third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html - Issue 2530343006: CSP: "local schemes" should inherit policy when window.opened.

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html

Issue 2530343006: CSP: "local schemes" should inherit policy when window.opened. (Closed)

Patch Set: feedback Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy-window-open.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html

new file mode 100644

index 0000000000000000000000000000000000000000..feffa44093041d01889c2550ded3df7377c706e5

--- /dev/null

+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html

@@ -0,0 +1,55 @@

+<!DOCTYPE html>

+<html>

+<head>

+ <script src="/resources/testharness.js"></script>

+ <script src="/resources/testharnessreport.js"></script>

+ <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script>

+ <meta http-equiv="content-security-policy" content="img-src 'none'">

+</head>

+<body>

+<script>

+ // The filesystem test takes some nesting to setup:

+ setup({explicit_done: true});

+ async_test(t => {

+ assert_blocked_image_in_document(t, document, "http://example.test:8000/resources/square.png?img-in-top-level");

+ }, "Image loaded in top-level blocked.");

+ async_test(t => {

+ var w = window.open();

+ assert_blocked_image_in_document(t, w.document, "http://example.test:8000/resources/square.png?img-in-blank-window");

+ }, "Image loaded via about:blank window blocked.");

+ async_test(t => {

+ var b = new Blob([], {type: "text/html"});

+ var w = window.open(URL.createObjectURL(b));

+ w.onload = _ => {

+ assert_blocked_image_in_document(t, w.document, "http://example.test:8000/resources/square.png?img-in-blob-window");

+ };

+ }, "Image loaded via 'blob:' window blocked.");

+ async_test(t => {

+ window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => {

+ fs.root.getFile('worker.js', { create: true }, entry => {

+ entry.createWriter(w => {

+ w.onwriteend = _ => {

+ var w = window.open(entry.toURL());

+ w.onload = _ => {

+ assert_blocked_image_in_document(t, w.document, "http://example.test:8000/resources/square.png?img-in-filsystem-window");

+ };

+ // explicit_done: yay.

+ done();

+ };

+ w.onerror = t.unreached_func();

+ var b = new Blob([], {type: "text/html"});

+ w.write(b);

+ });

+ }, "Image loaded via 'filesystem:' window blocked.");

+</script>

+</body>

+</html>