Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(311)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce-expected.txt

Issue 705663003: CSP: Harden nonce parsing. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html ('k') | Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'n".
2
3 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce'. It will be ignored.
4 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce".
5
1 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-''. It will be ignored. 6 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-''. It will be ignored.
2 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce-'". 7 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce-'".
3 8
4 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored. 9 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored.
10 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce-".
11
12 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src nonce-abcd".
13
14 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored.
5 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: '''. It will be ignored. 15 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: '''. It will be ignored.
6 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce- '". 16 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce- '".
7 17
8 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored. 18 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored.
9 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: '''. It will be ignored. 19 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: '''. It will be ignored.
10 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce- '". 20 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce- '".
11 21
12 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored. 22 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: ''nonce-'. It will be ignored.
13 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: 'spaces''. It will be ignored. 23 CONSOLE ERROR: The source list for Content Security Policy directive 'script-src ' contains an invalid source: 'spaces''. It will be ignored.
14 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce- nonces have no spaces'". 24 CONSOLE ERROR: Refused to load the script 'http://127.0.0.1:8000/security/conten tSecurityPolicy/resources/script.js' because it violates the following Content S ecurity Policy directive: "script-src 'nonce- nonces have no spaces'".
(...skipping 30 matching lines...) Expand all
45 55
46 -------- 56 --------
47 Frame: '<!--framePath //<!--frame4-->-->' 57 Frame: '<!--framePath //<!--frame4-->-->'
48 -------- 58 --------
49 PASS 59 PASS
50 60
51 -------- 61 --------
52 Frame: '<!--framePath //<!--frame5-->-->' 62 Frame: '<!--framePath //<!--frame5-->-->'
53 -------- 63 --------
54 PASS 64 PASS
65
66 --------
67 Frame: '<!--framePath //<!--frame6-->-->'
68 --------
69 PASS
70
71 --------
72 Frame: '<!--framePath //<!--frame7-->-->'
73 --------
74 PASS
75
76 --------
77 Frame: '<!--framePath //<!--frame8-->-->'
78 --------
79 PASS
80
81 --------
82 Frame: '<!--framePath //<!--frame9-->-->'
83 --------
84 PASS
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html ('k') | Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698