third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html - Issue 2695813009: Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html

Issue 2695813009: Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db (Closed)

Patch Set: Skip some tests Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashed_attributes.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 <!DOCTYPE html>

	2 <html>

	3 <head>

	4 <title>Embedded Enforcement: Subsumption Algorithm - 'unsafe-eval' keyword.</tit le>

	5 <script src="/resources/testharness.js"></script>

	6 <script src="/resources/testharnessreport.js"></script>

	7 <script src="support/testharness-helper.sub.js"></script>

	8 </head>

	9 <body>

	10 <script>

	11 var tests = [

	12 { "name": "'unsafe-eval' is properly subsumed.",

	13 "required_csp": "style-src http://example1.com/foo/ 'self' 'unsafe-hashe d-attributes' 'strict-dynamic' 'unsafe-eval'",

	14 "returned_csp_1": "style-src http://example1.com/foo/bar.html 'unsafe-ev al'",

	15 "expected": IframeLoad.EXPECT_LOAD },

	16 { "name": "No other keyword has the same effect as 'unsafe-eval'.",

	17 "required_csp": "style-src http://example1.com/foo/ 'self' 'unsafe-eval' ",

	18 "returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-inline'",

	19 "expected": IframeLoad.EXPECT_BLOCK },

	20 { "name": "Other expressions have to be subsumed.",

	21 "required_csp": "style-src http://example1.com/foo/ 'self' 'unsafe-eval' ",

	22 "returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-inline' 'u nsafe-eval'",

	23 "expected": IframeLoad.EXPECT_BLOCK },

	24 { "name": "Effective policy is properly found.",

	25 "required_csp": "style-src http://example1.com/foo/ 'self' 'unsafe-eval '",

	26 "returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-hashed-att ributes' 'unsafe-eval'",

	27 "returned_csp_2": "style-src http://example1.com/foo/ 'self' 'unsafe-eva l'",

	28 "expected": IframeLoad.EXPECT_LOAD },

	29 { "name": "Required csp must allow 'unsafe-eval'.",

	30 "required_csp": "style-src http://example1.com/foo/ 'self'",

	31 "returned_csp_1": "style-src http://example1.com/foo/ 'self' 'unsafe-ev al'",

	32 "expected": IframeLoad.EXPECT_BLOCK },

	33 { "name": "Effective policy is properly found where 'unsafe-eval' is not s ubsumed.",

	34 "required_csp": "style-src http://example1.com/foo/ 'self'",

	35 "returned_csp_1": "style-src 'unsafe-hashed-attributes' 'unsafe-eval'",

	36 "returned_csp_2": "style-src 'unsafe-eval' 'unsafe-inline'",

	37 "expected": IframeLoad.EXPECT_BLOCK },

	38 { "name": "Effective policy is properly found where 'unsafe-eval' is not p art of it.",

	39 "required_csp": "style-src http://example1.com/foo/ 'self'",

	40 "returned_csp_1": "style-src 'unsafe-hashed-attributes' 'self'",

	41 "returned_csp_2": "style-src 'unsafe-eval' 'self'",

	42 "expected": IframeLoad.EXPECT_LOAD },

	43 ];

	44 tests.forEach(test => {

	45 async_test(t => {

	46 var url = generateUrlWithPolicies(Host.CROSS_ORIGIN, test.returned_csp_1 );

	47 if (test.returned_csp_2)

	48 url.searchParams.append("policy2", test.returned_csp_2);

	49 assert_iframe_with_csp(t, url, test.required_csp, test.expected, test.na me, null);

	50 }, test.name);

	51 });

	52 </script>

	53 </body>

	54 </html>

OLD	NEW