third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-script-allowed.php - Issue 2056183002: Implement the `require-sri-for` CSP directive

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-script-allowed.php

Issue 2056183002: Implement the `require-sri-for` CSP directive (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: addressed comments Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 <?php

	2 header("Content-Security-Policy: require-sri-for script; script-src 'self' ' unsafe-inline'");

	3 ?>

	4 <!doctype html>

	5 <script crossorigin integrity="sha384-UJisrHOd28H+f7qUM4ht1sXeUXdQueftSMZzxqyAxS jCz3uRQKGYyihAu2NJZV/W" src="/resources/testharness.js"></script>

	6 <script crossorigin integrity="sha384-n7qQ0cyZ8yW0wYyNNS+P26cklS47KYG3pDDR87Ya3Z +V0RsKbPi8W3R/8Io7jEeo" src="/resources/testharnessreport.js"></script>

	7 <script>
	Mike West 2016/06/21 07:29:36 More of a question for the spec than this patch, b More of a question for the spec than this patch, but Apple was asking about extending SRI to include inline script blocks at the top of our last face-to-face meeting: minutes at https://www.w3.org/2016/05/16-webappsec-minutes.html#item02. Would you mind filing a spec bug and CCing the relevant folks to make sure this is taken care of one way or another? If it's something we'd like to do, we should be blocking this script block.
	8 var executed_test = async_test("Script that requires integrity executes and does not generate a violation report.");

	9 document.addEventListener('securitypolicyviolation', executed_test.unreached _func("No report should be generated."));

	10 </script>

	11 <script crossorigin integrity="sha384-SOGIJ0vOWzweNE6RLF/TOXGmPzCxF5+dNuBP4x1Ngn KsfC4yFCVIDJILalTMwUrp" src="ran.js"></script>

	12 <script>

	13 executed_test.done();
	Mike West 2016/06/21 07:29:36 assert_equals(z, 13); assert_equals(z, 13);
	14 </script>

OLD	NEW