third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html - Issue 2401573003: CSP: Fix 'strict-dynamic' with multiple policies.

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html

Issue 2401573003: CSP: Fix 'strict-dynamic' with multiple policies. (Closed)

Patch Set: Tests compile. Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-multiple-allowed.php » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html

deleted file mode 100644

index 6b441c29313069069f3a646b4a1d4ff848206f77..0000000000000000000000000000000000000000

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-whitelist.html

+++ /dev/null

@@ -1,52 +0,0 @@

-<!DOCTYPE html>

-<html>

-<head>

- <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdefg' 'strict-dynamic' http://localhost:8000">

- <script src="/resources/testharness.js" nonce="abcdefg"></script>

- <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>

-</head>

-<body>

- <script nonce="abcdefg">

- function generateURL(type) {

- return 'http://localhost:8000/security/contentSecurityPolicy/resources/loaded.js?' + type;

- }

- var loaded = {};

- var blocked = {};

- window.addEventListener("message", function (e) {

- loaded[e.data] = true;

- });

- document.addEventListener("securitypolicyviolation", function (e) {

- blocked[e.lineNumber] = true;

- });

- </script>

-

- <script nonce="abcdefg">

- async_test(function (t) {

- document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");

- setTimeout(t.step_func_done(function () {

- assert_equals(loaded[generateURL("write")], undefined);

- assert_true(blocked[26]);

- }), 1);

- }, "Script injected via 'document.write' is not allowed with 'strict-dynamic', even if whitelisted.");

- </script>

- <script nonce="abcdefg">

- async_test(function (t) {

- document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");

- setTimeout(t.step_func_done(function () {

- assert_equals(loaded[generateURL("write-defer")], undefined);

- assert_true(blocked[35]);

- }), 1);

- }, "Deferred script injected via 'document.write' is not allowed with 'strict-dynamic', even if whitelisted.");

- </script>

- <script nonce="abcdefg">

- async_test(function (t) {

- document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");

- setTimeout(t.step_func_done(function () {

- assert_equals(loaded[generateURL("write-async")], undefined);

- assert_true(blocked[44]);

- }), 1);

- }, "Async script injected via 'document.write' is not allowed with 'strict-dynamic', even if whitelisted.");

- </script>

-</body>

-</html>