Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(96)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html

Issue 2082613002: Rename 'unsafe-dynamic' to 'strict-dynamic' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'unsafe-dynamic'"> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'">
5 <script src="/resources/testharness.js" nonce="abcdefg"></script> 5 <script src="/resources/testharness.js" nonce="abcdefg"></script>
6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script> 6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>
7 </head> 7 </head>
8 <body> 8 <body>
9 <script nonce="abcdefg"> 9 <script nonce="abcdefg">
10 function generateURL(type) { 10 function generateURL(type) {
11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type; 11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type;
12 } 12 }
13 13
14 var loaded = {}; 14 var loaded = {};
15 var blocked = {}; 15 var blocked = {};
16 window.addEventListener("message", function (e) { 16 window.addEventListener("message", function (e) {
17 loaded[e.data] = true; 17 loaded[e.data] = true;
18 }); 18 });
19 document.addEventListener("securitypolicyviolation", function (e) { 19 document.addEventListener("securitypolicyviolation", function (e) {
20 blocked[e.lineNumber] = true; 20 blocked[e.lineNumber] = true;
21 }); 21 });
22 22
23 async_test(function (t) { 23 async_test(function (t) {
24 var e = document.createElement('script'); 24 var e = document.createElement('script');
25 e.src = generateURL("append"); 25 e.src = generateURL("append");
26 e.onload = t.step_func(function () { 26 e.onload = t.step_func(function () {
27 // Delay the check until after the postMessage has a chance to exe cute. 27 // Delay the check until after the postMessage has a chance to exe cute.
28 setTimeout(t.step_func_done(function () { 28 setTimeout(t.step_func_done(function () {
29 assert_true(loaded[generateURL("append")]); 29 assert_true(loaded[generateURL("append")]);
30 }, 1)); 30 }, 1));
31 }); 31 });
32 e.onerror = t.unreached_func("Error should not be triggered."); 32 e.onerror = t.unreached_func("Error should not be triggered.");
33 document.body.appendChild(e); 33 document.body.appendChild(e);
34 }, "Script injected via 'appendChild' is allowed with 'unsafe-dynamic'." ); 34 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." );
35 35
36 async_test(function (t) { 36 async_test(function (t) {
37 var e = document.createElement('script'); 37 var e = document.createElement('script');
38 e.src = generateURL("append-async"); 38 e.src = generateURL("append-async");
39 e.async = true; 39 e.async = true;
40 e.onload = t.step_func(function () { 40 e.onload = t.step_func(function () {
41 // Delay the check until after the postMessage has a chance to exe cute. 41 // Delay the check until after the postMessage has a chance to exe cute.
42 setTimeout(t.step_func_done(function () { 42 setTimeout(t.step_func_done(function () {
43 assert_true(loaded[generateURL("append-async")]); 43 assert_true(loaded[generateURL("append-async")]);
44 }, 1)); 44 }, 1));
45 }); 45 });
46 e.onerror = t.unreached_func("Error should not be triggered."); 46 e.onerror = t.unreached_func("Error should not be triggered.");
47 document.body.appendChild(e); 47 document.body.appendChild(e);
48 }, "Async script injected via 'appendChild' is allowed with 'unsafe-dyna mic'."); 48 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'.");
49 49
50 async_test(function (t) { 50 async_test(function (t) {
51 var e = document.createElement('script'); 51 var e = document.createElement('script');
52 e.src = generateURL("append-defer"); 52 e.src = generateURL("append-defer");
53 e.defer = true; 53 e.defer = true;
54 e.onload = t.step_func(function () { 54 e.onload = t.step_func(function () {
55 // Delay the check until after the postMessage has a chance to exe cute. 55 // Delay the check until after the postMessage has a chance to exe cute.
56 setTimeout(t.step_func_done(function () { 56 setTimeout(t.step_func_done(function () {
57 assert_true(loaded[generateURL("append-defer")]); 57 assert_true(loaded[generateURL("append-defer")]);
58 }, 1)); 58 }, 1));
59 }); 59 });
60 e.onerror = t.unreached_func("Error should not be triggered."); 60 e.onerror = t.unreached_func("Error should not be triggered.");
61 document.body.appendChild(e); 61 document.body.appendChild(e);
62 }, "Deferred script injected via 'appendChild' is allowed with 'unsafe-d ynamic'."); 62 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'.");
63 63
64 async_test(function (t) { 64 async_test(function (t) {
65 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>"); 65 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
66 setTimeout(t.step_func_done(function () { 66 setTimeout(t.step_func_done(function () {
67 assert_equals(loaded[generateURL("write")], undefined); 67 assert_equals(loaded[generateURL("write")], undefined);
68 assert_true(blocked[65]); 68 assert_true(blocked[65]);
69 }, 1)); 69 }, 1));
70 }, "Script injected via 'document.write' is not allowed with 'unsafe-dyn amic'."); 70 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'.");
71 71
72 async_test(function (t) { 72 async_test(function (t) {
73 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>"); 73 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");
74 setTimeout(t.step_func_done(function () { 74 setTimeout(t.step_func_done(function () {
75 assert_equals(loaded[generateURL("write-defer")], undefined); 75 assert_equals(loaded[generateURL("write-defer")], undefined);
76 assert_true(blocked[73]); 76 assert_true(blocked[73]);
77 }, 1)); 77 }, 1));
78 }, "Deferred script injected via 'document.write' is not allowed with 'u nsafe-dynamic'."); 78 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'.");
79 79
80 async_test(function (t) { 80 async_test(function (t) {
81 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>"); 81 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");
82 setTimeout(t.step_func_done(function () { 82 setTimeout(t.step_func_done(function () {
83 assert_equals(loaded[generateURL("write-async")], undefined); 83 assert_equals(loaded[generateURL("write-async")], undefined);
84 assert_true(blocked[81]); 84 assert_true(blocked[81]);
85 }, 1)); 85 }, 1));
86 }, "Async script injected via 'document.write' is not allowed with 'unsa fe-dynamic'."); 86 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'.");
87 </script> 87 </script>
88 <script nonce="abcdefg" defer> 88 <script nonce="abcdefg" defer>
89 async_test(function (t) { 89 async_test(function (t) {
90 var e = document.createElement('script'); 90 var e = document.createElement('script');
91 e.src = generateURL("defer-append"); 91 e.src = generateURL("defer-append");
92 e.onload = t.step_func(function () { 92 e.onload = t.step_func(function () {
93 // Delay the check until after the postMessage has a chance to exe cute. 93 // Delay the check until after the postMessage has a chance to exe cute.
94 setTimeout(t.step_func_done(function () { 94 setTimeout(t.step_func_done(function () {
95 assert_true(loaded[generateURL("defer-append")]); 95 assert_true(loaded[generateURL("defer-append")]);
96 assert_equals(blocked[generateURL("defer-append")], undefined); 96 assert_equals(blocked[generateURL("defer-append")], undefined);
97 }, 1)); 97 }, 1));
98 }); 98 });
99 e.onerror = t.unreached_func("Error should not be triggered."); 99 e.onerror = t.unreached_func("Error should not be triggered.");
100 document.body.appendChild(e); 100 document.body.appendChild(e);
101 }, "Script injected via deferred 'appendChild' is allowed with 'unsafe-d ynamic'."); 101 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'.");
102 102
103 async_test(function (t) { 103 async_test(function (t) {
104 var e = document.createElement('script'); 104 var e = document.createElement('script');
105 e.src = generateURL("defer-append-async"); 105 e.src = generateURL("defer-append-async");
106 e.async = true; 106 e.async = true;
107 e.onload = t.step_func(function () { 107 e.onload = t.step_func(function () {
108 // Delay the check until after the postMessage has a chance to exe cute. 108 // Delay the check until after the postMessage has a chance to exe cute.
109 setTimeout(t.step_func_done(function () { 109 setTimeout(t.step_func_done(function () {
110 assert_true(loaded[generateURL("defer-append-async")]); 110 assert_true(loaded[generateURL("defer-append-async")]);
111 assert_equals(blocked[generateURL("defer-append-async")], undefi ned); 111 assert_equals(blocked[generateURL("defer-append-async")], undefi ned);
112 }, 1)); 112 }, 1));
113 }); 113 });
114 e.onerror = t.unreached_func("Error should not be triggered."); 114 e.onerror = t.unreached_func("Error should not be triggered.");
115 document.body.appendChild(e); 115 document.body.appendChild(e);
116 }, "Async script injected via deferred 'appendChild' is allowed with 'un safe-dynamic'."); 116 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'.");
117 117
118 async_test(function (t) { 118 async_test(function (t) {
119 var e = document.createElement('script'); 119 var e = document.createElement('script');
120 e.src = generateURL("defer-append-defer"); 120 e.src = generateURL("defer-append-defer");
121 e.defer = true; 121 e.defer = true;
122 e.onload = t.step_func(function () { 122 e.onload = t.step_func(function () {
123 // Delay the check until after the postMessage has a chance to exe cute. 123 // Delay the check until after the postMessage has a chance to exe cute.
124 setTimeout(t.step_func_done(function () { 124 setTimeout(t.step_func_done(function () {
125 assert_true(loaded[generateURL("defer-append-defer")]); 125 assert_true(loaded[generateURL("defer-append-defer")]);
126 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned); 126 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned);
127 }, 1)); 127 }, 1));
128 }); 128 });
129 e.onerror = t.unreached_func("Error should not be triggered."); 129 e.onerror = t.unreached_func("Error should not be triggered.");
130 document.body.appendChild(e); 130 document.body.appendChild(e);
131 }, "Deferred script injected via deferred 'appendChild' is allowed with 'unsafe-dynamic'."); 131 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'.");
132 132
133 async_test(function (t) { 133 async_test(function (t) {
134 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>"); 134 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
135 setTimeout(t.step_func_done(function () { 135 setTimeout(t.step_func_done(function () {
136 assert_equals(loaded[generateURL("defer-write")], undefined); 136 assert_equals(loaded[generateURL("defer-write")], undefined);
137 assert_true(blocked[134]); 137 assert_true(blocked[134]);
138 }, 1)); 138 }, 1));
139 }, "Script injected via deferred 'document.write' is not allowed with 'u nsafe-dynamic'."); 139 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'.");
140 140
141 async_test(function (t) { 141 async_test(function (t) {
142 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>"); 142 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>");
143 setTimeout(t.step_func_done(function () { 143 setTimeout(t.step_func_done(function () {
144 assert_equals(loaded[generateURL("write-defer")], undefined); 144 assert_equals(loaded[generateURL("write-defer")], undefined);
145 assert_true(blocked[142]); 145 assert_true(blocked[142]);
146 }, 1)); 146 }, 1));
147 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'unsafe-dynamic'."); 147 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'.");
148 148
149 async_test(function (t) { 149 async_test(function (t) {
150 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>"); 150 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>");
151 setTimeout(t.step_func_done(function () { 151 setTimeout(t.step_func_done(function () {
152 assert_equals(loaded[generateURL("defer-write-async")], undefined); 152 assert_equals(loaded[generateURL("defer-write-async")], undefined);
153 assert_true(blocked[150]); 153 assert_true(blocked[150]);
154 }, 1)); 154 }, 1));
155 }, "Async script injected via deferred 'document.write' is not allowed w ith 'unsafe-dynamic'."); 155 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'.");
156 </script> 156 </script>
157 </body> 157 </body>
158 </html> 158 </html>
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698