| Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-multiple-allowed.php
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-multiple-allowed.php
|
| similarity index 95%
|
| copy from third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html
|
| copy to third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-multiple-allowed.php
|
| index 81e21f8cf22a96402c805693d45bb722962b413a..8d404973baa644f474dc63d442c93e3a04499b8d 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic.html
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-multiple-allowed.php
|
| @@ -1,7 +1,9 @@
|
| +<?php
|
| + header("Content-Security-Policy: script-src 'nonce-abcdefg' 'strict-dynamic', script-src * 'unsafe-inline'");
|
| +?>
|
| <!DOCTYPE html>
|
| <html>
|
| <head>
|
| - <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdefg' 'strict-dynamic'">
|
| <script src="/resources/testharness.js" nonce="abcdefg"></script>
|
| <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>
|
| </head>
|
| @@ -70,7 +72,7 @@
|
| document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
|
| setTimeout(t.step_func_done(function () {
|
| assert_equals(loaded[generateURL("write")], undefined);
|
| - assert_true(blocked[70]);
|
| + assert_true(blocked[69]);
|
| }), 1);
|
| }, "Script injected via 'document.write' is not allowed with 'strict-dynamic'.");
|
| </script>
|
| @@ -79,7 +81,7 @@
|
| document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");
|
| setTimeout(t.step_func_done(function () {
|
| assert_equals(loaded[generateURL("write-defer")], undefined);
|
| - assert_true(blocked[79]);
|
| + assert_true(blocked[78]);
|
| }), 1);
|
| }, "Deferred script injected via 'document.write' is not allowed with 'strict-dynamic'.");
|
| </script>
|
| @@ -88,7 +90,7 @@
|
| document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");
|
| setTimeout(t.step_func_done(function () {
|
| assert_equals(loaded[generateURL("write-async")], undefined);
|
| - assert_true(blocked[88]);
|
| + assert_true(blocked[87]);
|
| }), 1);
|
| }, "Async script injected via 'document.write' is not allowed with 'strict-dynamic'.");
|
| </script>
|
| @@ -144,7 +146,7 @@
|
| document.write("<scr" + "ipt src='" + generateURL("defer-write") + "'></scr" + "ipt>");
|
| setTimeout(t.step_func_done(function () {
|
| assert_equals(loaded[generateURL("defer-write")], undefined);
|
| - assert_true(blocked[144]);
|
| + assert_true(blocked[143]);
|
| }), 1);
|
| }, "Script injected via deferred 'document.write' is not allowed with 'strict-dynamic'.");
|
| </script>
|
| @@ -153,7 +155,7 @@
|
| document.write("<scr" + "ipt defer src='" + generateURL("defer-write-defer") + "'></scr" + "ipt>");
|
| setTimeout(t.step_func_done(function () {
|
| assert_equals(loaded[generateURL("defer-write-defer")], undefined);
|
| - assert_true(blocked[153]);
|
| + assert_true(blocked[152]);
|
| }), 1);
|
| }, "Deferred script injected via deferred 'document.write' is not allowed with 'strict-dynamic'.");
|
| </script>
|
| @@ -162,7 +164,7 @@
|
| document.write("<scr" + "ipt async src='" + generateURL("defer-write-async") + "'></scr" + "ipt>");
|
| setTimeout(t.step_func_done(function () {
|
| assert_equals(loaded[generateURL("defer-write-async")], undefined);
|
| - assert_true(blocked[162]);
|
| + assert_true(blocked[161]);
|
| }), 1);
|
| }, "Async script injected via deferred 'document.write' is not allowed with 'strict-dynamic'.");
|
| </script>
|
|
|
Chromium Code Reviews
Issue 2401573003:
CSP: Fix 'strict-dynamic' with multiple policies. (Closed)
