Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigation/to-javascript-url.html

Issue 2695813009: Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db (Closed)
Patch Set: Skip some tests Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/meta/meta-modified.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/object-src/object-src-2_1.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <!DOCTYPE html>
2 <script src="/resources/testharness.js"></script>
3 <script src="/resources/testharnessreport.js"></script>
4
5 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc'">
6
7 <body>
8
9 <script nonce="abc">
10 function assert_csp_event_for_element(test, element) {
11 assert_equals(typeof SecurityPolicyViolationEvent, "function", "These tests require 'SecurityPolicyViolationEvent'.");
12 document.addEventListener("securitypolicyviolation", test.step_func(e => {
13 if (e.target != element)
14 return;
15 assert_equals(e.blockedURI, "inline");
16 assert_equals(e.effectiveDirective, "script-src");
17 assert_equals(element.contentDocument.body.innerText, "", "Ensure that 'Fa il' doesn't appear in the child document.");
18 element.remove();
19 test.done();
20 }));
21 }
22
23 function navigate_to_javascript_onload(test, iframe) {
24 iframe.addEventListener("load", test.step_func(e => {
25 assert_equals(typeof SecurityPolicyViolationEvent, "function");
26 iframe.contentDocument.addEventListener(
27 "securitypolicyviolation",
28 test.unreached_func("The CSP event should be fired in the embedding docu ment, not in the embedee.")
29 );
30
31 iframe.src = "javascript:'Fail.'";
32 }));
33 }
34
35 async_test(t => {
36 var i = document.createElement("iframe");
37 i.src = "javascript:'Fail.'";
38
39 assert_csp_event_for_element(t, i);
40
41 document.body.appendChild(i);
42 }, "<iframe src='javascript:'> blocked without 'unsafe-inline'.");
43
44 async_test(t => {
45 var i = document.createElement("iframe");
46
47 assert_csp_event_for_element(t, i);
48 navigate_to_javascript_onload(t, i);
49
50 document.body.appendChild(i);
51 }, "<iframe> navigated to 'javascript:' blocked without 'unsafe-inline'.");
52
53 async_test(t => {
54 var i = document.createElement("iframe");
55 i.src = "../support/echo-policy.py?policy=" + encodeURIComponent("script-src 'unsafe-inline'");
56
57 assert_csp_event_for_element(t, i);
58 navigate_to_javascript_onload(t, i);
59
60 document.body.appendChild(i);
61 }, "<iframe src='...'> with 'unsafe-inline' navigated to 'javascript:' blocked in this document");
62
63 async_test(t => {
64 var i = document.createElement("iframe");
65 i.src = "../support/echo-policy.py?policy=" + encodeURIComponent("script-src 'none'");
66
67 assert_csp_event_for_element(t, i);
68 navigate_to_javascript_onload(t, i);
69
70 document.body.appendChild(i);
71 }, "<iframe src='...'> without 'unsafe-inline' navigated to 'javascript:' bloc ked in this document.");
72 </script>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/meta/meta-modified.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/object-src/object-src-2_1.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698