Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-12 01:43:43 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/tests/wpt/web-platform-tests/preload/preload-strict-dynamic.html

54 lines
2.1 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<head>
<script src="/resources/testharness.js" nonce="123"></script>
<script src="/resources/testharnessreport.js" nonce="123"></script>
<title>CSP strict-dynamic + preload</title>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123' 'strict-dynamic'" />
</head>
<body>
<link id="static-no-nonce" href="resources/dummy.js?static-no-nonce" rel=preload as=script>
<link id="static-nonce" href="resources/dummy.js?static-nonce" rel=preload as=script nonce="123">
<script nonce="123">
let counter = 0;
let cspViolation = false;
let isLoaded = (url) => {
let entries = performance.getEntriesByType("resource");
for (let entry of entries) {
if (entry.name.indexOf(url) != -1 ) {
return true;
}
}
return false;
}
window.addEventListener("securitypolicyviolation", (e) => {
counter++;
if (e.violatedDirective == "script-src-elem" && e.blockedURI.includes("static-no-nonce")) {
cspViolation = true;
}
});
let link = document.createElement("link");
link.rel = "preload";
link.href = "resources/dummy.js?dynamic-nonce";
link.as = "script";
link.onload = () => { ++counter; };
document.head.appendChild(link);
link = document.getElementById("static-no-nonce");
link.addEventListener("error", () => { ++counter; });
link = document.getElementById("static-nonce");
link.addEventListener("load", () => { ++counter; });
let t = async_test('preload from nonced script should work with strict-dynamic. preloaded script from markup should not.');
let timerCounter = 0;
setInterval(t.step_func(() => {
if (counter >= 4 || timerCounter > 5) {
assert_true(isLoaded("dynamic-nonce"), "dynamic inserted preload script should have been loaded");
assert_true(isLoaded("static-nonce"), "preload tag with a nonce should have been loaded");
assert_false(isLoaded("static-no-nonce"), "preload tag without a nonce should not have been loaded");
assert_true(cspViolation, "CSP violation should have fired");
t.done();
}
++timerCounter;
}), 100);
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink