Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(274)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html

Issue 2231523002: Make ResourceFetcher return Resources with LoadError instead of nullptrs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase, resolve comment rewrap conflicts. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-blocked.php ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'"> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'">
5 <script src="/resources/testharness.js" nonce="abcdefg"></script> 5 <script src="/resources/testharness.js" nonce="abcdefg"></script>
6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script> 6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>
7 </head> 7 </head>
8 <body> 8 <body>
9 <script nonce="abcdefg"> 9 <script nonce="abcdefg">
10 function generateURL(type) { 10 function generateURL(type) {
11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type; 11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type;
12 } 12 }
13 13
14 var loaded = {}; 14 var loaded = {};
15 var blocked = {}; 15 var blocked = {};
16 window.addEventListener("message", function (e) { 16 window.addEventListener("message", function (e) {
17 loaded[e.data] = true; 17 loaded[e.data] = true;
18 }); 18 });
19 document.addEventListener("securitypolicyviolation", function (e) { 19 document.addEventListener("securitypolicyviolation", function (e) {
20 blocked[e.lineNumber] = true; 20 blocked[e.lineNumber] = true;
21 }); 21 });
22 22 </script>
23 <!-- Need to individually wrap test cases in script blocks. Violation report s triggered by document.write() calls while the parser is waiting on blocking sc ipts are missing line numbers. See: https://crbug.com/649085. -->
24 <script nonce="abcdefg">
23 async_test(function (t) { 25 async_test(function (t) {
24 var e = document.createElement('script'); 26 var e = document.createElement('script');
25 e.src = generateURL("append"); 27 e.src = generateURL("append");
26 e.onload = t.step_func(function () { 28 e.onload = t.step_func(function () {
27 // Delay the check until after the postMessage has a chance to exe cute. 29 // Delay the check until after the postMessage has a chance to exe cute.
28 setTimeout(t.step_func_done(function () { 30 setTimeout(t.step_func_done(function () {
29 assert_true(loaded[generateURL("append")]); 31 assert_true(loaded[generateURL("append")]);
30 }), 1); 32 }), 1);
31 }); 33 });
32 e.onerror = t.unreached_func("Error should not be triggered."); 34 e.onerror = t.unreached_func("Error should not be triggered.");
33 document.body.appendChild(e); 35 document.body.appendChild(e);
34 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." ); 36 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." );
35 37 </script>
38 <script nonce="abcdefg">
36 async_test(function (t) { 39 async_test(function (t) {
37 var e = document.createElement('script'); 40 var e = document.createElement('script');
38 e.src = generateURL("append-async"); 41 e.src = generateURL("append-async");
39 e.async = true; 42 e.async = true;
40 e.onload = t.step_func(function () { 43 e.onload = t.step_func(function () {
41 // Delay the check until after the postMessage has a chance to exe cute. 44 // Delay the check until after the postMessage has a chance to exe cute.
42 setTimeout(t.step_func_done(function () { 45 setTimeout(t.step_func_done(function () {
43 assert_true(loaded[generateURL("append-async")]); 46 assert_true(loaded[generateURL("append-async")]);
44 }), 1); 47 }), 1);
45 }); 48 });
46 e.onerror = t.unreached_func("Error should not be triggered."); 49 e.onerror = t.unreached_func("Error should not be triggered.");
47 document.body.appendChild(e); 50 document.body.appendChild(e);
48 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'."); 51 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'.");
49 52 </script>
53 <script nonce="abcdefg">
50 async_test(function (t) { 54 async_test(function (t) {
51 var e = document.createElement('script'); 55 var e = document.createElement('script');
52 e.src = generateURL("append-defer"); 56 e.src = generateURL("append-defer");
53 e.defer = true; 57 e.defer = true;
54 e.onload = t.step_func(function () { 58 e.onload = t.step_func(function () {
55 // Delay the check until after the postMessage has a chance to exe cute. 59 // Delay the check until after the postMessage has a chance to exe cute.
56 setTimeout(t.step_func_done(function () { 60 setTimeout(t.step_func_done(function () {
57 assert_true(loaded[generateURL("append-defer")]); 61 assert_true(loaded[generateURL("append-defer")]);
58 }), 1); 62 }), 1);
59 }); 63 });
60 e.onerror = t.unreached_func("Error should not be triggered."); 64 e.onerror = t.unreached_func("Error should not be triggered.");
61 document.body.appendChild(e); 65 document.body.appendChild(e);
62 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'."); 66 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'.");
63 67 </script>
68 <script nonce="abcdefg">
64 async_test(function (t) { 69 async_test(function (t) {
65 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>"); 70 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
66 setTimeout(t.step_func_done(function () { 71 setTimeout(t.step_func_done(function () {
67 assert_equals(loaded[generateURL("write")], undefined); 72 assert_equals(loaded[generateURL("write")], undefined);
68 assert_true(blocked[65]); 73 assert_true(blocked[70]);
69 }), 1); 74 }), 1);
70 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'."); 75 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'.");
71 76 </script>
77 <script nonce="abcdefg">
72 async_test(function (t) { 78 async_test(function (t) {
73 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>"); 79 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");
74 setTimeout(t.step_func_done(function () { 80 setTimeout(t.step_func_done(function () {
75 assert_equals(loaded[generateURL("write-defer")], undefined); 81 assert_equals(loaded[generateURL("write-defer")], undefined);
76 assert_true(blocked[73]); 82 assert_true(blocked[79]);
77 }), 1); 83 }), 1);
78 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'."); 84 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'.");
79 85 </script>
86 <script nonce="abcdefg">
80 async_test(function (t) { 87 async_test(function (t) {
81 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>"); 88 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");
82 setTimeout(t.step_func_done(function () { 89 setTimeout(t.step_func_done(function () {
83 assert_equals(loaded[generateURL("write-async")], undefined); 90 assert_equals(loaded[generateURL("write-async")], undefined);
84 assert_true(blocked[81]); 91 assert_true(blocked[88]);
85 }), 1); 92 }), 1);
86 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'."); 93 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'.");
87 </script> 94 </script>
88 <script nonce="abcdefg" defer> 95 <script nonce="abcdefg" defer>
89 async_test(function (t) { 96 async_test(function (t) {
90 var e = document.createElement('script'); 97 var e = document.createElement('script');
91 e.src = generateURL("defer-append"); 98 e.src = generateURL("defer-append");
92 e.onload = t.step_func(function () { 99 e.onload = t.step_func(function () {
93 // Delay the check until after the postMessage has a chance to exe cute. 100 // Delay the check until after the postMessage has a chance to exe cute.
94 setTimeout(t.step_func_done(function () { 101 setTimeout(t.step_func_done(function () {
95 assert_true(loaded[generateURL("defer-append")]); 102 assert_true(loaded[generateURL("defer-append")]);
96 assert_equals(blocked[generateURL("defer-append")], undefined); 103 assert_equals(blocked[generateURL("defer-append")], undefined);
97 }), 1); 104 }), 1);
98 }); 105 });
99 e.onerror = t.unreached_func("Error should not be triggered."); 106 e.onerror = t.unreached_func("Error should not be triggered.");
100 document.body.appendChild(e); 107 document.body.appendChild(e);
101 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'."); 108 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'.");
102 109 </script>
110 <script nonce="abcdefg" defer>
103 async_test(function (t) { 111 async_test(function (t) {
104 var e = document.createElement('script'); 112 var e = document.createElement('script');
105 e.src = generateURL("defer-append-async"); 113 e.src = generateURL("defer-append-async");
106 e.async = true; 114 e.async = true;
107 e.onload = t.step_func(function () { 115 e.onload = t.step_func(function () {
108 // Delay the check until after the postMessage has a chance to exe cute. 116 // Delay the check until after the postMessage has a chance to exe cute.
109 setTimeout(t.step_func_done(function () { 117 setTimeout(t.step_func_done(function () {
110 assert_true(loaded[generateURL("defer-append-async")]); 118 assert_true(loaded[generateURL("defer-append-async")]);
111 assert_equals(blocked[generateURL("defer-append-async")], undefi ned); 119 assert_equals(blocked[generateURL("defer-append-async")], undefi ned);
112 }), 1); 120 }), 1);
113 }); 121 });
114 e.onerror = t.unreached_func("Error should not be triggered."); 122 e.onerror = t.unreached_func("Error should not be triggered.");
115 document.body.appendChild(e); 123 document.body.appendChild(e);
116 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'."); 124 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'.");
117 125 </script>
126 <script nonce="abcdefg" defer>
118 async_test(function (t) { 127 async_test(function (t) {
119 var e = document.createElement('script'); 128 var e = document.createElement('script');
120 e.src = generateURL("defer-append-defer"); 129 e.src = generateURL("defer-append-defer");
121 e.defer = true; 130 e.defer = true;
122 e.onload = t.step_func(function () { 131 e.onload = t.step_func(function () {
123 // Delay the check until after the postMessage has a chance to exe cute. 132 // Delay the check until after the postMessage has a chance to exe cute.
124 setTimeout(t.step_func_done(function () { 133 setTimeout(t.step_func_done(function () {
125 assert_true(loaded[generateURL("defer-append-defer")]); 134 assert_true(loaded[generateURL("defer-append-defer")]);
126 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned); 135 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned);
127 }), 1); 136 }), 1);
128 }); 137 });
129 e.onerror = t.unreached_func("Error should not be triggered."); 138 e.onerror = t.unreached_func("Error should not be triggered.");
130 document.body.appendChild(e); 139 document.body.appendChild(e);
131 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'."); 140 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'.");
132 141 </script>
142 <script nonce="abcdefg" defer>
133 async_test(function (t) { 143 async_test(function (t) {
134 document.write("<scr" + "ipt src='" + generateURL("defer-write") + "'> </scr" + "ipt>"); 144 document.write("<scr" + "ipt src='" + generateURL("defer-write") + "'> </scr" + "ipt>");
135 setTimeout(t.step_func_done(function () { 145 setTimeout(t.step_func_done(function () {
136 assert_equals(loaded[generateURL("defer-write")], undefined); 146 assert_equals(loaded[generateURL("defer-write")], undefined);
137 assert_true(blocked[134]); 147 assert_true(blocked[144]);
138 }), 1); 148 }), 1);
139 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'."); 149 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'.");
140 150 </script>
151 <script nonce="abcdefg" defer>
141 async_test(function (t) { 152 async_test(function (t) {
142 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>"); 153 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>");
143 setTimeout(t.step_func_done(function () { 154 setTimeout(t.step_func_done(function () {
144 assert_equals(loaded[generateURL("defer-write-defer")], undefined); 155 assert_equals(loaded[generateURL("defer-write-defer")], undefined);
145 assert_true(blocked[142]); 156 assert_true(blocked[153]);
146 }), 1); 157 }), 1);
147 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'."); 158 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'.");
148 159 </script>
160 <script nonce="abcdefg" defer>
149 async_test(function (t) { 161 async_test(function (t) {
150 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>"); 162 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>");
151 setTimeout(t.step_func_done(function () { 163 setTimeout(t.step_func_done(function () {
152 assert_equals(loaded[generateURL("defer-write-async")], undefined); 164 assert_equals(loaded[generateURL("defer-write-async")], undefined);
153 assert_true(blocked[150]); 165 assert_true(blocked[162]);
154 }), 1); 166 }), 1);
155 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'."); 167 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'.");
156 </script> 168 </script>
157 </body> 169 </body>
158 </html> 170 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-blocked.php ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698