OLD | NEW |
1 <?php | 1 <?php |
2 header("Content-Security-Policy: style-src 'nonce-abc'"); | 2 header("Content-Security-Policy: style-src 'nonce-abc'"); |
3 header("Content-Security-Policy-Report-Only: style-src 'nonce-xyz'"); | 3 header("Content-Security-Policy-Report-Only: style-src 'nonce-xyz'"); |
4 ?> | 4 ?> |
5 <!doctype html> | 5 <!doctype html> |
6 <script src="/resources/testharness.js"></script> | 6 <script src="/resources/testharness.js"></script> |
7 <script src="/resources/testharnessreport.js"></script> | 7 <script src="/resources/testharnessreport.js"></script> |
8 <script> | 8 <script> |
9 async_test(t => { | 9 async_test(t => { |
10 var watcher = new EventWatcher(t, document, ['securitypolicyviolation','
securitypolicyviolation', 'securitypolicyviolation']); | 10 var watcher = new EventWatcher(t, document, ['securitypolicyviolation','
securitypolicyviolation', 'securitypolicyviolation']); |
11 watcher | 11 watcher |
12 .wait_for('securitypolicyviolation') | 12 .wait_for('securitypolicyviolation') |
13 .then(t.step_func(e => { | 13 .then(t.step_func(e => { |
14 assert_equals(e.blockedURI, "inline"); | 14 assert_equals(e.blockedURI, "inline"); |
15 assert_equals(e.lineNumber, 29); | 15 assert_equals(e.lineNumber, 25); |
16 return watcher.wait_for('securitypolicyviolation'); | 16 return watcher.wait_for('securitypolicyviolation'); |
17 })) | 17 })) |
18 .then(t.step_func(e => { | 18 .then(t.step_func(e => { |
19 assert_equals(e.blockedURI, "inline"); | 19 assert_equals(e.blockedURI, "inline"); |
20 assert_equals(e.lineNumber, 29); | 20 assert_equals(e.lineNumber, 25); |
21 return watcher.wait_for('securitypolicyviolation'); | 21 return watcher.wait_for('securitypolicyviolation'); |
22 })) | 22 })) |
23 .then(t.step_func_done(e => { | 23 .then(t.step_func_done(e => { |
24 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont
entSecurityPolicy/style-set-red.css"); | 24 assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/cont
entSecurityPolicy/style-set-red.css"); |
25 assert_equals(e.lineNumber, 30); | 25 assert_equals(e.lineNumber, 30); |
26 })); | 26 })); |
27 }, "Incorrectly nonced style blocks generate reports."); | 27 }, "Incorrectly nonced style blocks generate reports."); |
28 </script> | 28 </script> |
29 <style> | 29 <style> |
30 #test1 { | 30 #test1 { |
31 color: rgba(1,1,1,1); | 31 color: rgba(1,1,1,1); |
32 } | 32 } |
33 </style> | 33 </style> |
34 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css"
nonce="xyz"> | 34 <link rel="stylesheet" href="/security/contentSecurityPolicy/style-set-red.css"
nonce="xyz"> |
35 <script> | 35 <script> |
36 async_test(t => { | 36 async_test(t => { |
37 window.onload = t.step_func_done(_ => { | 37 window.onload = t.step_func_done(_ => { |
38 assert_equals(document.styleSheets.length, 1); | 38 assert_equals(document.styleSheets.length, 1); |
39 assert_equals(document.styleSheets[0].rules.length, 0); | 39 assert_equals(document.styleSheets[0].rules.length, 0); |
40 }); | 40 }); |
41 }, "Incorrectly nonced stylesheets do not load."); | 41 }, "Incorrectly nonced stylesheets do not load."); |
42 </script> | 42 </script> |
OLD | NEW |