Bug 1312680 - Test that require-sri-for blocks style loads via @import r=francois

MozReview-Commit-ID: A8DPWH2S3sD
This commit is contained in:
Frederik Braun 2016-11-03 03:18:00 +01:00
Родитель 4f49c48da4
Коммит 579a6043ca
6 изменённых файлов: 64 добавлений и 0 удалений

Просмотреть файл

@ -0,0 +1,6 @@
<!-- file should be loaded (text is blue), but subsequent files shouldn't (text is red) -->
<link rel="stylesheet" href="style_importing.css"
integrity="sha384-m5Q2GOhAtLrdiv6rCmxY3GjEFMVInALcdTyDnEddUUiDH2uQvJSX5GSJYQiatpTK"
onload="parent.postMessage('finish', '*');"
onerror="parent.postMessage('finish', '*');">
<p id="text-for-import-test">blue text</p>

Просмотреть файл

@ -0,0 +1 @@
content-security-policy: require-sri-for script style

Просмотреть файл

@ -1,6 +1,8 @@
[DEFAULT]
support-files =
file_bug_1271796.css
iframe_csp_directive_style_imports.html
iframe_csp_directive_style_imports.html^headers^
iframe_require-sri-for_main.html
iframe_require-sri-for_main.html^headers^
iframe_require-sri-for_no_csp.html
@ -41,6 +43,8 @@ support-files =
style6.css^headers^
style_301.css
style_301.css^headers^
style_importing.css
style_imported.css
[test_script_sameorigin.html]
[test_script_crossdomain.html]
@ -50,3 +54,4 @@ support-files =
[test_require-sri-for_csp_directive.html]
[test_require-sri-for_csp_directive_disabled.html]
[test_bug_1271796.html]
[test_csp_directive_style_imports.html]

Просмотреть файл

@ -0,0 +1,6 @@
#text-for-import-test {
color: red;
}
#text-for-import-test::before {
content: 'Test failed';
}

Просмотреть файл

@ -0,0 +1,4 @@
/* neither of them should load. trying multiple cases*/
@import url("style_imported.css");
@import 'style_imported.css';
#text-for-import-test { color: blue; }

Просмотреть файл

@ -0,0 +1,42 @@
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<!DOCTYPE HTML>
<html>
<head>
<title>Test for SRI require-sri-for CSP directive</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1265318">Mozilla Bug 1265318</a><br>
<iframe style="width:200px;height:200px;" id="test_frame"></iframe><br>
</body>
<script type="application/javascript">
var finished = 0;
SpecialPowers.setBoolPref("security.csp.experimentalEnabled", true);
SimpleTest.waitForExplicitFinish();
function handler(event) {
console.log(event);
switch (event.data) {
case 'finish':
// need finish message from iframe_require-sri-for_main onload event and
// from iframe_require-sri-for_no_csp, which spawns a Worker
var importText = frame.contentDocument.getElementById('text-for-import-test');
var importColor = frame.contentWindow.getComputedStyle(importText, null).getPropertyValue('color');
ok(importColor == 'rgb(0, 0, 255)', "The import should not work without integrity. The text is now red, but should not.");
removeEventListener('message', handler);
SimpleTest.finish();
break;
default:
ok(false, 'Something is wrong here');
break;
}
}
addEventListener("message", handler);
// This frame has a CSP that requires SRI
var frame = document.getElementById("test_frame");
frame.src = "iframe_csp_directive_style_imports.html";
</script>
</html>