Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write.html

Issue 2657623005: WIP: Give developers an opt-in mechanism to block some parser-inserted scripts.
Patch Set: Refactor. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write-srcdoc.html » ('j') | third_party/WebKit/Source/core/dom/Document.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write.html
new file mode 100644
index 0000000000000000000000000000000000000000..ab43406067166fbebaa42a76ad67f20b594e9979
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html>
+<meta http-equiv="Content-Security-Policy" content="script-src 'disallow-all-the-parser-inserted-scripts-ever-except-for-the-ones-we-like' 'self' 'unsafe-inline'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+
+<!-- `document.write()` -->
+<script>
+ var documentWriteExecuted = false;
+ var documentWriteTest = async_test("script added via document.write() should not execute");
+ document.write('<script>documentWriteExecuted = true;</sc' + 'ript>');
+</script>
+<script>
+ documentWriteTest.step(_ => {
+ assert_false(documentWriteExecuted);
+ documentWriteTest.done();
+ });
+</script>
+
+<!-- `document.write();document.write()` -->
+<script>
+ var doubleDocumentWriteExecuted = 0;
+ var doubleDocumentWriteTest = async_test("script added via document.write() followed by document.write() should not execute");
+ document.write('<script>doubleDocumentWriteExecuted++;</sc' + 'ript>');
+ document.write('<script>doubleDocumentWriteExecuted++;</sc' + 'ript>');
+</script>
+<script>
+ doubleDocumentWriteTest.step(_ => {
+ assert_equals(doubleDocumentWriteExecuted, 0);
+ doubleDocumentWriteTest.done();
+ });
+</script>
+
+<!-- `document.write(document.write())` -->
+<script>
+ var nestedDocumentWriteExecuted = false;
+ var nestedDocumentWriteTest = async_test("script added via document.write() inside document.write() should not execute");
+ document.write("<script>document.write('<script>nestedDocumentWriteExecuted = true;</sc' + 'ript>');</sc" + "ript>");
+</script>
+<script>
+ nestedDocumentWriteTest.step(_ => {
+ assert_false(nestedDocumentWriteExecuted);
+ nestedDocumentWriteTest.done();
+ });
+</script>
+
+<!-- `document.writeln()` -->
+<script>
+ var documentWritelnExecuted = false;
+ var documentWritelnTest = async_test("script added via document.writeln() should not execute");
+ document.writeln('<script>documentWritelnExecuted = true;</sc' + 'ript>');
+</script>
+<script>
+ documentWritelnTest.step(_ => {
+ assert_false(documentWritelnExecuted);
+ documentWritelnTest.done();
+ });
+</script>
+
+<!-- `document.writeln();document.writeln()` -->
+<script>
+ var doubleDocumentWritelnExecuted = 0;
+ var doubleDocumentWritelnTest = async_test("script added via document.writeln() followed by document.writeln() should not execute");
+ document.writeln('<script>doubleDocumentWritelnExecuted++;</sc' + 'ript>');
+ document.writeln('<script>doubleDocumentWritelnExecuted++;</sc' + 'ript>');
+</script>
+<script>
+ doubleDocumentWritelnTest.step(_ => {
+ assert_equals(doubleDocumentWritelnExecuted, 0);
+ doubleDocumentWritelnTest.done();
+ });
+</script>
+
+<!-- `document.writeln(document.writeln())` -->
+<script>
+ var nestedDocumentWritelnExecuted = false;
+ var nestedDocumentWritelnTest = async_test("script added via document.writeln() inside document.writeln() should not execute");
+ document.writeln("<script>document.writeln('<script>nestedDocumentWritelnExecuted = true;</sc' + 'ript>');</sc" + "ript>");
+</script>
+<script>
+ nestedDocumentWritelnTest.step(_ => {
+ assert_false(nestedDocumentWritelnExecuted);
+ nestedDocumentWritelnTest.done();
+ });
+</script>
« no previous file with comments | « no previous file | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/parserInserted/document-write-srcdoc.html » ('j') | third_party/WebKit/Source/core/dom/Document.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698