Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(130)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html

Issue 1178373004: 'blob:' URLs should not match 'self' in CSP source expression lists. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Exclude extensions. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self-expected.txt ('k') | LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-i nline' 'self'"> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-i nline' 'self'">
5 </head> 5 <script src="/resources/testharness.js"></script>
6 <body> 6 <script src="/resources/testharnessreport.js"></script>
7 <p>
8 filesystem: URLs are same-origin with the page in which they were
9 created, and should therefore match the 'self' source in CSP
10 directives.
11 </p>
12
13 <script> 7 <script>
14 if (window.testRunner) { 8 var t = async_test("blob: does not match 'self' (see step 2 of http: //www.w3.org/TR/CSP2/#match-source-expression)");
15 testRunner.dumpAsText();
16 testRunner.waitUntilDone();
17 }
18 function pass() {
19 alert("PASS (1/1)!");
20 if (window.testRunner)
21 testRunner.notifyDone();
22 }
23 9
24 window.webkitRequestFileSystem(TEMPORARY, 1024*1024 /*1MB*/, functio n(fs) { 10 window.webkitRequestFileSystem(TEMPORARY, 1024*1024 /*1MB*/, functio n(fs) {
25 fs.root.getFile('pass.js', {create: true}, function(fileEntry) { 11 fs.root.getFile('fail.js', {create: true}, function(fileEntry) {
26 fileEntry.createWriter(function(fileWriter) { 12 fileEntry.createWriter(function(fileWriter) {
27 fileWriter.onwriteend = function(e) { 13 fileWriter.onwriteend = function(e) {
28 var script = document.createElement('script'); 14 var script = document.createElement('script');
29 script.src =fileEntry.toURL('application/javascript' ); 15
16 script.addEventListener('load', t.step_func(function () {
17 assert_unreached();
18 }));
19
20 script.addEventListener('error', t.step_func(functio n () {
21 t.done();
22 }));
23
24 script.src = fileEntry.toURL('application/javascript ');
30 document.body.appendChild(script); 25 document.body.appendChild(script);
31 }; 26 };
32 27
33 // Create a new Blob and write it to pass.js. 28 // Create a new Blob and write it to pass.js.
34 var b = new Blob(['pass();'], {type: 'application/javasc ript'}); 29 var b = new Blob(['assert_unreached();'], {type: 'applic ation/javascript'});
35 fileWriter.write(b); 30 fileWriter.write(b);
36 }); 31 });
37 }); 32 });
38 }); 33 });
39 </script> 34 </script>
35 </head>
36 <body>
40 </body> 37 </body>
41 </html> 38 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self-expected.txt ('k') | LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698