зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1509401 [wpt PR 14192] - Add javascript navigations interop tests, a=testonly
Automatic update from web-platform-tests Add javascript navigations interop tests https://github.com/w3c/webappsec-csp/issues/322 raises an interop issue It appears the issue itself has been fixed since but I've added these tests regardless to ensure there is no regression. Bug: 694525 Change-Id: Icb5502e228b3a96c176cbe23d5b4ce9c5c8640ab Reviewed-on: https://chromium-review.googlesource.com/c/1348054 Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611643} -- wpt-commits: a82d43808d79ecd0074a4623fd69e3a7bb16c188 wpt-pr: 14192
This commit is contained in:
Родитель
101ba2b530
Коммит
7a5a177c56
|
@ -0,0 +1,2 @@
|
|||
<meta http-equiv="Content-Security-Policy" content="{{GET[csp]}}">
|
||||
CHILD FRAME
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE html>
|
||||
<head>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<iframe src="support/frame-with-csp.sub.html?csp=script-src%20%27self%27"></iframe>
|
||||
<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
|
||||
<script>
|
||||
var t = async_test("Should have executed the javascript url");
|
||||
window.onmessage = t.step_func(function(e) {
|
||||
if (e.data == "executed")
|
||||
t.done();
|
||||
});
|
||||
window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have raised a violation event"));
|
||||
document.getElementById('special_div').click();
|
||||
</script>
|
||||
</body>
|
|
@ -0,0 +1,22 @@
|
|||
<!DOCTYPE html>
|
||||
<head>
|
||||
<meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-abc'">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<iframe src="support/frame-with-csp.sub.html"></iframe>
|
||||
<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
|
||||
<script nonce='abc'>
|
||||
var t = async_test("Should not have executed the javascript url");
|
||||
window.onmessage = t.step_func(function(e) {
|
||||
if (e.data == "executed")
|
||||
assert_true(false, "Javascript url executed");
|
||||
});
|
||||
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
|
||||
assert_equals(e.blockedURI, 'inline');
|
||||
assert_equals(e.violatedDirective, 'script-src-attr');
|
||||
}));
|
||||
document.getElementById('special_div').click();
|
||||
</script>
|
||||
</body>
|
Загрузка…
Ссылка в новой задаче