Bug 1509401 [wpt PR 14192] - Add javascript navigations interop tests, a=testonly

Automatic update from web-platform-tests Add javascript navigations interop tests https://github.com/w3c/webappsec-csp/issues/322 raises an interop issue It appears the issue itself has been fixed since but I've added these tests regardless to ensure there is no regression. Bug: 694525 Change-Id: Icb5502e228b3a96c176cbe23d5b4ce9c5c8640ab Reviewed-on: https://chromium-review.googlesource.com/c/1348054 Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611643} -- wpt-commits: a82d43808d79ecd0074a4623fd69e3a7bb16c188 wpt-pr: 14192
2018-11-30 18:05:18 +00:00 · 2018-11-30 18:05:18 +00:00 · 7a5a177c56
--- a/testing/web-platform/tests/content-security-policy/navigation/support/frame-with-csp.sub.html
+++ b/testing/web-platform/tests/content-security-policy/navigation/support/frame-with-csp.sub.html
@ -0,0 +1,2 @@
+<meta http-equiv="Content-Security-Policy" content="{{GET[csp]}}">
+CHILD FRAME
--- a/testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html
+++ b/testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html
@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<iframe src="support/frame-with-csp.sub.html?csp=script-src%20%27self%27"></iframe>
+<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
+<script>
+  var t = async_test("Should have executed the javascript url");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "executed")
+      t.done();
+  });
+  window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have raised a violation event"));
+  document.getElementById('special_div').click();
+</script>
+</body>
--- a/testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
+++ b/testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<head>
+<meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-abc'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<iframe src="support/frame-with-csp.sub.html"></iframe>
+<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
+<script nonce='abc'>
+  var t = async_test("Should not have executed the javascript url");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "executed")
+      assert_true(false, "Javascript url executed");
+  });
+  window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
+    assert_equals(e.blockedURI, 'inline');
+    assert_equals(e.violatedDirective, 'script-src-attr');
+  }));
+  document.getElementById('special_div').click();
+</script>
+</body>