Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(86)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-allowed.html

Issue 1923273002: CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharness.js"></script>
5 <script src="/resources/testharnessreport.js"></script> 5 <script src="/resources/testharnessreport.js"></script>
6 <script> 6 <script>
7 async_test(function (t) { 7 async_test(function (t) {
8 window.expectSuccess = t.step_func_done(function (el) { 8 window.expectSuccess = t.step_func_done(function (el) {
9 assert_equals(el, document.querySelector('#pass')); 9 assert_equals(el, document.querySelector('#pass'));
10 }); 10 });
11 window.addEventListener('load', t.step_func(function () { 11 window.addEventListener('load', t.step_func(function () {
12 document.querySelector('#pass').click(); 12 document.querySelector('#pass').click();
13 })); 13 }));
14 }, 'Inline event handlers whitelisted by the policy should fire.'); 14 }, 'Inline event handlers whitelisted by the policy should fire.');
15 15
16 async_test(function (t) { 16 async_test(function (t) {
17 window.expectFailure = t.unreached_func("Handler should not exec ute."); 17 window.expectFailure = t.unreached_func("Handler should not exec ute.");
18 document.addEventListener('securitypolicyviolation', t.step_func _done(function (e) { 18 document.addEventListener('securitypolicyviolation', t.step_func _done(function (e) {
19 assert_equals(e.target, document); 19 assert_equals(e.target, document);
20 })); 20 }));
21 window.addEventListener('load', t.step_func(function () { 21 window.addEventListener('load', t.step_func(function () {
22 document.querySelector('#fail').click(); 22 document.querySelector('#fail').click();
23 })); 23 }));
24 }, 'Inline event handlers not whitelisted by the policy should gener ate error events.'); 24 }, 'Inline event handlers not whitelisted by the policy should gener ate error events.');
25 </script> 25 </script>
26 26
27 <meta http-equiv="Content-Security-Policy" content="script-src 'sha256-n htYaXCssBJTThiDLYewspQYue9tisulEwJ3nTJKcMI='"> 27 <meta http-equiv="Content-Security-Policy" content="script-src 'sha256-n htYaXCssBJTThiDLYewspQYue9tisulEwJ3nTJKcMI=' 'unsafe-hashed-attributes'">
28 </head> 28 </head>
29 <body> 29 <body>
30 <button id="pass" onclick="expectSuccess(this)"></button> 30 <button id="pass" onclick="expectSuccess(this)"></button>
31 <button id="fail" onclick="expectFailure(this)"></button> 31 <button id="fail" onclick="expectFailure(this)"></button>
32 </body> 32 </body>
33 </html> 33 </html>
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698