Bug 1312680 - Test that require-sri-for blocks style loads via @import r=francois

MozReview-Commit-ID: A8DPWH2S3sD

dom/security/test/sri/iframe_csp_directive_style_imports.html

@@ -0,0 +1,6 @@
+<!-- file should be loaded (text is blue), but subsequent files shouldn't (text is red)  -->
+<link rel="stylesheet" href="style_importing.css"
+            integrity="sha384-m5Q2GOhAtLrdiv6rCmxY3GjEFMVInALcdTyDnEddUUiDH2uQvJSX5GSJYQiatpTK"
+            onload="parent.postMessage('finish', '*');"
+            onerror="parent.postMessage('finish', '*');">
+<p id="text-for-import-test">blue text</p>

dom/security/test/sri/iframe_csp_directive_style_imports.html^headers^

@@ -0,0 +1 @@
+content-security-policy: require-sri-for script style

dom/security/test/sri/mochitest.ini

@@ -1,6 +1,8 @@
 [DEFAULT]
 support-files =
   file_bug_1271796.css
+  iframe_csp_directive_style_imports.html
+  iframe_csp_directive_style_imports.html^headers^
   iframe_require-sri-for_main.html
   iframe_require-sri-for_main.html^headers^
   iframe_require-sri-for_no_csp.html
@@ -41,6 +43,8 @@ support-files =
   style6.css^headers^
   style_301.css
   style_301.css^headers^
+  style_importing.css
+  style_imported.css
 
 [test_script_sameorigin.html]
 [test_script_crossdomain.html]
@@ -50,3 +54,4 @@ support-files =
 [test_require-sri-for_csp_directive.html]
 [test_require-sri-for_csp_directive_disabled.html]
 [test_bug_1271796.html]
+[test_csp_directive_style_imports.html]

dom/security/test/sri/style_imported.css

@@ -0,0 +1,6 @@
+#text-for-import-test {
+  color: red;
+}
+#text-for-import-test::before {
+  content: 'Test failed';
+}

dom/security/test/sri/style_importing.css

@@ -0,0 +1,4 @@
+/* neither of them should load. trying multiple cases*/
+@import url("style_imported.css");
+@import 'style_imported.css';
+#text-for-import-test { color: blue; }

dom/security/test/sri/test_csp_directive_style_imports.html

@@ -0,0 +1,42 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test for SRI require-sri-for CSP directive</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1265318">Mozilla Bug 1265318</a><br>
+<iframe style="width:200px;height:200px;" id="test_frame"></iframe><br>
+</body>
+<script type="application/javascript">
+  var finished = 0;
+  SpecialPowers.setBoolPref("security.csp.experimentalEnabled", true);
+  SimpleTest.waitForExplicitFinish();
+  function handler(event) {
+    console.log(event);
+    switch (event.data) {
+      case 'finish':
+        // need finish message from iframe_require-sri-for_main onload event and
+        // from iframe_require-sri-for_no_csp, which spawns a Worker
+        var importText = frame.contentDocument.getElementById('text-for-import-test');
+        var importColor = frame.contentWindow.getComputedStyle(importText, null).getPropertyValue('color');
+        ok(importColor == 'rgb(0, 0, 255)', "The import should not work without integrity. The text is now red, but should not.");
+        removeEventListener('message', handler);
+        SimpleTest.finish();
+        break;
+      default:
+        ok(false, 'Something is wrong here');
+        break;
+    }
+  }
+  addEventListener("message", handler);
+  // This frame has a CSP that requires SRI
+  var frame = document.getElementById("test_frame");
+  frame.src = "iframe_csp_directive_style_imports.html";
+</script>
+</html>