third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-wildcards-disallowed.html - Issue 1361763005: Disallow CSP source * matching of data:, blob:, and filesystem: URLs

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-wildcards-disallowed.html

Issue 1361763005: Disallow CSP source * matching of data:, blob:, and filesystem: URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master

Patch Set: Better extensions fix Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 <!DOCTYPE html>

	2 <html>

	3 <head>

	4 <title>script-src disallowed wildcard use</title>

	5 <script src="../../../resources/testharness.js"></script>

	6 <script src="../../../resources/testharnessreport.js"></script>

	7 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-nonce' *">

	8 </head>

	9 <body>

	10 <script nonce="nonce">

	11 var t1 = async_test('data: URIs should not match *');

	12 t1.step(function() {

	13 var script = document.createElement("script");

	14 script.src = 'data:application/javascript,';

	15 script.addEventListener('load', t1.step_func(function() {

	16 assert_unreached('Should not successfully load data URI.');

	17 }));

	18 script.addEventListener('error', t1.step_func(function() {

	19 t1.done();

	20 }));

	21 document.head.appendChild(script);

	22 });

	23

	24 var t2 = async_test('blob: URIs should not match *');

	25 t2.step(function() {

	26 var b = new Blob([''], { type: 'application/javascript' });

	27 var script = document.createElement('script');

	28 script.addEventListener('load', t2.step_func(function() {

	29 assert_unreached('Should not successfully load blob URI.');

	30 }));

	31 script.addEventListener('error', t2.step_func(function() {

	32 t2.done();

	33 }));

	34

	35 script.src = URL.createObjectURL(b);

	36 document.head.appendChild(script);

	37 });

	38

	39 if (window.webkitRequestFileSystem) {

	40 var t3 = async_test('filesystem URIs should not match *');

	41 window.webkitRequestFileSystem(TEMPORARY, 10241024 /1MB*/, functio n(fs) {

	42 fs.root.getFile('fail.js', {create: true}, function(fileEntry) {

	43 fileEntry.createWriter(function(fileWriter) {

	44 var script = document.createElement('script');

	45

	46 script.addEventListener('load', t3.step_func(function() {

	47 assert_unreached('Should not successfully load files ystem URI.');

	48 }));

	49 script.addEventListener('error', t3.step_func(function() {

	50 t3.done();

	51 }));

	52

	53 script.src = fileEntry.toURL('application/javascript');

	54 document.body.appendChild(script);

	55 });

	56 });

	57 });

	58 }

	59 </script>

	60 </body>

	61 </html>

OLD	NEW

« no previous file with comments | « extensions/common/manifest_handlers/csp_info.cc ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceList.h » ('j') | no next file with comments »