Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(376)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html

Issue 2695813009: Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db (Closed)
Patch Set: Skip some tests Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.headers ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.headers » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <!DOCTYPE HTML>
2 <html>
3
4 <head>
5 <title>Whitelists in a separate policy are honored with `strict-dynamic` in the script-src directive.</title>
6 <script src='/resources/testharness.js' nonce='dummy'></script>
7 <script src='/resources/testharnessreport.js' nonce='dummy'></script>
8
9 <!-- CSP served:
10 1) Content-Security-Policy: script-src 'strict-dynamic' 'nonce-dummy'
11 2) Content-Security-Policy: script-src 'self' 'nonce-dummy'
12 -->
13 </head>
14
15 <body>
16 <h1>Whitelists in a separate policy are honored with `strict-dynamic` in the script-src directive.</h1>
17 <div id='log'></div>
18
19 <script nonce='dummy'>
20 async_test(function(t) {
21 window.addEventListener('message', t.step_func(function(e) {
22 if (e.data === 'whitelisted-appendChild') {
23 t.done();
24 }
25 }));
26 window.addEventListener('securitypolicyviolation', t.step_func(funct ion(violation) {
27 if (violation.blockedURI.split('?')[1] !== 'whitelisted-appendCh ild') {
28 return;
29 }
30 assert_unreached('Script injected via `appendChild` is allowed w ith `strict-dynamic` + a nonce+whitelist double policy.');
31 }));
32
33 var e = document.createElement('script');
34 e.id = 'whitelisted-appendChild';
35 e.src = 'simpleSourcedScript.js?' + e.id;
36 e.onerror = t.unreached_func('Error should not be triggered.');
37 document.body.appendChild(e);
38 }, 'Script injected via `appendChild` is allowed with `strict-dynamic` + a nonce+whitelist double policy.');
39 </script>
40
41 <script nonce='dummy'>
42 async_test(function(t) {
43 window.addEventListener('securitypolicyviolation', t.step_func(funct ion(violation) {
44 if (violation.blockedURI.split('?')[1] !== 'nonWhitelisted-appen dChild') {
45 return;
46 }
47 assert_equals(violation.effectiveDirective, 'script-src');
48 assert_equals(violation.originalPolicy, "script-src 'self' 'nonc e-dummy'");
49 t.done();
50 }));
51
52 var e = document.createElement('script');
53 e.id = 'nonWhitelisted-appendChild';
54 e.src = '{{location[scheme]}}://{{domains[www2]}}:{{ports[http][0]}} /nonexisting.js?' + e.id;
55 e.onload = t.unreached_func('OnLoad should not be triggered.');
56 document.body.appendChild(e);
57 }, 'Non-whitelisted script injected via `appendChild` is not allowed wit h `strict-dynamic` + a nonce+whitelist double policy.');
58 </script>
59 </body>
60
61 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.headers ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.headers » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698