Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-allowed.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html |
similarity index 59% |
copy from third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-allowed.html |
copy to third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html |
index b73cc17b1ab5e7603f8f12b3c9ae76ee462c24c1..b5e21d1214b2bffe64b734f7a5d155756fe7f887 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-allowed.html |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html |
@@ -5,29 +5,20 @@ |
<script src="/resources/testharnessreport.js"></script> |
<script> |
async_test(function (t) { |
- window.expectSuccess = t.step_func_done(function (el) { |
- assert_equals(el, document.querySelector('#pass')); |
- }); |
+ window.expectSuccess = t.unreached_func("Handler should not execute."); |
window.addEventListener('load', t.step_func(function () { |
document.querySelector('#pass').click(); |
})); |
- }, 'Inline event handlers whitelisted by the policy should fire.'); |
- |
- async_test(function (t) { |
- window.expectFailure = t.unreached_func("Handler should not execute."); |
document.addEventListener('securitypolicyviolation', t.step_func_done(function (e) { |
assert_equals(e.target, document); |
})); |
- window.addEventListener('load', t.step_func(function () { |
- document.querySelector('#fail').click(); |
- })); |
- }, 'Inline event handlers not whitelisted by the policy should generate error events.'); |
+ }, 'Inline event handlers whitelisted by the policy should not fire, as \'unsafe-hash-attributes\' is not present.'); |
</script> |
<meta http-equiv="Content-Security-Policy" content="script-src 'sha256-nhtYaXCssBJTThiDLYewspQYue9tisulEwJ3nTJKcMI='"> |
</head> |
<body> |
- <button id="pass" onclick="expectSuccess(this)"></button> |
+ <button id="pass" onclick="expectFailure(this)"></button> |
<button id="fail" onclick="expectFailure(this)"></button> |
</body> |
</html> |