Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(27)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html

Issue 1420483005: CSP: Don't perform NFC normalization prior to hashing (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@nfc-frame
Patch Set: Rework test to ensure tests are identical when normalized Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html
index b8264b4112298f074664f2e051580d367f601864..86a21890c27817d50a66103784c0f904c974839f 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html
@@ -2,30 +2,32 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-zv73epHrGLk/k/onuSBPoZAxzaA=' 'sha1-gbGNUiHncUNJ+diPbIoc+x6KrLo='">
+ <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-zv73epHrGLk/k/onuSBPoZAxzaA=' 'sha256-6VVrnAGI98OnlK9Y20hAMwfwBE8c8FOtE/jDYM7tPFk='">
<script>
if (window.testRunner)
testRunner.dumpAsText();
</script>
<!-- The following two scripts contain two separate code points (U+00C5
and U+212B, respectively) which, depending on your text editor, might be
- rendered the same. However, their difference is important as they should
- be NFC normalized to the same code point, thus they should hash to the
- same value.-->
- <script>
+ rendered the same. However, their difference is important as they would
+ be NFC normalized to the same code point, matching the hash. Since NFC
+ normalization should not be performed, the second script should not
+ match the hash and must not be executed. -->
+ <script data-alert="PASS (1/1)">
'Å';
- alert('PASS');
+ alert(document.currentScript.dataset.alert);
</script>
- <script>
+ <script data-alert="FAIL">
'Å';
- alert('PASS');
+ alert(document.currentScript.dataset.alert);
</script>
</head>
<body>
<p>
This tests Unicode normalization. While appearing the same, the
- strings in the scripts are different Unicode points, but through
- normalization, should be the same when the hash is taken.
+ strings in the scripts are different Unicode points. Unicode NFC
+ normalization would make both match the hash, but normalization
+ should not be performed, and so the second script should not run.
</p>
</body>
</html>
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698