Chromium Code Reviews Chromium Code Reviews
Issue 2436003002:
CSP: Add 'script-sample' to violation reports. (Closed)
| OLD | NEW |
|---|---|
| 1 <!doctype html> | 1 <!doctype html> |
| 2 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc'; styl e-src 'self'"> | 2 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc'; styl e-src 'self'"> |
| 3 <script nonce="abc" src="/resources/testharness.js"></script> | 3 <script nonce="abc" src="/resources/testharness.js"></script> |
| 4 <script nonce="abc" src="/resources/testharnessreport.js"></script> | 4 <script nonce="abc" src="/resources/testharnessreport.js"></script> |
| 5 <script nonce="abc"> | 5 <script nonce="abc"> |
| 6 var unexecuted_test = async_test("These tests should not fail."); | 6 var unexecuted_test = async_test("These tests should not fail."); |
| 7 | 7 |
| 8 async_test(t => { | 8 async_test(t => { |
| 9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation']) | 9 var watcher = new EventWatcher(t, document, ['securitypolicyviolation']) |
| 10 watcher.wait_for('securitypolicyviolation') | 10 watcher.wait_for('securitypolicyviolation') |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 47 })) | 47 })) |
| 48 .then(t.step_func(e => { | 48 .then(t.step_func(e => { |
| 49 assert_equals(e.blockedURI, "inline"); | 49 assert_equals(e.blockedURI, "inline"); |
| 50 assert_equals(e.lineNumber, 157); | 50 assert_equals(e.lineNumber, 157); |
| 51 assert_equals(e.target, document, "Elements in DocumentFragments target the document"); | 51 assert_equals(e.target, document, "Elements in DocumentFragments target the document"); |
| 52 })) | 52 })) |
| 53 .then(t.step_func_done(_ => { | 53 .then(t.step_func_done(_ => { |
| 54 unexecuted_test.done(); | 54 unexecuted_test.done(); |
| 55 })); | 55 })); |
| 56 }, "Inline violations target the right element."); | 56 }, "Inline violations target the right element."); |
| 57 | |
|
Mike West
2017/02/22 15:06:36
Moved this over from //http/tests because it was b
| |
| 57 </script> | 58 </script> |
| 58 <!-- Inline block with no nonce. --> | 59 <!-- Inline block with no nonce. --> |
| 59 <script id="block1"> | 60 <script id="block1"> |
| 60 unexecuted_test.assert_unreached("This code block should not execute."); | 61 unexecuted_test.assert_unreached("This code block should not execute."); |
| 61 </script> | 62 </script> |
| 62 | 63 |
| 63 <!-- Inline event handler. --> | 64 <!-- Inline event handler. --> |
| 64 <a id="block2" onclick="void(0)">Click me!</a> | 65 <a id="block2" onclick="void(0)">Click me!</a> |
| 65 <script nonce='abc'>document.querySelector('#block2').click();</script> | 66 <script nonce='abc'>document.querySelector('#block2').click();</script> |
| 66 | 67 |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 150 async_test(t => { | 151 async_test(t => { |
| 151 var f = new DocumentFragment(); | 152 var f = new DocumentFragment(); |
| 152 var d = document.createElement('div'); | 153 var d = document.createElement('div'); |
| 153 d.setAttribute('onclick', 'void(0)'); | 154 d.setAttribute('onclick', 'void(0)'); |
| 154 d.addEventListener('securitypolicyviolation', t.unreached_func()); | 155 d.addEventListener('securitypolicyviolation', t.unreached_func()); |
| 155 f.appendChild(d); | 156 f.appendChild(d); |
| 156 d.click(); | 157 d.click(); |
| 157 t.done(); | 158 t.done(); |
| 158 }, "Inline event handlers for elements in a DocumentFragment target the docume nt."); | 159 }, "Inline event handlers for elements in a DocumentFragment target the docume nt."); |
| 159 </script> | 160 </script> |
| OLD | NEW |
