Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html

Issue 2082613002: Rename 'unsafe-dynamic' to 'strict-dynamic' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-unsafe-dynamic.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'unsafe-dynamic' http://localhost:8000"> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic' http://localhost:8000">
5 <script src="/resources/testharness.js" nonce="abcdefg"></script> 5 <script src="/resources/testharness.js" nonce="abcdefg"></script>
6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script> 6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>
7 </head> 7 </head>
8 <body> 8 <body>
9 <script nonce="abcdefg"> 9 <script nonce="abcdefg">
10 function generateURL(type) { 10 function generateURL(type) {
11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type; 11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type;
12 } 12 }
13 13
14 var loaded = {}; 14 var loaded = {};
15 var blocked = {}; 15 var blocked = {};
16 window.addEventListener("message", function (e) { 16 window.addEventListener("message", function (e) {
17 loaded[e.data] = true; 17 loaded[e.data] = true;
18 }); 18 });
19 document.addEventListener("securitypolicyviolation", function (e) { 19 document.addEventListener("securitypolicyviolation", function (e) {
20 blocked[e.lineNumber] = true; 20 blocked[e.lineNumber] = true;
21 }); 21 });
22 22
23 async_test(function (t) { 23 async_test(function (t) {
24 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>"); 24 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
25 setTimeout(t.step_func_done(function () { 25 setTimeout(t.step_func_done(function () {
26 assert_equals(loaded[generateURL("write")], undefined); 26 assert_equals(loaded[generateURL("write")], undefined);
27 assert_true(blocked[24]); 27 assert_true(blocked[24]);
28 }, 1)); 28 }, 1));
29 }, "Script injected via 'document.write' is not allowed with 'unsafe-dyn amic', even if whitelisted."); 29 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic', even if whitelisted.");
30 30
31 async_test(function (t) { 31 async_test(function (t) {
32 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>"); 32 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");
33 setTimeout(t.step_func_done(function () { 33 setTimeout(t.step_func_done(function () {
34 assert_equals(loaded[generateURL("write-defer")], undefined); 34 assert_equals(loaded[generateURL("write-defer")], undefined);
35 assert_true(blocked[32]); 35 assert_true(blocked[32]);
36 }, 1)); 36 }, 1));
37 }, "Deferred script injected via 'document.write' is not allowed with 'u nsafe-dynamic', even if whitelisted."); 37 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic', even if whitelisted.");
38 38
39 async_test(function (t) { 39 async_test(function (t) {
40 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>"); 40 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");
41 setTimeout(t.step_func_done(function () { 41 setTimeout(t.step_func_done(function () {
42 assert_equals(loaded[generateURL("write-async")], undefined); 42 assert_equals(loaded[generateURL("write-async")], undefined);
43 assert_true(blocked[40]); 43 assert_true(blocked[40]);
44 }, 1)); 44 }, 1));
45 }, "Async script injected via 'document.write' is not allowed with 'unsa fe-dynamic', even if whitelisted."); 45 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic', even if whitelisted.");
46 </script> 46 </script>
47 </body> 47 </body>
48 </html> 48 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-unsafe-dynamic.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698