OLD | NEW |
1 <?php | 1 <?php |
2 header("Content-Security-Policy: style-src 'nonce-abc'"); | 2 header("Content-Security-Policy: require-sri-for style;"); |
3 ?> | 3 ?> |
4 <!doctype html> | 4 <!doctype html> |
5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
6 <script src="/resources/testharnessreport.js"></script> | 6 <script src="/resources/testharnessreport.js"></script> |
7 <script> | 7 <script> |
8 async_test(t => { | 8 async_test(t => { |
9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation','
securitypolicyviolation']); | 9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation','
securitypolicyviolation']); |
10 watcher | 10 watcher |
11 .wait_for('securitypolicyviolation') | 11 .wait_for('securitypolicyviolation') |
12 .then(t.step_func(e => { | |
13 assert_equals(e.blockedURI, "inline"); | |
14 assert_equals(e.lineNumber, 24); | |
15 return watcher.wait_for('securitypolicyviolation'); | |
16 })) | |
17 .then(t.step_func_done(e => { | 12 .then(t.step_func_done(e => { |
18 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont
entSecurityPolicy/style-set-red.css"); | 13 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont
entSecurityPolicy/style-set-red.css"); |
19 assert_equals(e.lineNumber, 25); | 14 assert_equals(e.lineNumber, 15); |
20 })); | 15 })); |
21 }, "Incorrectly nonced style blocks generate reports."); | 16 }, "Stylesheets without integrity generate reports."); |
22 </script> | 17 </script> |
23 <style> | 18 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css"> |
24 #test1 { | |
25 color: rgba(1,1,1,1); | |
26 } | |
27 </style> | |
28 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css"
nonce="xyz"> | |
29 <script> | 19 <script> |
30 async_test(t => { | 20 async_test(t => { |
31 window.onload = t.step_func_done(_ => { | 21 window.onload = t.step_func_done(_ => { |
32 assert_equals(document.styleSheets.length, 0); | 22 assert_equals(document.styleSheets.length, 0); |
33 }); | 23 }); |
34 }, "Incorrectly nonced stylesheets do not load."); | 24 }, "Stylesheets without integrity do not load."); |
35 </script> | 25 </script> |
OLD | NEW |