OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <title>Embedded Enforcement: Subsumption Algorithm - Port parts in host source e
xpressions.</title> |
| 5 <script src="/resources/testharness.js"></script> |
| 6 <script src="/resources/testharnessreport.js"></script> |
| 7 <script src="support/testharness-helper.sub.js"></script> |
| 8 </head> |
| 9 <body> |
| 10 <script> |
| 11 var tests = [ |
| 12 { "name": "Specified ports must match.", |
| 13 "required_csp": "img-src http://c.com:* http://b.com:80", |
| 14 "returned_csp": "img-src http://b.com:36", |
| 15 "expected": IframeLoad.EXPECT_BLOCK }, |
| 16 { "name": "Returned CSP should be subsumed even if the port is not specifi
ed but is a default port for a scheme.", |
| 17 "required_csp": "img-src http://c.com:* http://b.com:80", |
| 18 "returned_csp": "img-src http://b.com", |
| 19 "expected": IframeLoad.EXPECT_LOAD }, |
| 20 { "name": "Returned CSP should be subsumed even if the port is not specifi
ed but is a default port for a more secure scheme.", |
| 21 "required_csp": "img-src http://c.com:* http://b.com:80", |
| 22 "returned_csp": "img-src https://b.com", |
| 23 "expected": IframeLoad.EXPECT_LOAD }, |
| 24 { "name": "The same should hold for `ws` case.", |
| 25 "required_csp": "img-src http://c.com:* ws://b.com:80", |
| 26 "returned_csp": "img-src wss://b.com", |
| 27 "expected": IframeLoad.EXPECT_LOAD }, |
| 28 { "name": "Unspecified ports must match if schemes match.", |
| 29 "required_csp": "img-src http://c.com:* http://b.com", |
| 30 "returned_csp": "img-src https://b.com", |
| 31 "expected": IframeLoad.EXPECT_LOAD }, |
| 32 { "name": "Returned CSP should be subsumed if the port is specified.", |
| 33 "required_csp": "img-src http://c.com:* http://b.com", |
| 34 "returned_csp": "img-src http://b.com:80", |
| 35 "expected": IframeLoad.EXPECT_LOAD }, |
| 36 { "name": "Returned CSP should be subsumed if the port is specified but th
e scheme is more secure.", |
| 37 "required_csp": "img-src http://c.com:* http://b.com", |
| 38 "returned_csp": "img-src https://b.com:443", |
| 39 "expected": IframeLoad.EXPECT_LOAD }, |
| 40 { "name": "Returned CSP should be subsumed if the port is specified but is
not default for a more secure scheme.", |
| 41 "required_csp": "img-src http://c.com:* http://b.com", |
| 42 "returned_csp": "img-src https://b.com:36", |
| 43 "expected": IframeLoad.EXPECT_BLOCK }, |
| 44 { "name": "Returned CSP should be subsumed if the ports match but schemes
are not identical.", |
| 45 "required_csp": "img-src http://c.com:* http://b.com:36", |
| 46 "returned_csp": "img-src https://b.com:36", |
| 47 "expected": IframeLoad.EXPECT_LOAD }, |
| 48 { "name": "Returned CSP should be subsumed if the ports match but schemes
are not identical for `ws`.", |
| 49 "required_csp": "img-src http://c.com:* ws://b.com:36", |
| 50 "returned_csp": "img-src wss://b.com:36", |
| 51 "expected": IframeLoad.EXPECT_LOAD }, |
| 52 { "name": "Wildcard port should match unspecified port.", |
| 53 "required_csp": "img-src http://c.com:* ws://b.com:*", |
| 54 "returned_csp": "img-src wss://b.com", |
| 55 "expected": IframeLoad.EXPECT_LOAD }, |
| 56 { "name": "Wildcard port should match any specific port.", |
| 57 "required_csp": "img-src http://c.com:* ws://b.com:*", |
| 58 "returned_csp": "img-src wss://b.com:36", |
| 59 "expected": IframeLoad.EXPECT_LOAD }, |
| 60 { "name": "Wildcard port should match a wildcard.", |
| 61 "required_csp": "img-src http://c.com:* ws://b.com:*", |
| 62 "returned_csp": "img-src wss://b.com:*", |
| 63 "expected": IframeLoad.EXPECT_LOAD }, |
| 64 { "name": "Wildcard port should not be subsumed by a default port.", |
| 65 "required_csp": "img-src http://c.com:* ws://b.com", |
| 66 "returned_csp": "img-src ws://b.com:*", |
| 67 "expected": IframeLoad.EXPECT_BLOCK }, |
| 68 { "name": "Wildcard port should not be subsumed by a spcified port.", |
| 69 "required_csp": "img-src http://c.com:* ws://b.com:80", |
| 70 "returned_csp": "img-src ws://b.com:*", |
| 71 "expected": IframeLoad.EXPECT_BLOCK }, |
| 72 ]; |
| 73 |
| 74 tests.forEach(test => { |
| 75 async_test(t => { |
| 76 var url = generateUrlWithPolicies(Host.CROSS_ORIGIN, test.returned_csp); |
| 77 assert_iframe_with_csp(t, url, test.required_csp, test.expected, test.na
me, null); |
| 78 }, test.name); |
| 79 }); |
| 80 </script> |
| 81 </body> |
| 82 </html> |
OLD | NEW |