Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db

third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js

Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js
new file mode 100644
index 0000000000000000000000000000000000000000..803dc06d5ea63531daedef71e38fa1e80fe66862
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js
@@ -0,0 +1,84 @@
+(function () {
+
+  // Get values from the substitution engine.
+  // We can't just pull these from the document context
+  // because this script is intended to be transcluded into
+  // another document, and we want the GET values used to request it,
+  // not the values for the including document
+
+  // XXX these are unencoded, so there's an unavoidable
+  // injection vulnerability in constructing this file...
+  // need to upgrade the template engine.
+  var reportField  = "{{GET[reportField]}}";
+  var reportValue  = "{{GET[reportValue]}}";
+  var reportExists = "{{GET[reportExists]}}";
+  var noCookies = "{{GET[noCookies]}}";
+
+  var location = window.location;
+  var thisTestName = location.pathname.split('/')[location.pathname.split('/').length - 1].split('.')[0];
+
+  var reportID = "";
+
+  var cookies = document.cookie.split(';');
+  for (var i = 0; i < cookies.length; i++) {
+    var cookieName = cookies[i].split('=')[0].trim();
+    var cookieValue = cookies[i].split('=')[1].trim();
+
+    if (cookieName == thisTestName) {
+      reportID = cookieValue;
+      var cookieToDelete = cookieName + "=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=" + document.location.pathname.substring(0, document.location.pathname.lastIndexOf('/') + 1);
+      document.cookie = cookieToDelete;
+      break;
+    }
+  }
+
+  var timeout = document.querySelector("meta[name=timeout][content=long]") ? 50 : 5;
+  var reportLocation = location.protocol + "//" + location.host + "/content-security-policy/support/report.py?op=take&timeout=" + timeout + "&reportID=" + reportID;
+
+  var reportTest = async_test("Violation report status OK.");
+  reportTest.step(function () {
+
+    var report = new XMLHttpRequest();
+    report.onload = reportTest.step_func(function () {
+
+        var data = JSON.parse(report.responseText);
+
+        if (data.error) {
+          assert_equals("false", reportExists, data.error);
+        } else {
+          if(reportExists != "" && reportExists == "false" && data["csp-report"]) {
+              assert_unreached("CSP report sent, but not expecting one: " + JSON.stringify(data["csp-report"]));
+          }
+          // Firefox expands 'self' or origins in a policy to the actual origin value
+          // so "www.example.com" becomes "http://www.example.com:80".
+          // Accomodate this by just testing that the correct directive name
+          // is reported, not the details...
+
+          if(data["csp-report"] != undefined && data["csp-report"][reportField] != undefined) {
+            assert_true(data["csp-report"][reportField].indexOf(reportValue.split(" ")[0]) != -1,
+                reportField + " value of  \"" + data["csp-report"][reportField] + "\" did not match " +
+                reportValue.split(" ")[0] + ".");
+          }
+        }
+
+        reportTest.done();
+    });
+
+    report.open("GET", reportLocation, true);
+    report.send();
+  });
+
+  if (noCookies) {
+      var cookieTest = async_test("No cookies sent with report.");
+      var cookieReport = new XMLHttpRequest();
+      cookieReport.onload = cookieTest.step_func(function () {
+          var data = JSON.parse(cookieReport.responseText);
+          assert_equals(data.reportCookies, "None");
+          cookieTest.done();
+      });
+      var cReportLocation = location.protocol + "//" + location.host + "/content-security-policy/support/report.py?op=cookies&timeout=" + timeout + "&reportID=" + reportID;
+      cookieReport.open("GET", cReportLocation, true);
+      cookieReport.send();
+  };
+
+})();