Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(51)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/targeting.html

Issue 2704543002: Import wpt@3bd204d7e86fd81e98e63f4ce59b95d98bad1c54 (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/idl.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/style-src/3_3.css » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/targeting.html
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/targeting.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/targeting.html
new file mode 100644
index 0000000000000000000000000000000000000000..36069a5959d11336882f1b2a3c8f13bf2b035184
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/targeting.html
@@ -0,0 +1,159 @@
+<!doctype html>
+<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc'; style-src 'self'">
+<script nonce="abc" src="/resources/testharness.js"></script>
+<script nonce="abc" src="/resources/testharnessreport.js"></script>
+<script nonce="abc">
+ var unexecuted_test = async_test("These tests should not fail.");
+
+ async_test(t => {
+ var watcher = new EventWatcher(t, document, ['securitypolicyviolation'])
+ watcher.wait_for('securitypolicyviolation')
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, document.querySelector('#block1'));
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, document.querySelector('#block2'));
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, document.querySelector('#block3'));
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, document.querySelector('#block4'));
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, document.querySelector('#block5'));
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.lineNumber, 132);
+ assert_equals(e.target, document, "Disconnected elements target the document");
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.lineNumber, 143);
+ assert_equals(e.target, document, "Elements disconnected after triggering target the document.");
+ return watcher.wait_for('securitypolicyviolation');
+ }))
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.lineNumber, 157);
+ assert_equals(e.target, document, "Elements in DocumentFragments target the document");
+ }))
+ .then(t.step_func_done(_ => {
+ unexecuted_test.done();
+ }));
+ }, "Inline violations target the right element.");
+</script>
+<!-- Inline block with no nonce. -->
+<script id="block1">
+ unexecuted_test.assert_unreached("This code block should not execute.");
+</script>
+
+<!-- Inline event handler. -->
+<a id="block2" onclick="void(0)">Click me!</a>
+<script nonce='abc'>document.querySelector('#block2').click();</script>
+
+<!-- Style block. -->
+<style id="block3">
+ p { color: red !important; }
+</style>
+
+<!-- Inline event handler inside Shadow DOM -->
+<div id="block4"></div>
+<script nonce='abc'>
+ async_test(t => {
+ var shadow = document.querySelector('#block4').attachShadow({"mode":"closed"});
+ shadow.innerHTML = "<a id='block4a' onclick='void(0)'>Click!</a>";
+ var a = shadow.querySelector('#block4a');
+ a.addEventListener('securitypolicyviolation', t.step_func_done(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, a);
+ }));
+ a.click();
+ }, "Correct targeting inside shadow tree (inline handler).");
+</script>
+
+<!-- Inline event handler inside Shadow DOM -->
+<div id="block5"></div>
+<script nonce='abc'>
+ async_test(t => {
+ var shadow = document.querySelector('#block5').attachShadow({"mode":"closed"});
+ var style = document.createElement('style');
+ style.innerText = 'p { color: red; }';
+ style.addEventListener('securitypolicyviolation', t.step_func_done(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, style);
+ }));
+ shadow.appendChild(style);
+ }, "Correct targeting inside shadow tree (style).");
+</script>
+
+<!-- Pushed into a same-origin Document that isn't this Document -->
+<iframe id="block6"></iframe>
+<script nonce="abc">
+ async_test(t => {
+ var d = document.createElement("div");
+ d.setAttribute("onclick", "void(0);");
+ var events = 0;
+ d.addEventListener('securitypolicyviolation', t.step_func(e => {
+ events++;
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, d);
+ }));
+ document.querySelector('#block6').contentDocument.addEventListener('securitypolicyviolation', t.step_func_done(e => {
+ events++;
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.target, d);
+ assert_equals(events, 2);
+ }));
+ document.querySelector('#block6').contentDocument.body.appendChild(d);
+ d.click();
+ }, "Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.");
+</script>
+
+<!-- Disconnected inline event handler -->
+<script nonce="abc">
+ async_test(t => {
+ var d = document.createElement("div");
+ d.setAttribute("onclick", "void(0);");
+ d.addEventListener('securitypolicyviolation', t.unreached_func());
+ d.click();
+ t.done();
+ }, "Inline event handlers for disconnected elements target the document.");
+</script>
+
+<!-- Inline event handler, disconnected after click. -->
+<a id="block8" onclick="void(0)">Click me also!</a>
+<script nonce="abc">
+ async_test(t => {
+ var a = document.querySelector('#block8');
+ a.addEventListener('securitypolicyviolation', t.unreached_func());
+ a.click();
+ a.parentNode.removeChild(a);
+ t.done();
+ }, "Inline event handlers for elements disconnected after triggering target the document.");
+</script>
+
+<!-- Disconnected in a DocumentFragment -->
+<script nonce="abc">
+ async_test(t => {
+ var f = new DocumentFragment();
+ var d = document.createElement('div');
+ d.setAttribute('onclick', 'void(0)');
+ d.addEventListener('securitypolicyviolation', t.unreached_func());
+ f.appendChild(d);
+ d.click();
+ t.done();
+ }, "Inline event handlers for elements in a DocumentFragment target the document.");
+</script>
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/idl.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/style-src/3_3.css » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698