| Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html
|
| index 6b441c29313069069f3a646b4a1d4ff848206f77..954d50708aebb9ded12406c3ee390f28cdb6851e 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html
|
| @@ -4,48 +4,26 @@
|
| <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcdefg' 'strict-dynamic' http://localhost:8000">
|
| <script src="/resources/testharness.js" nonce="abcdefg"></script>
|
| <script src="/resources/testharnessreport.js" nonce="abcdefg"></script>
|
| + <script src="../resources/securitypolicyviolation-helper.js" nonce="abcdefg"></script>
|
| </head>
|
| <body>
|
| - <script nonce="abcdefg">
|
| - function generateURL(type) {
|
| - return 'http://localhost:8000/security/contentSecurityPolicy/resources/loaded.js?' + type;
|
| - }
|
| -
|
| - var loaded = {};
|
| - var blocked = {};
|
| - window.addEventListener("message", function (e) {
|
| - loaded[e.data] = true;
|
| - });
|
| - document.addEventListener("securitypolicyviolation", function (e) {
|
| - blocked[e.lineNumber] = true;
|
| - });
|
| - </script>
|
| <!-- Need to individually wrap test cases in script blocks. Violation reports triggered by document.write() calls while the parser is waiting on blocking scipts are missing line numbers. See: https://crbug.com/649085. -->
|
| <script nonce="abcdefg">
|
| async_test(function (t) {
|
| + assert_script_failed(t, generateURL("write"), 14);
|
| document.write("<scr" + "ipt src='" + generateURL("write") + "'></scr" + "ipt>");
|
| - setTimeout(t.step_func_done(function () {
|
| - assert_equals(loaded[generateURL("write")], undefined);
|
| - assert_true(blocked[26]);
|
| - }), 1);
|
| }, "Script injected via 'document.write' is not allowed with 'strict-dynamic', even if whitelisted.");
|
| </script>
|
| <script nonce="abcdefg">
|
| async_test(function (t) {
|
| + assert_script_failed(t, generateURL("write-defer"), 20);
|
| document.write("<scr" + "ipt defer src='" + generateURL("write-defer") + "'></scr" + "ipt>");
|
| - setTimeout(t.step_func_done(function () {
|
| - assert_equals(loaded[generateURL("write-defer")], undefined);
|
| - assert_true(blocked[35]);
|
| - }), 1);
|
| }, "Deferred script injected via 'document.write' is not allowed with 'strict-dynamic', even if whitelisted.");
|
| </script>
|
| <script nonce="abcdefg">
|
| async_test(function (t) {
|
| + assert_script_failed(t, generateURL("write-async"), 26);
|
| document.write("<scr" + "ipt async src='" + generateURL("write-async") + "'></scr" + "ipt>");
|
| - setTimeout(t.step_func_done(function () {
|
| - assert_equals(loaded[generateURL("write-async")], undefined);
|
| - assert_true(blocked[44]);
|
| - }), 1);
|
| }, "Async script injected via 'document.write' is not allowed with 'strict-dynamic', even if whitelisted.");
|
| </script>
|
| </body>
|
|
|
Chromium Code Reviews
Issue 2421473004:
CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
