зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1510140 [wpt PR 14247] - Revert "Inherit the navigation initiator when navigating instead of the parent/opener", a=testonly
Automatic update from web-platform-tests Revert "Inherit the navigation initiator when navigating instead of the parent/opener" This reverts commit 108147dfd1ea159fd3632ef92ccc4ab8952980c7. Reason for revert: FindIt suggests a 74% chance that this is the cause of the following issues: https://ci.chromium.org/buildbot/chromium.webkit/WebKit%20Linux%20Trusty%20Leak/26833 Original change's description: > Inherit the navigation initiator when navigating instead of the parent/opener > > Spec PR: https://github.com/w3c/webappsec-csp/pull/358 > > Bug: 905301, 894228, 836148 > Change-Id: I43ada2266d42d1cd56dbe3c6dd89d115e878a83a > Reviewed-on: https://chromium-review.googlesource.com/c/1314633 > Commit-Queue: Andy Paicu <andypaicu@chromium.org> > Reviewed-by: Mike West <mkwst@chromium.org> > Cr-Commit-Position: refs/heads/master@{#610850} TBR=mkwst@chromium.org,andypaicu@chromium.org Change-Id: If3ccf72cf8a4285926429f2855f32c1b0c606c5b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 905301, 894228, 836148 Reviewed-on: https://chromium-review.googlesource.com/c/1351285 Reviewed-by: Mounir Lamouri <mlamouri@chromium.org> Commit-Queue: Mounir Lamouri <mlamouri@chromium.org> Cr-Commit-Position: refs/heads/master@{#610930} -- wpt-commits: 681b7a2bad0235ee25ca7b8be843da515348ad2b wpt-pr: 14247 --HG-- rename : testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html => testing/web-platform/tests/content-security-policy/inheritance/blob-url-self-navigate-inherits.sub.html
This commit is contained in:
Mounir Lamouri
James Graham
Родитель
cd09d173b0
Коммит
6acce7788c
|
|
@ -1,17 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<script nonce="abc" src="/resources/testharness.js"></script>
|
||||
<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<!-- This tests that navigating a main window to a local scheme preserves the current CSP.
|
||||
We need to test this in a main window with no parent/opener so we use
|
||||
a link with target=_blank and rel=noopener. -->
|
||||
<body>
|
||||
<iframe src="support/navigate-self-to-blob.html?csp=script-src%20%27nonce-abc%27&report_id={{$id:uuid()}}"></iframe>
|
||||
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27&reportID={{$id}}'></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<script nonce="abc" src="/resources/testharness.js"></script>
|
||||
<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script nonce='abc'>
|
||||
var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
|
||||
var blob = new Blob([blob_string], {type : 'text/html'});
|
||||
var url = URL.createObjectURL(blob);
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = url;
|
||||
i.sandbox = "allow-scripts";
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Pragma: no-cache
|
||||
Set-Cookie: sandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
|
||||
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<script nonce="abc" src="/resources/testharness.js"></script>
|
||||
<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script nonce='abc'>
|
||||
var url = "data:text/html,<script>alert(document.domain)<\/scr"+"ipt>";
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = url;
|
||||
i.sandbox = "allow-scripts";
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Pragma: no-cache
|
||||
Set-Cookie: sandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
|
||||
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<script nonce="abc" src="/resources/testharness.js"></script>
|
||||
<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script nonce='abc'>
|
||||
var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
|
||||
var blob = new Blob([blob_string], {type : 'text/html'});
|
||||
var url = URL.createObjectURL(blob);
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = url;
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Pragma: no-cache
|
||||
Set-Cookie: unsandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
|
||||
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<script nonce="abc" src="/resources/testharness.js"></script>
|
||||
<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script nonce='abc'>
|
||||
var url = "data:text/html,<script>alert(document.domain)<\/scri"+"pt>";
|
||||
|
||||
var i = document.createElement('iframe');
|
||||
i.src = url;
|
||||
document.body.appendChild(i);
|
||||
</script>
|
||||
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Expires: Mon, 26 Jul 1997 05:00:00 GMT
|
||||
Cache-Control: no-store, no-cache, must-revalidate
|
||||
Pragma: no-cache
|
||||
Set-Cookie: unsandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
|
||||
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
|
||||
Загрузка…
Ссылка в новой задаче