third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php - Issue 2421473004: CSP: Fire 'SecurityPolicyViolation' on the offending element.

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php

Issue 2421473004: CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)

Patch Set: Test. Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-handler-blocked.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicyviolation-helper.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php

index 11ce01d80a5ff74ec745f2fb1ebc26f46cc5c81e..da20db81f7ae5ae85979bc3b31a35128b832a70a 100644

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php

+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-enforce-blocked.php

@@ -5,87 +5,65 @@

- async_test(t => {

- var watcher = new EventWatcher(t, document, ['securitypolicyviolation', 'securitypolicyviolation','securitypolicyviolation', 'securitypolicyviolation','securitypolicyviolation','securitypolicyviolation', 'securitypolicyviolation', 'securitypolicyviolation']);

- watcher

- .wait_for('securitypolicyviolation')

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "inline");

- assert_equals(e.lineNumber, 58);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "inline");

- assert_equals(e.lineNumber, 61);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "inline");

- assert_equals(e.lineNumber, 64);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "inline");

- assert_equals(e.lineNumber, 67);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "inline");

- assert_equals(e.lineNumber, 70);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "https://evil.example.test/yay1.js");

- assert_equals(e.lineNumber, 0);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "https://evil.example.test/yay2.js");

- assert_equals(e.lineNumber, 0);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func(e => {

- assert_equals(e.blockedURI, "https://evil.example.test/yay3.js");

- assert_equals(e.lineNumber, 0);

- return watcher.wait_for('securitypolicyviolation');

- }))

- .then(t.step_func_done(e => {

- assert_equals(e.blockedURI, "https://evil.example.test/yay4.js");

- assert_equals(e.lineNumber, 0);

- }));

- }, "Unnonced script blocks generate reports.");

+ var t = async_test("Unnonced scripts generate reports.");

+ var events = 0;

+ var expectations = {

+ 37: true,

+ 40: true,

+ 43: true,

+ 46: true,

+ 49: true,

+ "https://evil.example.test/yay1.js": true,

+ "https://evil.example.test/yay2.js": true,

+ "https://evil.example.test/yay3.js": true,

+ "https://evil.example.test/yay4.js": true

+ };

+ document.addEventListener('securitypolicyviolation', t.step_func(e => {

+ if (e.lineNumber) {

+ // Verify that the line is expected, then clear the expectation:

+ assert_true(expectations[e.lineNumber]);

+ expectations[e.lineNumber] = false;

+ assert_equals(e.blockedURI, "inline");

+ } else {

+ // Otherwise, verify that the URL is expected, then clear the expectation:

+ assert_true(expectations[e.blockedURI]);

+ expectations[e.blockedURI] = false;

+ }

+ events++;console.log(events + " : " + e.lineNumber + " : " + e.blockedURI);

+ if (events == 9)

+ t.done();

+ }));

- var executed_test = async_test("Nonced script executes, and does not generate a violation report.");

var unexecuted_test = async_test("Blocks without correct nonce do not execute, and generate violation reports");

</script>