third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html - Issue 2803943007: Un-skipped wpt csp child-src tests

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html

Issue 2803943007: Un-skipped wpt csp child-src tests (Closed)

Patch Set: Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-allowed.sub.html.sub.headers ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/child-src/child-src-worker-blocked.sub.html.sub.headers » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <!DOCTYPE html>	1 <!DOCTYPE html>

2 <html>	2 <html>

3	3

4 <head>	4 <head>

5 <title>child-src-worker-blocked</title>	5 <title>child-src-worker-blocked</title>

6 <script src="/resources/testharness.js"></script>	6 <script src="/resources/testharness.js"></script>

7 <script src="/resources/testharnessreport.js"></script>	7 <script src="/resources/testharnessreport.js"></script>

8 <script src="../support/logTest.sub.js?logs=[]"></script>	8 <meta http-equiv="Content-Security-Policy" content="child-src 'none'; script -src 'unsafe-inline'; connect-src 'self';">

9 <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script>

10 <!-- enforcing policy:

11 child-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';

12 -->

13

14 </head>	9 </head>

15	10

16 <body>	11 <body>

	12 <p> This test used to check the child-src csp controlling worker creation. T his behaviour has been deprecated but it's still supported

	13 until the transition is done. This still tests that behaviour but we nee d to go through extra hoops to make sure 'script-src'

	14 does not affect the result in any way (for instance by allowing 'self').

	15 </p>

17 <script>	16 <script>

	17 async_test(function(t) {

	18 document.addEventListener("securitypolicyviolation", t.step_func(functio n(e) {

	19 if (e.blockedURI != "{{location[scheme]}}://{{location[host]}}/content -security-policy/support/post-message.js")

	20 return;

	21

	22 assert_equals(e.violatedDirective, "worker-src");

	23 t.done();

	24 }));

	25 }, "Should throw a securitypolicyviolation event");

	26

	27 async_test(function(t) {

18 try {	28 try {

19 var foo = new Worker('http://{{host}}:{{ports[http][0]}}/content-sec urity-policy/blink-contrib/resources/post-message.js');	29 var foo = new Worker('{{location[scheme]}}://{{location[host]}}/conten t-security-policy/support/post-message.js');

20 » foo.onerror = function(event) {	30 foo.onerror = function(event) {

21 » » event.preventDefault();	31 event.preventDefault();

22 » » alert_assert("PASS");	32 t.done();

23 » }	33 }

24 foo.onmessage = function(event) {	34 foo.onmessage = function(event) {

25 alert_assert("FAIL");	35 assert_unreached("Should not be able to start worker");

26 };	36 };

27 } catch (e) {	37 } catch (e) {

28 alert_assert("PASS");	38 t.done();

29 }	39 }

30	40 }, "Should block worker because it does not match any directive including the deprecated 'child-src'");

31 </script>	41 </script>

32 <div id="log"></div>	42 <div id="log"></div>

33 <script async defer src="../support/checkReport.sub.js?reportExists=true&amp ;reportField=violated-directive&reportValue=child-src%20'none'"></ script>

34 </body>	43 </body>

35 </html>	44 </html>

OLD	NEW