Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html |
index b8264b4112298f074664f2e051580d367f601864..96bb6c47ad8b933da10533bb19c3bc4cec5c2c3a 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html |
@@ -2,30 +2,32 @@ |
<html> |
<head> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
- <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-zv73epHrGLk/k/onuSBPoZAxzaA=' 'sha1-gbGNUiHncUNJ+diPbIoc+x6KrLo='"> |
+ <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-zv73epHrGLk/k/onuSBPoZAxzaA=' 'sha256-U4Gr+1CJNHI/q8KjKw7YgdNNzwOinyKeRC4leoWXeMU='"> |
<script> |
if (window.testRunner) |
testRunner.dumpAsText(); |
</script> |
<!-- The following two scripts contain two separate code points (U+00C5 |
and U+212B, respectively) which, depending on your text editor, might be |
- rendered the same. However, their difference is important as they should |
- be NFC normalized to the same code point, thus they should hash to the |
- same value.--> |
+ rendered the same. However, their difference is important as they would |
+ be NFC normalized to the same code point, matching the hash. Since NFC |
+ normalization should not be performed, the second script should not |
+ match the hash and must not be executed. --> |
<script> |
'Å'; |
- alert('PASS'); |
+ alert('PASS (1/1)'); |
jww
2015/10/29 21:22:14
Unfortunately, I don't think this tests what we ac
jsbell
2015/10/29 22:01:46
Oh, duh, thanks. Of course, they started off that
jww
2015/10/29 22:06:46
Looks good!
|
</script> |
<script> |
'Å'; |
- alert('PASS'); |
+ alert('FAIL'); |
</script> |
</head> |
<body> |
<p> |
This tests Unicode normalization. While appearing the same, the |
- strings in the scripts are different Unicode points, but through |
- normalization, should be the same when the hash is taken. |
+ strings in the scripts are different Unicode points. Unicode NFC |
+ normalization would make both match the hash, but normalization |
+ should not be performed, and so the second script should not run. |
</p> |
</body> |
</html> |