Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-sri_hash.html |
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-sri_hash.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-sri_hash.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..b9541c7c4c55d332b1a31797ea70b4363843a6f9 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-sri_hash.html |
@@ -0,0 +1,52 @@ |
+<!DOCTYPE HTML> |
+<html> |
+ |
+<head> |
+ <title>External scripts with matching SRI hash should be allowed.</title> |
+ <script src='/resources/testharness.js' nonce='dummy'></script> |
+ <script src='/resources/testharnessreport.js' nonce='dummy'></script> |
+ |
+ <!-- CSP served: script-src 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' --> |
+</head> |
+ |
+<body> |
+ <h1>External scripts with matching SRI hash should be allowed.</h1> |
+ <div id='log'></div> |
+ |
+ <script nonce='dummy'> |
+ window.addEventListener('securitypolicyviolation', function(e) { |
+ assert_unreached('No CSP violation report has fired.'); |
+ }); |
+ |
+ var externalRan = false; |
+ </script> |
+ |
+ <script src='externalScript.js' |
+ integrity="sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0="></script> |
+ <script nonce='dummy'> |
+ test(function() { |
+ assert_true(externalRan, 'External script ran.'); |
+ }, 'External script in a script tag with matching SRI hash should run.'); |
+ </script> |
+ |
+ <script nonce='dummy'> |
+ externalRan = false; |
+ async_test(function(t) { |
+ var e = document.createElement('script'); |
+ e.id = 'appendChild'; |
+ e.src = 'externalScript.js'; |
+ e.setAttribute( |
+ 'integrity', |
+ 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0='); |
+ e.onload = t.step_func_done(function(e) { |
+ assert_true(externalRan, 'External script ran.'); |
+ }); |
+ e.onerror = t.unreached_func('Error should not be triggered.'); |
+ document.body.appendChild(e); |
+ |
+ }, "Dynamically-inserted external script with matching SRI hash should run."); |
+ </script> |
Mike West
2017/04/06 10:26:35
While I think this test doesn't actually run into
Marc Treib
2017/04/06 12:26:30
Thanks! With my (lack of) JS skills, it would've p
Marc Treib
2017/04/06 16:21:41
Done now, PTAL!
|
+ |
+</body> |
+ |
+</html> |