." + temp2 + relativeMediaURL;
var htmlStr = "<embed id='flashObject' type='application/x-shockwave-flash' src='" + mediaURL + "' width='200' height='200'></object>";
document.write (htmlStr);
</script>
<script>
var len = navigator.mimeTypes.length;
var allTypes = "";
var flashMimeType = "application/x-shockwave-flash";
for ( var i=0;i<len;i++ ) {
allTypes+=navigator.mimeTypes[i].type;
}
var hasMimeType = allTypes.indexOf(flashMimeType) != -1;
<!-- The actual test. -->
var test1 = async_test("Async SWF load test")
function object_loaded() {
var elem = document.getElementById("flashObject");
var is_loaded = false;
try {
<!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
var pct_loaded = elem.PercentLoaded();
is_loaded = true;
} catch (e) {}
if (hasMimeType) {
test1.step(function() {assert_false(is_loaded, "External object loaded.")});
var s = document.createElement('script');
s.async = true;
s.defer = true;
s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
document.lastChild.appendChild(s);
} else {
//test1.step(function() {});
test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
test1.phase = test1.phases.HAS_RESULT;
}
test1.done();
}
</script>
</body>
</html>

6
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-2_2.html.sub.headers
View file

@ -1,6 +0,0 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0, false
Pragma: no-cache
Set-Cookie: object-src-2_2={{$id:uuid()}}; Path=/content-security-policy/object-src/
Content-Security-Policy: script-src * 'unsafe-inline'; object-src 'self'; report-uri ../support/report.py?op=put&reportID={{$id}}

18
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-no-url-allowed.html Normal file
View file

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<!-- Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} -->
</head>
<body>
<object type="application/x-webkit-test-netscape"></object>
<!-- we rely on the report because we can't rely on the onload event for
"allowed" tests as it is not fired for object and embed -->
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

2
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-no-url-allowed.html.sub.headers Normal file
View file

@ -0,0 +1,2 @@
Set-Cookie: object-src-no-url-allowed={{$id:uuid()}}; Path=/content-security-policy/object-src/
Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

31
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-no-url-allowed.sub.html
View file

@ -1,31 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>object-src-no-url-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<p>This test passes if there isn&apos;t a CSP violation saying the plugin was blocked.</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<object type="application/x-webkit-test-netscape"></object>
<div id="log"></div>
<script>
log("PASS");
</script>
</body>
</html>

21
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-no-url-blocked.html Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test("Should block the object and fire a spv");
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "object-src");
}));
</script>
<object type="application/x-webkit-test-netscape"></object>
</body>
</html>

27
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-no-url-blocked.sub.html
View file

@ -1,27 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>object-src-no-url-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=object-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<p>This test passes if there is a CSP violation saying the plugin was blocked.</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
<object type="application/x-webkit-test-netscape"></object>
<div id="log"></div>
</body>
</html>

18
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-allowed.html Normal file
View file

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<!-- Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} -->
</head>
<body>
<object type="image/png" data="/content-security-policy/support/pass.png"></object>
<!-- we rely on the report because we can't rely on the onload event for
"allowed" tests as it is not fired for object and embed -->
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

2
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-allowed.html.sub.headers Normal file
View file

@ -0,0 +1,2 @@
Set-Cookie: object-src-url-allowed={{$id:uuid()}}; Path=/content-security-policy/object-src/
Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

30
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-allowed.sub.html
View file

@ -1,30 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>object-src-url-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<p>This test passes if there is no CSP violation saying the plugin was blocked.</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
<object data="/content-security-policy/support/pass.png"></object>
<div id="log"></div>
<script>
log("Pass");
</script>
</body>
</html>

21
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-blocked.html Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test("Should block the object and fire a spv");
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "object-src");
}));
</script>
<object type="image/png" data="/content-security-policy/support/pass.png"></object>
</body>
</html>

27
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-blocked.sub.html
View file

@ -1,27 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>object-src-url-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=object-src"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<p>This test passes if there is a CSP violation saying the plugin was blocked.</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
<object data="/plugins/resources/mock-plugin.pl"></object>
<div id="log"></div>
</body>
</html>

19
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed.html Normal file
View file

@ -0,0 +1,19 @@
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<!-- Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} -->
</head>
<body>
<embed height="40" width="40" type="image/png"
src="/content-security-policy/support/pass.png"></embed>
<!-- we rely on the report because we can't rely on the onload event for
"allowed" tests as it is not fired for object and embed -->
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

2
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed.html.sub.headers Normal file
View file

@ -0,0 +1,2 @@
Set-Cookie: object-src-url-embed-allowed={{$id:uuid()}}; Path=/content-security-policy/object-src/
Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

22
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-embed-blocked.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test("Should block the object and fire a spv");
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "object-src");
}));
</script>
<embed height="40" width="40" type="image/png"
src="/content-security-policy/support/pass.png"></embed>
</body>
</html>

18
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-redirect-allowed.html Normal file
View file

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<!-- Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} -->
</head>
<body>
<object type="image/png" data="/common-redirect.py?location=/content-security-policy/support/pass.png"></object>
<!-- we rely on the report because we can't rely on the onload event for
"allowed" tests as it is not fired for object and embed -->
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

2
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-redirect-allowed.html.sub.headers Normal file
View file

@ -0,0 +1,2 @@
Set-Cookie: object-src-url-redirect-allowed={{$id:uuid()}}; Path=/content-security-policy/object-src/
Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}}

21
tests/wpt/web-platform-tests/content-security-policy/object-src/object-src-url-redirect-blocked.sub.html Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="object-src 'self'; script-src 'self' 'unsafe-inline';">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test("Should block the object and fire a spv");
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "object-src");
}));
</script>
<object type="image/png" data="/common/redirect.py?location=http://{{domains[www1]}}/content-security-policy/support/pass.png"></object>
</body>
</html>