third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html - Issue 2360293002: Fix 'strict-dynamic' tests (generateURL / assert mismatch).

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html

Issue 2360293002: Fix 'strict-dynamic' tests (generateURL / assert mismatch). (Closed)

Patch Set: Fix misplaced parentheses. Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <!DOCTYPE html>	1 <!DOCTYPE html>

2 <html>	2 <html>

3 <head>	3 <head>

4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'">	4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'">

5 <script src="/resources/testharness.js" nonce="abcdefg"></script>	5 <script src="/resources/testharness.js" nonce="abcdefg"></script>

6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>	6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>

7 </head>	7 </head>

8 <body>	8 <body>

9 <script nonce="abcdefg">	9 <script nonce="abcdefg">

10 function generateURL(type) {	10 function generateURL(type) {

11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type;	11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type;

12 }	12 }

13	13

14 var loaded = {};	14 var loaded = {};

15 var blocked = {};	15 var blocked = {};

16 window.addEventListener("message", function (e) {	16 window.addEventListener("message", function (e) {

17 loaded[e.data] = true;	17 loaded[e.data] = true;

18 });	18 });

19 document.addEventListener("securitypolicyviolation", function (e) {	19 document.addEventListener("securitypolicyviolation", function (e) {

20 blocked[e.lineNumber] = true;	20 blocked[e.lineNumber] = true;

21 });	21 });

22	22

23 async_test(function (t) {	23 async_test(function (t) {

24 var e = document.createElement('script');	24 var e = document.createElement('script');

25 e.src = generateURL("append");	25 e.src = generateURL("append");

26 e.onload = t.step_func(function () {	26 e.onload = t.step_func(function () {

27 // Delay the check until after the postMessage has a chance to exe cute.	27 // Delay the check until after the postMessage has a chance to exe cute.

28 setTimeout(t.step_func_done(function () {	28 setTimeout(t.step_func_done(function () {

29 assert_true(loaded[generateURL("append")]);	29 assert_true(loaded[generateURL("append")]);

30 }, 1));	30 }), 1);

31 });	31 });

32 e.onerror = t.unreached_func("Error should not be triggered.");	32 e.onerror = t.unreached_func("Error should not be triggered.");

33 document.body.appendChild(e);	33 document.body.appendChild(e);

34 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." );	34 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." );

35	35

36 async_test(function (t) {	36 async_test(function (t) {

37 var e = document.createElement('script');	37 var e = document.createElement('script');

38 e.src = generateURL("append-async");	38 e.src = generateURL("append-async");

39 e.async = true;	39 e.async = true;

40 e.onload = t.step_func(function () {	40 e.onload = t.step_func(function () {

41 // Delay the check until after the postMessage has a chance to exe cute.	41 // Delay the check until after the postMessage has a chance to exe cute.

42 setTimeout(t.step_func_done(function () {	42 setTimeout(t.step_func_done(function () {

43 assert_true(loaded[generateURL("append-async")]);	43 assert_true(loaded[generateURL("append-async")]);

44 }, 1));	44 }), 1);

45 });	45 });

46 e.onerror = t.unreached_func("Error should not be triggered.");	46 e.onerror = t.unreached_func("Error should not be triggered.");

47 document.body.appendChild(e);	47 document.body.appendChild(e);

48 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'.");	48 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'.");

49	49

50 async_test(function (t) {	50 async_test(function (t) {

51 var e = document.createElement('script');	51 var e = document.createElement('script');

52 e.src = generateURL("append-defer");	52 e.src = generateURL("append-defer");

53 e.defer = true;	53 e.defer = true;

54 e.onload = t.step_func(function () {	54 e.onload = t.step_func(function () {

55 // Delay the check until after the postMessage has a chance to exe cute.	55 // Delay the check until after the postMessage has a chance to exe cute.

56 setTimeout(t.step_func_done(function () {	56 setTimeout(t.step_func_done(function () {

57 assert_true(loaded[generateURL("append-defer")]);	57 assert_true(loaded[generateURL("append-defer")]);

58 }, 1));	58 }), 1);

59 });	59 });

60 e.onerror = t.unreached_func("Error should not be triggered.");	60 e.onerror = t.unreached_func("Error should not be triggered.");

61 document.body.appendChild(e);	61 document.body.appendChild(e);

62 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'.");	62 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'.");

63	63

64 async_test(function (t) {	64 async_test(function (t) {

65 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");	65 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");

66 setTimeout(t.step_func_done(function () {	66 setTimeout(t.step_func_done(function () {

67 assert_equals(loaded[generateURL("write")], undefined);	67 assert_equals(loaded[generateURL("write")], undefined);

68 assert_true(blocked[65]);	68 assert_true(blocked[65]);

69 }, 1));	69 }), 1);

70 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'.");	70 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'.");

71	71

72 async_test(function (t) {	72 async_test(function (t) {

73 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");	73 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");

74 setTimeout(t.step_func_done(function () {	74 setTimeout(t.step_func_done(function () {

75 assert_equals(loaded[generateURL("write-defer")], undefined);	75 assert_equals(loaded[generateURL("write-defer")], undefined);

76 assert_true(blocked[73]);	76 assert_true(blocked[73]);

77 }, 1));	77 }), 1);

78 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'.");	78 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'.");

79	79

80 async_test(function (t) {	80 async_test(function (t) {

81 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");	81 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");

82 setTimeout(t.step_func_done(function () {	82 setTimeout(t.step_func_done(function () {

83 assert_equals(loaded[generateURL("write-async")], undefined);	83 assert_equals(loaded[generateURL("write-async")], undefined);

84 assert_true(blocked[81]);	84 assert_true(blocked[81]);

85 }, 1));	85 }), 1);

86 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'.");	86 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'.");

87 </script>	87 </script>

88 <script nonce="abcdefg" defer>	88 <script nonce="abcdefg" defer>

89 async_test(function (t) {	89 async_test(function (t) {

90 var e = document.createElement('script');	90 var e = document.createElement('script');

91 e.src = generateURL("defer-append");	91 e.src = generateURL("defer-append");

92 e.onload = t.step_func(function () {	92 e.onload = t.step_func(function () {

93 // Delay the check until after the postMessage has a chance to exe cute.	93 // Delay the check until after the postMessage has a chance to exe cute.

94 setTimeout(t.step_func_done(function () {	94 setTimeout(t.step_func_done(function () {

95 assert_true(loaded[generateURL("defer-append")]);	95 assert_true(loaded[generateURL("defer-append")]);

96 assert_equals(blocked[generateURL("defer-append")], undefined);	96 assert_equals(blocked[generateURL("defer-append")], undefined);

97 }, 1));	97 }), 1);

98 });	98 });

99 e.onerror = t.unreached_func("Error should not be triggered.");	99 e.onerror = t.unreached_func("Error should not be triggered.");

100 document.body.appendChild(e);	100 document.body.appendChild(e);

101 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'.");	101 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'.");

102	102

103 async_test(function (t) {	103 async_test(function (t) {

104 var e = document.createElement('script');	104 var e = document.createElement('script');

105 e.src = generateURL("defer-append-async");	105 e.src = generateURL("defer-append-async");

106 e.async = true;	106 e.async = true;

107 e.onload = t.step_func(function () {	107 e.onload = t.step_func(function () {

108 // Delay the check until after the postMessage has a chance to exe cute.	108 // Delay the check until after the postMessage has a chance to exe cute.

109 setTimeout(t.step_func_done(function () {	109 setTimeout(t.step_func_done(function () {

110 assert_true(loaded[generateURL("defer-append-async")]);	110 assert_true(loaded[generateURL("defer-append-async")]);

111 assert_equals(blocked[generateURL("defer-append-async")], undefi ned);	111 assert_equals(blocked[generateURL("defer-append-async")], undefi ned);

112 }, 1));	112 }), 1);

113 });	113 });

114 e.onerror = t.unreached_func("Error should not be triggered.");	114 e.onerror = t.unreached_func("Error should not be triggered.");

115 document.body.appendChild(e);	115 document.body.appendChild(e);

116 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'.");	116 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'.");

117	117

118 async_test(function (t) {	118 async_test(function (t) {

119 var e = document.createElement('script');	119 var e = document.createElement('script');

120 e.src = generateURL("defer-append-defer");	120 e.src = generateURL("defer-append-defer");

121 e.defer = true;	121 e.defer = true;

122 e.onload = t.step_func(function () {	122 e.onload = t.step_func(function () {

123 // Delay the check until after the postMessage has a chance to exe cute.	123 // Delay the check until after the postMessage has a chance to exe cute.

124 setTimeout(t.step_func_done(function () {	124 setTimeout(t.step_func_done(function () {

125 assert_true(loaded[generateURL("defer-append-defer")]);	125 assert_true(loaded[generateURL("defer-append-defer")]);

126 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned);	126 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned);

127 }, 1));	127 }), 1);

128 });	128 });

129 e.onerror = t.unreached_func("Error should not be triggered.");	129 e.onerror = t.unreached_func("Error should not be triggered.");

130 document.body.appendChild(e);	130 document.body.appendChild(e);

131 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'.");	131 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'.");

132	132

133 async_test(function (t) {	133 async_test(function (t) {

134 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");	134 document.write("<scr" + "ipt src='" + generateURL("defer-write") + "'> </scr" + "ipt>");

135 setTimeout(t.step_func_done(function () {	135 setTimeout(t.step_func_done(function () {

136 assert_equals(loaded[generateURL("defer-write")], undefined);	136 assert_equals(loaded[generateURL("defer-write")], undefined);

137 assert_true(blocked[134]);	137 assert_true(blocked[134]);

138 }, 1));	138 }), 1);

139 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'.");	139 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'.");

140	140

141 async_test(function (t) {	141 async_test(function (t) {

142 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>");	142 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>");

143 setTimeout(t.step_func_done(function () {	143 setTimeout(t.step_func_done(function () {

144 assert_equals(loaded[generateURL("write-defer")], undefined);	144 assert_equals(loaded[generateURL("defer-write-defer")], undefined);

145 assert_true(blocked[142]);	145 assert_true(blocked[142]);

146 }, 1));	146 }), 1);

147 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'.");	147 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'.");

148	148

149 async_test(function (t) {	149 async_test(function (t) {

150 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>");	150 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>");

151 setTimeout(t.step_func_done(function () {	151 setTimeout(t.step_func_done(function () {

152 assert_equals(loaded[generateURL("defer-write-async")], undefined);	152 assert_equals(loaded[generateURL("defer-write-async")], undefined);

153 assert_true(blocked[150]);	153 assert_true(blocked[150]);

154 }, 1));	154 }), 1);

155 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'.");	155 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'.");

156 </script>	156 </script>

157 </body>	157 </body>

158 </html>	158 </html>

OLD	NEW