Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-12 18:03:49 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/tests/wpt/web-platform-tests/subresource-integrity/subresource-ed25519-with-csp.tentative.html

51 lines
1.9 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy"
content="script-src 'unsafe-inline' 'nonce-abcd' 'ed25519-qGFmwTxlocg707D1cX4w60iTwtfwbMLf8ITDyfko7s0='">
<title>Subresource Integrity with Ed25519 plus Content Security Policy</title>
<script src="/resources/testharness.js" nonce="abcd"></script>
<script src="/resources/testharnessreport.js" nonce="abcd"></script>
<script src="/resources/sriharness.js" nonce="abcd"></script>
<div id="log"></div>
<div id="container"></div>
<script nonce="abcd">
// This needs to be the same key as in this doc's content security policy.
var public_key = "qGFmwTxlocg707D1cX4w60iTwtfwbMLf8ITDyfko7s0=";
new SRIScriptTest(
true,
"Ed25519-with-CSP, passes, valid key, valid signature.",
"ed25519-signature.js",
"ed25519-" + public_key
).execute();
new SRIScriptTest(
false,
"Ed25519-with-CSP, fails, valid key, invalid signature.",
"ed25519-broken-signature.js",
"ed25519-" + public_key
).execute();
// The first of these uses the nonce rather than the signature to pass CSP.
// That doesn't test anything useful about the Ed25519 feature, but is here
// to test the precondition for the next test. So if this test passes and
// the second one fails, then we can be sure that the 2nd test failed only
// because of the CSP key mismatch, as that's the only difference between
// the tests.
var key_not_in_csp = "5MVHFfs/9Ri+YSwH4FwneSFp88t1ljryPoLxdiyTKks=";
new SRIScriptTest(
true,
"Ed25519-with-CSP, passes, alternative key.",
"ed25519-signature2.js",
"ed25519-" + key_not_in_csp,
/* cross origin */ undefined,
/* nonce */ "abcd").execute();
new SRIScriptTest(
false,
"Ed25519-with-CSP, fails, valid key, valid signature, key not in CSP.",
"ed25519-signature2.js",
"ed25519-" + key_not_in_csp,
).execute();
</script>
Reference in a new issue View git blame Copy permalink