third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt - Issue 1420483005: CSP: Don't perform NFC normalization prior to hashing

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt

Issue 1420483005: CSP: Don't perform NFC normalization prior to hashing (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@nfc-frame

Patch Set: Rework test to ensure tests are identical when normalized Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt

index 8c74f27e5903bd6d3447ca091230fe70fcaa3298..bb35ec9509b5a25119f1d722e4394067629a0017 100644

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt

+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt

@@ -1,3 +1,4 @@

-ALERT: PASS

-This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken.

+ALERT: PASS (1/1)

+CONSOLE ERROR: line 20: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'sha1-zv73epHrGLk/k/onuSBPoZAxzaA=' 'sha256-6VVrnAGI98OnlK9Y20hAMwfwBE8c8FOtE/jDYM7tPFk='". Either the 'unsafe-inline' keyword, a hash ('sha256-1YpMZRdgC0WhwwFBK0bksRyUnuhzlCJp0nKmbZYUi+Q='), or a nonce ('nonce-...') is required to enable inline execution.

+This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points. Unicode NFC normalization would make both match the hash, but normalization should not be performed, and so the second script should not run.