OLD | NEW |
---|---|
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | 4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
5 <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-zv7 3epHrGLk/k/onuSBPoZAxzaA=' 'sha1-gbGNUiHncUNJ+diPbIoc+x6KrLo='"> | 5 <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-zv7 3epHrGLk/k/onuSBPoZAxzaA=' 'sha256-U4Gr+1CJNHI/q8KjKw7YgdNNzwOinyKeRC4leoWXeMU=' "> |
6 <script> | 6 <script> |
7 if (window.testRunner) | 7 if (window.testRunner) |
8 testRunner.dumpAsText(); | 8 testRunner.dumpAsText(); |
9 </script> | 9 </script> |
10 <!-- The following two scripts contain two separate code points (U+00C5 | 10 <!-- The following two scripts contain two separate code points (U+00C5 |
11 and U+212B, respectively) which, depending on your text editor, might be | 11 and U+212B, respectively) which, depending on your text editor, might be |
12 rendered the same. However, their difference is important as they should | 12 rendered the same. However, their difference is important as they would |
13 be NFC normalized to the same code point, thus they should hash to the | 13 be NFC normalized to the same code point, matching the hash. Since NFC |
14 same value.--> | 14 normalization should not be performed, the second script should not |
15 match the hash and must not be executed. --> | |
15 <script> | 16 <script> |
16 'Å'; | 17 'Å'; |
17 alert('PASS'); | 18 alert('PASS (1/1)'); |
jww
2015/10/29 21:22:14
Unfortunately, I don't think this tests what we ac
jsbell
2015/10/29 22:01:46
Oh, duh, thanks. Of course, they started off that
jww
2015/10/29 22:06:46
Looks good!
| |
18 </script> | 19 </script> |
19 <script> | 20 <script> |
20 'Å'; | 21 'Å'; |
21 alert('PASS'); | 22 alert('FAIL'); |
22 </script> | 23 </script> |
23 </head> | 24 </head> |
24 <body> | 25 <body> |
25 <p> | 26 <p> |
26 This tests Unicode normalization. While appearing the same, the | 27 This tests Unicode normalization. While appearing the same, the |
27 strings in the scripts are different Unicode points, but through | 28 strings in the scripts are different Unicode points. Unicode NFC |
28 normalization, should be the same when the hash is taken. | 29 normalization would make both match the hash, but normalization |
30 should not be performed, and so the second script should not run. | |
29 </p> | 31 </p> |
30 </body> | 32 </body> |
31 </html> | 33 </html> |
OLD | NEW |