зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1037335 - Add a pref to enable only within Nightly and Early Beta. r=ckerschb,smaug
MozReview-Commit-ID: Bi82dHm53qX --HG-- extra : rebase_source : 61a7c517afb2759d672a1c486213a73ef505a324 extra : amend_source : 572a2c8613fe36ae1ebd613a361bb23acc019912
This commit is contained in:
Chung-Sheng Fu
Родитель
0eba47ddc8
Коммит
63739feac3
|
|
@ -273,6 +273,7 @@ NS_IMPL_ISUPPORTS_CI(nsCSPContext,
|
|||
nsISerializable)
|
||||
|
||||
int32_t nsCSPContext::sScriptSampleMaxLength;
|
||||
bool nsCSPContext::sViolationEventsEnabled = false;
|
||||
|
||||
nsCSPContext::nsCSPContext()
|
||||
: mInnerWindowID(0)
|
||||
|
|
@ -285,6 +286,8 @@ nsCSPContext::nsCSPContext()
|
|||
Preferences::AddIntVarCache(&sScriptSampleMaxLength,
|
||||
"security.csp.reporting.script-sample.max-length",
|
||||
40);
|
||||
Preferences::AddBoolVarCache(&sViolationEventsEnabled,
|
||||
"security.csp.enable_violation_events");
|
||||
sInitialized = true;
|
||||
}
|
||||
|
||||
|
|
@ -1137,6 +1140,10 @@ nsresult
|
|||
nsCSPContext::FireViolationEvent(
|
||||
const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit)
|
||||
{
|
||||
if (!sViolationEventsEnabled) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIDocument> doc = do_QueryReferent(mLoadingContext);
|
||||
if (!doc) {
|
||||
return NS_OK;
|
||||
|
|
|
|||
|
|
@ -144,6 +144,8 @@ class nsCSPContext : public nsIContentSecurityPolicy
|
|||
return std::max(sScriptSampleMaxLength, 0);
|
||||
}
|
||||
|
||||
static bool sViolationEventsEnabled;
|
||||
|
||||
nsString mReferrer;
|
||||
uint64_t mInnerWindowID; // used for web console logging
|
||||
nsTArray<nsCSPPolicy*> mPolicies;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,11 @@
|
|||
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
SpecialPowers.pushPrefEnv({
|
||||
set: [
|
||||
["security.csp.enable_violation_events", true]
|
||||
]
|
||||
});
|
||||
document.addEventListener("securitypolicyviolation", (e) => {
|
||||
SimpleTest.is(e.blockedURI, "http://mochi.test:8888/foo/bar.jpg", "blockedURI");
|
||||
SimpleTest.todo_is(e.violatedDirective, "img-src", "violatedDirective")
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ enum SecurityPolicyViolationEventDisposition
|
|||
"enforce", "report"
|
||||
};
|
||||
|
||||
[Constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict)]
|
||||
[Constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict),
|
||||
Pref="security.csp.enable_violation_events"]
|
||||
interface SecurityPolicyViolationEvent : Event
|
||||
{
|
||||
readonly attribute DOMString documentURI;
|
||||
|
|
|
|||
|
|
@ -2532,6 +2532,11 @@ pref("security.notification_enable_delay", 500);
|
|||
pref("security.csp.enable", true);
|
||||
pref("security.csp.experimentalEnabled", false);
|
||||
pref("security.csp.enableStrictDynamic", true);
|
||||
#ifdef EARLY_BETA_OR_EARLIER
|
||||
pref("security.csp.enable_violation_events", true);
|
||||
#else
|
||||
pref("security.csp.enable_violation_events", false);
|
||||
#endif
|
||||
|
||||
// Default Content Security Policy to apply to signed contents.
|
||||
pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'");
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[base-uri_iframe_sandbox.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
expected: ERROR
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[report-uri-does-not-respect-base-uri.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[child-src-worker-blocked.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should throw a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[connect-src-xmlhttprequest-blocked.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[XHR should fire onerror.]
|
||||
expected: TIMEOUT
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[font-stylesheet-font-blocked.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test font does not load if it does not match font-src.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[generic-0_1-img-src.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[generic-0_1-script-src.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[generic-0_10_1.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[generic-0_2_2.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[generic-0_2_3.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[generic-0_8_1.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[media-src-7_1_2.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation events are fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[media-src-7_2_2.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation events are fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[media-src-7_3_2.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation events are fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[media-src-blocked.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation events are fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[to-javascript-url-script-src.html]
|
||||
type: testharness
|
||||
expected: TIMEOUT
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[<iframe src='javascript:'> blocked without 'unsafe-inline'.]
|
||||
expected: TIMEOUT
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[reporting-api-report-only-sends-reports-on-violation.https.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[reporting-api-report-to-overrides-report-uri-1.https.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[reporting-api-report-to-overrides-report-uri-2.https.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[reporting-api-sends-reports-on-violation.https.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[securitypolicyviolation-idl.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[SecurityPolicyViolationEvent IDL Tests]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[javascript-window-open-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Check that a securitypolicyviolation event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script-src-1_1.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should not fire policy violation events]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script-src-1_10.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
type: testharness
|
||||
disabled:
|
||||
if os == "win": bug 1172411
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should not fire policy violation events]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
type: testharness
|
||||
disabled:
|
||||
if os == "win": bug 1094323
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-1_4.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[eval() should throw without 'unsafe-eval' keyword source in script-src directive.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
type: testharness
|
||||
disabled:
|
||||
if os == "win": bug 1094323
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that securitypolicyviolation event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-1_4_2.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Unsafe eval ran in Function() constructor.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-report-only-policy-works-with-external-hash-policy.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[External script in a script tag with matching SRI hash should run.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-report-only-policy-works-with-hash-policy.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that the securitypolicyviolation event is fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-strict_dynamic_discard_whitelist.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Whitelisted script without a correct nonce is not allowed with `strict-dynamic`.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-strict_dynamic_double_policy_different_nonce.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script-src-strict_dynamic_double_policy_report_only.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Script injected via `appendChild` is allowed with `strict-dynamic` + Report-Only `script-src \'none\'` policy.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script-src-strict_dynamic_hashes.html]
|
||||
type: testharness
|
||||
expected: ERROR
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-strict_dynamic_javascript_uri.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Script injected via `javascript:` URIs are not allowed with `strict-dynamic`.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[All the expected CSP violation reports have been fired.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[script-src-strict_dynamic_parser_inserted.html]
|
||||
type: testharness
|
||||
expected: TIMEOUT
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Parser-inserted script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[scripthash-unicode-normalization.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[scriptnonce-and-scripthash.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"\]]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[scriptnonce-ignore-unsafeinline.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Expecting alerts: ["PASS (1/2)","PASS (2/2)", "violated-directive=script-src"\]]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[blockeduri-inline.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Inline violations have a blockedURI of 'inline']
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
[idl.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
[img-src-redirect-upgrade-reporting.https.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[securitypolicyviolation-block-cross-origin-image.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[securitypolicyviolation-block-image-from-script.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[securitypolicyviolation-block-image.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Non-redirected same-origin URLs are not stripped.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
[targeting.html]
|
||||
type: testharness
|
||||
prefs: [dom.webcomponents.enabled:true]
|
||||
prefs: [dom.webcomponents.enabled:true, security.csp.enable_violation_events:true]
|
||||
expected: TIMEOUT
|
||||
[These tests should not fail.]
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[inline-style-allowed-while-cloning-objects.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that violation report event was fired]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-hash-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-injected-inline-style-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-injected-stylesheet-blocked.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-inline-style-attribute-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-inline-style-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[style-src-inline-style-nonce-blocked-error-event.html]
|
||||
type: testharness
|
||||
expected: TIMEOUT
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-inline-style-nonce-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-none-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[style-src-stylesheet-nonce-blocked.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[stylehash-basic-blocked.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Expecting alerts: ["PASS: The 'p' element's text is green, which means the style was correctly applied.", "violated-directive=style-src"\]]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[stylenonce-allowed.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[stylenonce-blocked.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
[object-in-svg-foreignobject.sub.html]
|
||||
type: testharness
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should throw a securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[svg-inline.sub.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Should fire violation event]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script_event_handlers_allowed.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that the inline event handler is allowed to run]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script_event_handlers_denied_matching_hash_no_unsafe_inline_attribute.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that the inline event handler is not allowed to run]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[script_event_handlers_denied_not_matching_hash.html]
|
||||
prefs: [security.csp.enable_violation_events:true]
|
||||
[Test that the inline event handler is not allowed to run]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче