Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html

Issue 2395313002: Revert of Make ResourceFetcher return Resources with LoadError instead of nullptrs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-blocked.php ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'"> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdef g' 'strict-dynamic'">
5 <script src="/resources/testharness.js" nonce="abcdefg"></script> 5 <script src="/resources/testharness.js" nonce="abcdefg"></script>
6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script> 6 <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>
7 </head> 7 </head>
8 <body> 8 <body>
9 <script nonce="abcdefg"> 9 <script nonce="abcdefg">
10 function generateURL(type) { 10 function generateURL(type) {
11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type; 11 return 'http://localhost:8000/security/contentSecurityPolicy/resources /loaded.js?' + type;
12 } 12 }
13 13
14 var loaded = {}; 14 var loaded = {};
15 var blocked = {}; 15 var blocked = {};
16 window.addEventListener("message", function (e) { 16 window.addEventListener("message", function (e) {
17 loaded[e.data] = true; 17 loaded[e.data] = true;
18 }); 18 });
19 document.addEventListener("securitypolicyviolation", function (e) { 19 document.addEventListener("securitypolicyviolation", function (e) {
20 blocked[e.lineNumber] = true; 20 blocked[e.lineNumber] = true;
21 }); 21 });
22 </script> 22
23 <!-- Need to individually wrap test cases in script blocks. Violation report s triggered by document.write() calls while the parser is waiting on blocking sc ipts are missing line numbers. See: https://crbug.com/649085. -->
24 <script nonce="abcdefg">
25 async_test(function (t) { 23 async_test(function (t) {
26 var e = document.createElement('script'); 24 var e = document.createElement('script');
27 e.src = generateURL("append"); 25 e.src = generateURL("append");
28 e.onload = t.step_func(function () { 26 e.onload = t.step_func(function () {
29 // Delay the check until after the postMessage has a chance to exe cute. 27 // Delay the check until after the postMessage has a chance to exe cute.
30 setTimeout(t.step_func_done(function () { 28 setTimeout(t.step_func_done(function () {
31 assert_true(loaded[generateURL("append")]); 29 assert_true(loaded[generateURL("append")]);
32 }), 1); 30 }), 1);
33 }); 31 });
34 e.onerror = t.unreached_func("Error should not be triggered."); 32 e.onerror = t.unreached_func("Error should not be triggered.");
35 document.body.appendChild(e); 33 document.body.appendChild(e);
36 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." ); 34 }, "Script injected via 'appendChild' is allowed with 'strict-dynamic'." );
37 </script> 35
38 <script nonce="abcdefg">
39 async_test(function (t) { 36 async_test(function (t) {
40 var e = document.createElement('script'); 37 var e = document.createElement('script');
41 e.src = generateURL("append-async"); 38 e.src = generateURL("append-async");
42 e.async = true; 39 e.async = true;
43 e.onload = t.step_func(function () { 40 e.onload = t.step_func(function () {
44 // Delay the check until after the postMessage has a chance to exe cute. 41 // Delay the check until after the postMessage has a chance to exe cute.
45 setTimeout(t.step_func_done(function () { 42 setTimeout(t.step_func_done(function () {
46 assert_true(loaded[generateURL("append-async")]); 43 assert_true(loaded[generateURL("append-async")]);
47 }), 1); 44 }), 1);
48 }); 45 });
49 e.onerror = t.unreached_func("Error should not be triggered."); 46 e.onerror = t.unreached_func("Error should not be triggered.");
50 document.body.appendChild(e); 47 document.body.appendChild(e);
51 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'."); 48 }, "Async script injected via 'appendChild' is allowed with 'strict-dyna mic'.");
52 </script> 49
53 <script nonce="abcdefg">
54 async_test(function (t) { 50 async_test(function (t) {
55 var e = document.createElement('script'); 51 var e = document.createElement('script');
56 e.src = generateURL("append-defer"); 52 e.src = generateURL("append-defer");
57 e.defer = true; 53 e.defer = true;
58 e.onload = t.step_func(function () { 54 e.onload = t.step_func(function () {
59 // Delay the check until after the postMessage has a chance to exe cute. 55 // Delay the check until after the postMessage has a chance to exe cute.
60 setTimeout(t.step_func_done(function () { 56 setTimeout(t.step_func_done(function () {
61 assert_true(loaded[generateURL("append-defer")]); 57 assert_true(loaded[generateURL("append-defer")]);
62 }), 1); 58 }), 1);
63 }); 59 });
64 e.onerror = t.unreached_func("Error should not be triggered."); 60 e.onerror = t.unreached_func("Error should not be triggered.");
65 document.body.appendChild(e); 61 document.body.appendChild(e);
66 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'."); 62 }, "Deferred script injected via 'appendChild' is allowed with 'strict-d ynamic'.");
67 </script> 63
68 <script nonce="abcdefg">
69 async_test(function (t) { 64 async_test(function (t) {
70 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>"); 65 document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
71 setTimeout(t.step_func_done(function () { 66 setTimeout(t.step_func_done(function () {
72 assert_equals(loaded[generateURL("write")], undefined); 67 assert_equals(loaded[generateURL("write")], undefined);
73 assert_true(blocked[70]); 68 assert_true(blocked[65]);
74 }), 1); 69 }), 1);
75 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'."); 70 }, "Script injected via 'document.write' is not allowed with 'strict-dyn amic'.");
76 </script> 71
77 <script nonce="abcdefg">
78 async_test(function (t) { 72 async_test(function (t) {
79 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>"); 73 document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");
80 setTimeout(t.step_func_done(function () { 74 setTimeout(t.step_func_done(function () {
81 assert_equals(loaded[generateURL("write-defer")], undefined); 75 assert_equals(loaded[generateURL("write-defer")], undefined);
82 assert_true(blocked[79]); 76 assert_true(blocked[73]);
83 }), 1); 77 }), 1);
84 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'."); 78 }, "Deferred script injected via 'document.write' is not allowed with 's trict-dynamic'.");
85 </script> 79
86 <script nonce="abcdefg">
87 async_test(function (t) { 80 async_test(function (t) {
88 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>"); 81 document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");
89 setTimeout(t.step_func_done(function () { 82 setTimeout(t.step_func_done(function () {
90 assert_equals(loaded[generateURL("write-async")], undefined); 83 assert_equals(loaded[generateURL("write-async")], undefined);
91 assert_true(blocked[88]); 84 assert_true(blocked[81]);
92 }), 1); 85 }), 1);
93 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'."); 86 }, "Async script injected via 'document.write' is not allowed with 'stri ct-dynamic'.");
94 </script> 87 </script>
95 <script nonce="abcdefg" defer> 88 <script nonce="abcdefg" defer>
96 async_test(function (t) { 89 async_test(function (t) {
97 var e = document.createElement('script'); 90 var e = document.createElement('script');
98 e.src = generateURL("defer-append"); 91 e.src = generateURL("defer-append");
99 e.onload = t.step_func(function () { 92 e.onload = t.step_func(function () {
100 // Delay the check until after the postMessage has a chance to exe cute. 93 // Delay the check until after the postMessage has a chance to exe cute.
101 setTimeout(t.step_func_done(function () { 94 setTimeout(t.step_func_done(function () {
102 assert_true(loaded[generateURL("defer-append")]); 95 assert_true(loaded[generateURL("defer-append")]);
103 assert_equals(blocked[generateURL("defer-append")], undefined); 96 assert_equals(blocked[generateURL("defer-append")], undefined);
104 }), 1); 97 }), 1);
105 }); 98 });
106 e.onerror = t.unreached_func("Error should not be triggered."); 99 e.onerror = t.unreached_func("Error should not be triggered.");
107 document.body.appendChild(e); 100 document.body.appendChild(e);
108 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'."); 101 }, "Script injected via deferred 'appendChild' is allowed with 'strict-d ynamic'.");
109 </script> 102
110 <script nonce="abcdefg" defer>
111 async_test(function (t) { 103 async_test(function (t) {
112 var e = document.createElement('script'); 104 var e = document.createElement('script');
113 e.src = generateURL("defer-append-async"); 105 e.src = generateURL("defer-append-async");
114 e.async = true; 106 e.async = true;
115 e.onload = t.step_func(function () { 107 e.onload = t.step_func(function () {
116 // Delay the check until after the postMessage has a chance to exe cute. 108 // Delay the check until after the postMessage has a chance to exe cute.
117 setTimeout(t.step_func_done(function () { 109 setTimeout(t.step_func_done(function () {
118 assert_true(loaded[generateURL("defer-append-async")]); 110 assert_true(loaded[generateURL("defer-append-async")]);
119 assert_equals(blocked[generateURL("defer-append-async")], undefi ned); 111 assert_equals(blocked[generateURL("defer-append-async")], undefi ned);
120 }), 1); 112 }), 1);
121 }); 113 });
122 e.onerror = t.unreached_func("Error should not be triggered."); 114 e.onerror = t.unreached_func("Error should not be triggered.");
123 document.body.appendChild(e); 115 document.body.appendChild(e);
124 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'."); 116 }, "Async script injected via deferred 'appendChild' is allowed with 'st rict-dynamic'.");
125 </script> 117
126 <script nonce="abcdefg" defer>
127 async_test(function (t) { 118 async_test(function (t) {
128 var e = document.createElement('script'); 119 var e = document.createElement('script');
129 e.src = generateURL("defer-append-defer"); 120 e.src = generateURL("defer-append-defer");
130 e.defer = true; 121 e.defer = true;
131 e.onload = t.step_func(function () { 122 e.onload = t.step_func(function () {
132 // Delay the check until after the postMessage has a chance to exe cute. 123 // Delay the check until after the postMessage has a chance to exe cute.
133 setTimeout(t.step_func_done(function () { 124 setTimeout(t.step_func_done(function () {
134 assert_true(loaded[generateURL("defer-append-defer")]); 125 assert_true(loaded[generateURL("defer-append-defer")]);
135 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned); 126 assert_equals(blocked[generateURL("defer-append-defer")], undefi ned);
136 }), 1); 127 }), 1);
137 }); 128 });
138 e.onerror = t.unreached_func("Error should not be triggered."); 129 e.onerror = t.unreached_func("Error should not be triggered.");
139 document.body.appendChild(e); 130 document.body.appendChild(e);
140 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'."); 131 }, "Deferred script injected via deferred 'appendChild' is allowed with 'strict-dynamic'.");
141 </script> 132
142 <script nonce="abcdefg" defer>
143 async_test(function (t) { 133 async_test(function (t) {
144 document.write("<scr" + "ipt src='" + generateURL("defer-write") + "'> </scr" + "ipt>"); 134 document.write("<scr" + "ipt src='" + generateURL("defer-write") + "'> </scr" + "ipt>");
145 setTimeout(t.step_func_done(function () { 135 setTimeout(t.step_func_done(function () {
146 assert_equals(loaded[generateURL("defer-write")], undefined); 136 assert_equals(loaded[generateURL("defer-write")], undefined);
147 assert_true(blocked[144]); 137 assert_true(blocked[134]);
148 }), 1); 138 }), 1);
149 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'."); 139 }, "Script injected via deferred 'document.write' is not allowed with 's trict-dynamic'.");
150 </script> 140
151 <script nonce="abcdefg" defer>
152 async_test(function (t) { 141 async_test(function (t) {
153 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>"); 142 document.write("<scr" + "ipt defer src='" + generateURL("defer-write-d efer") + "'></scr" + "ipt>");
154 setTimeout(t.step_func_done(function () { 143 setTimeout(t.step_func_done(function () {
155 assert_equals(loaded[generateURL("defer-write-defer")], undefined); 144 assert_equals(loaded[generateURL("defer-write-defer")], undefined);
156 assert_true(blocked[153]); 145 assert_true(blocked[142]);
157 }), 1); 146 }), 1);
158 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'."); 147 }, "Deferred script injected via deferred 'document.write' is not allowe d with 'strict-dynamic'.");
159 </script> 148
160 <script nonce="abcdefg" defer>
161 async_test(function (t) { 149 async_test(function (t) {
162 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>"); 150 document.write("<scr" + "ipt async src='" + generateURL("defer-write-a sync") + "'></scr" + "ipt>");
163 setTimeout(t.step_func_done(function () { 151 setTimeout(t.step_func_done(function () {
164 assert_equals(loaded[generateURL("defer-write-async")], undefined); 152 assert_equals(loaded[generateURL("defer-write-async")], undefined);
165 assert_true(blocked[162]); 153 assert_true(blocked[150]);
166 }), 1); 154 }), 1);
167 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'."); 155 }, "Async script injected via deferred 'document.write' is not allowed w ith 'strict-dynamic'.");
168 </script> 156 </script>
169 </body> 157 </body>
170 </html> 158 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-style-blocked.php ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698