Bug 1117650 - Part 1 - Move all CSP tests into dom/security/test (r=sstamm)

--HG--
rename : dom/base/test/TestCSPParser.cpp => dom/security/test/TestCSPParser.cpp
rename : dom/base/test/csp/chrome.ini => dom/security/test/csp/chrome.ini
rename : dom/base/test/csp/file_CSP.css => dom/security/test/csp/file_CSP.css
rename : dom/base/test/csp/file_CSP.sjs => dom/security/test/csp/file_CSP.sjs
rename : dom/base/test/csp/file_csp_allow_https_schemes.html => dom/security/test/csp/file_allow_https_schemes.html
rename : dom/base/test/csp/file_base-uri.html => dom/security/test/csp/file_base-uri.html
rename : dom/base/test/csp/file_CSP_bug663567.xsl => dom/security/test/csp/file_bug663567.xsl
rename : dom/base/test/csp/file_CSP_bug663567_allows.xml => dom/security/test/csp/file_bug663567_allows.xml
rename : dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^ => dom/security/test/csp/file_bug663567_allows.xml^headers^
rename : dom/base/test/csp/file_CSP_bug663567_blocks.xml => dom/security/test/csp/file_bug663567_blocks.xml
rename : dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^ => dom/security/test/csp/file_bug663567_blocks.xml^headers^
rename : dom/base/test/csp/file_csp_bug768029.html => dom/security/test/csp/file_bug768029.html
rename : dom/base/test/csp/file_csp_bug768029.sjs => dom/security/test/csp/file_bug768029.sjs
rename : dom/base/test/csp/file_csp_bug773891.html => dom/security/test/csp/file_bug773891.html
rename : dom/base/test/csp/file_csp_bug773891.sjs => dom/security/test/csp/file_bug773891.sjs
rename : dom/base/test/csp/file_CSP_bug802872.html => dom/security/test/csp/file_bug802872.html
rename : dom/base/test/csp/file_CSP_bug802872.html^headers^ => dom/security/test/csp/file_bug802872.html^headers^
rename : dom/base/test/csp/file_CSP_bug802872.js => dom/security/test/csp/file_bug802872.js
rename : dom/base/test/csp/file_CSP_bug802872.sjs => dom/security/test/csp/file_bug802872.sjs
rename : dom/base/test/csp/file_bug836922_npolicies.html => dom/security/test/csp/file_bug836922_npolicies.html
rename : dom/base/test/csp/file_bug836922_npolicies.html^headers^ => dom/security/test/csp/file_bug836922_npolicies.html^headers^
rename : dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs => dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
rename : dom/base/test/csp/file_bug836922_npolicies_violation.sjs => dom/security/test/csp/file_bug836922_npolicies_violation.sjs
rename : dom/base/test/csp/file_CSP_bug885433_allows.html => dom/security/test/csp/file_bug885433_allows.html
rename : dom/base/test/csp/file_CSP_bug885433_allows.html^headers^ => dom/security/test/csp/file_bug885433_allows.html^headers^
rename : dom/base/test/csp/file_CSP_bug885433_blocks.html => dom/security/test/csp/file_bug885433_blocks.html
rename : dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^ => dom/security/test/csp/file_bug885433_blocks.html^headers^
rename : dom/base/test/csp/file_bug886164.html => dom/security/test/csp/file_bug886164.html
rename : dom/base/test/csp/file_bug886164.html^headers^ => dom/security/test/csp/file_bug886164.html^headers^
rename : dom/base/test/csp/file_bug886164_2.html => dom/security/test/csp/file_bug886164_2.html
rename : dom/base/test/csp/file_bug886164_2.html^headers^ => dom/security/test/csp/file_bug886164_2.html^headers^
rename : dom/base/test/csp/file_bug886164_3.html => dom/security/test/csp/file_bug886164_3.html
rename : dom/base/test/csp/file_bug886164_3.html^headers^ => dom/security/test/csp/file_bug886164_3.html^headers^
rename : dom/base/test/csp/file_bug886164_4.html => dom/security/test/csp/file_bug886164_4.html
rename : dom/base/test/csp/file_bug886164_4.html^headers^ => dom/security/test/csp/file_bug886164_4.html^headers^
rename : dom/base/test/csp/file_bug886164_5.html => dom/security/test/csp/file_bug886164_5.html
rename : dom/base/test/csp/file_bug886164_5.html^headers^ => dom/security/test/csp/file_bug886164_5.html^headers^
rename : dom/base/test/csp/file_bug886164_6.html => dom/security/test/csp/file_bug886164_6.html
rename : dom/base/test/csp/file_bug886164_6.html^headers^ => dom/security/test/csp/file_bug886164_6.html^headers^
rename : dom/base/test/csp/file_CSP_bug888172.html => dom/security/test/csp/file_bug888172.html
rename : dom/base/test/csp/file_CSP_bug888172.sjs => dom/security/test/csp/file_bug888172.sjs
rename : dom/base/test/csp/file_CSP_bug909029_none.html => dom/security/test/csp/file_bug909029_none.html
rename : dom/base/test/csp/file_CSP_bug909029_none.html^headers^ => dom/security/test/csp/file_bug909029_none.html^headers^
rename : dom/base/test/csp/file_CSP_bug909029_star.html => dom/security/test/csp/file_bug909029_star.html
rename : dom/base/test/csp/file_CSP_bug909029_star.html^headers^ => dom/security/test/csp/file_bug909029_star.html^headers^
rename : dom/base/test/csp/file_CSP_bug910139.sjs => dom/security/test/csp/file_bug910139.sjs
rename : dom/base/test/csp/file_CSP_bug910139.xml => dom/security/test/csp/file_bug910139.xml
rename : dom/base/test/csp/file_CSP_bug910139.xsl => dom/security/test/csp/file_bug910139.xsl
rename : dom/base/test/csp/file_CSP_bug941404.html => dom/security/test/csp/file_bug941404.html
rename : dom/base/test/csp/file_CSP_bug941404_xhr.html => dom/security/test/csp/file_bug941404_xhr.html
rename : dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^ => dom/security/test/csp/file_bug941404_xhr.html^headers^
rename : dom/base/test/csp/file_connect-src.html => dom/security/test/csp/file_connect-src.html
rename : dom/base/test/csp/file_CSP_evalscript_main.html => dom/security/test/csp/file_evalscript_main.html
rename : dom/base/test/csp/file_CSP_evalscript_main.html^headers^ => dom/security/test/csp/file_evalscript_main.html^headers^
rename : dom/base/test/csp/file_CSP_evalscript_main.js => dom/security/test/csp/file_evalscript_main.js
rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.html => dom/security/test/csp/file_evalscript_main_allowed.html
rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^ => dom/security/test/csp/file_evalscript_main_allowed.html^headers^
rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.js => dom/security/test/csp/file_evalscript_main_allowed.js
rename : dom/base/test/csp/file_form-action.html => dom/security/test/csp/file_form-action.html
rename : dom/base/test/csp/file_CSP_frameancestors.sjs => dom/security/test/csp/file_frameancestors.sjs
rename : dom/base/test/csp/file_CSP_frameancestors_main.html => dom/security/test/csp/file_frameancestors_main.html
rename : dom/base/test/csp/file_CSP_frameancestors_main.js => dom/security/test/csp/file_frameancestors_main.js
rename : dom/base/test/csp/file_hash_source.html => dom/security/test/csp/file_hash_source.html
rename : dom/base/test/csp/file_hash_source.html^headers^ => dom/security/test/csp/file_hash_source.html^headers^
rename : dom/base/test/csp/file_CSP_inlinescript_main.html => dom/security/test/csp/file_inlinescript_main.html
rename : dom/base/test/csp/file_CSP_inlinescript_main.html^headers^ => dom/security/test/csp/file_inlinescript_main.html^headers^
rename : dom/base/test/csp/file_CSP_inlinescript_main_allowed.html => dom/security/test/csp/file_inlinescript_main_allowed.html
rename : dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^ => dom/security/test/csp/file_inlinescript_main_allowed.html^headers^
rename : dom/base/test/csp/file_CSP_inlinestyle_main.html => dom/security/test/csp/file_inlinestyle_main.html
rename : dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^ => dom/security/test/csp/file_inlinestyle_main.html^headers^
rename : dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html => dom/security/test/csp/file_inlinestyle_main_allowed.html
rename : dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^ => dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^
rename : dom/base/test/csp/file_csp_invalid_source_expression.html => dom/security/test/csp/file_invalid_source_expression.html
rename : dom/base/test/csp/file_leading_wildcard.html => dom/security/test/csp/file_leading_wildcard.html
rename : dom/base/test/csp/file_CSP_main.html => dom/security/test/csp/file_main.html
rename : dom/base/test/csp/file_CSP_main.html^headers^ => dom/security/test/csp/file_main.html^headers^
rename : dom/base/test/csp/file_CSP_main.js => dom/security/test/csp/file_main.js
rename : dom/base/test/csp/file_multi_policy_injection_bypass.html => dom/security/test/csp/file_multi_policy_injection_bypass.html
rename : dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^ => dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^
rename : dom/base/test/csp/file_multi_policy_injection_bypass_2.html => dom/security/test/csp/file_multi_policy_injection_bypass_2.html
rename : dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^ => dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^
rename : dom/base/test/csp/file_nonce_source.html => dom/security/test/csp/file_nonce_source.html
rename : dom/base/test/csp/file_nonce_source.html^headers^ => dom/security/test/csp/file_nonce_source.html^headers^
rename : dom/base/test/csp/file_csp_path_matching.html => dom/security/test/csp/file_path_matching.html
rename : dom/base/test/csp/file_csp_path_matching.js => dom/security/test/csp/file_path_matching.js
rename : dom/base/test/csp/file_csp_path_matching_redirect.html => dom/security/test/csp/file_path_matching_redirect.html
rename : dom/base/test/csp/file_csp_path_matching_redirect_server.sjs => dom/security/test/csp/file_path_matching_redirect_server.sjs
rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy.html => dom/security/test/csp/file_policyuri_regression_from_multipolicy.html
rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ => dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy => dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy
rename : dom/base/test/csp/file_redirect_content.sjs => dom/security/test/csp/file_redirect_content.sjs
rename : dom/base/test/csp/file_redirect_report.sjs => dom/security/test/csp/file_redirect_report.sjs
rename : dom/base/test/csp/file_csp_redirects_main.html => dom/security/test/csp/file_redirects_main.html
rename : dom/base/test/csp/file_csp_redirects_page.sjs => dom/security/test/csp/file_redirects_page.sjs
rename : dom/base/test/csp/file_csp_redirects_resource.sjs => dom/security/test/csp/file_redirects_resource.sjs
rename : dom/base/test/csp/file_csp_referrerdirective.html => dom/security/test/csp/file_referrerdirective.html
rename : dom/base/test/csp/file_csp_report.html => dom/security/test/csp/file_report.html
rename : dom/base/test/csp/file_report_uri_missing_in_report_only_header.html => dom/security/test/csp/file_report_uri_missing_in_report_only_header.html
rename : dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ => dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^
rename : dom/base/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_self_none_as_hostname_confusion.html
rename : dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^
rename : dom/base/test/csp/file_subframe_run_js_if_allowed.html => dom/security/test/csp/file_subframe_run_js_if_allowed.html
rename : dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^ => dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^
rename : dom/base/test/csp/file_csp_testserver.sjs => dom/security/test/csp/file_testserver.sjs
rename : dom/base/test/csp/file_worker_redirect.html => dom/security/test/csp/file_worker_redirect.html
rename : dom/base/test/csp/file_worker_redirect.sjs => dom/security/test/csp/file_worker_redirect.sjs
rename : dom/base/test/csp/mochitest.ini => dom/security/test/csp/mochitest.ini
rename : dom/base/test/csp/referrerdirective.sjs => dom/security/test/csp/referrerdirective.sjs
rename : dom/base/test/csp/test_301_redirect.html => dom/security/test/csp/test_301_redirect.html
rename : dom/base/test/csp/test_302_redirect.html => dom/security/test/csp/test_302_redirect.html
rename : dom/base/test/csp/test_303_redirect.html => dom/security/test/csp/test_303_redirect.html
rename : dom/base/test/csp/test_307_redirect.html => dom/security/test/csp/test_307_redirect.html
rename : dom/base/test/csp/test_CSP.html => dom/security/test/csp/test_CSP.html
rename : dom/base/test/csp/test_csp_allow_https_schemes.html => dom/security/test/csp/test_allow_https_schemes.html
rename : dom/base/test/csp/test_base-uri.html => dom/security/test/csp/test_base-uri.html
rename : dom/base/test/csp/test_CSP_bug663567.html => dom/security/test/csp/test_bug663567.html
rename : dom/base/test/csp/test_csp_bug768029.html => dom/security/test/csp/test_bug768029.html
rename : dom/base/test/csp/test_csp_bug773891.html => dom/security/test/csp/test_bug773891.html
rename : dom/base/test/csp/test_CSP_bug802872.html => dom/security/test/csp/test_bug802872.html
rename : dom/base/test/csp/test_bug836922_npolicies.html => dom/security/test/csp/test_bug836922_npolicies.html
rename : dom/base/test/csp/test_CSP_bug885433.html => dom/security/test/csp/test_bug885433.html
rename : dom/base/test/csp/test_bug886164.html => dom/security/test/csp/test_bug886164.html
rename : dom/base/test/csp/test_CSP_bug888172.html => dom/security/test/csp/test_bug888172.html
rename : dom/base/test/csp/test_CSP_bug909029.html => dom/security/test/csp/test_bug909029.html
rename : dom/base/test/csp/test_CSP_bug910139.html => dom/security/test/csp/test_bug910139.html
rename : dom/base/test/csp/test_CSP_bug941404.html => dom/security/test/csp/test_bug941404.html
rename : dom/base/test/csp/test_bug949549.html => dom/security/test/csp/test_bug949549.html
rename : dom/base/test/csp/test_connect-src.html => dom/security/test/csp/test_connect-src.html
rename : dom/base/test/csp/test_CSP_evalscript.html => dom/security/test/csp/test_evalscript.html
rename : dom/base/test/csp/test_form-action.html => dom/security/test/csp/test_form-action.html
rename : dom/base/test/csp/test_CSP_frameancestors.html => dom/security/test/csp/test_frameancestors.html
rename : dom/base/test/csp/test_hash_source.html => dom/security/test/csp/test_hash_source.html
rename : dom/base/test/csp/test_CSP_inlinescript.html => dom/security/test/csp/test_inlinescript.html
rename : dom/base/test/csp/test_CSP_inlinestyle.html => dom/security/test/csp/test_inlinestyle.html
rename : dom/base/test/csp/test_csp_invalid_source_expression.html => dom/security/test/csp/test_invalid_source_expression.html
rename : dom/base/test/csp/test_leading_wildcard.html => dom/security/test/csp/test_leading_wildcard.html
rename : dom/base/test/csp/test_multi_policy_injection_bypass.html => dom/security/test/csp/test_multi_policy_injection_bypass.html
rename : dom/base/test/csp/test_nonce_source.html => dom/security/test/csp/test_nonce_source.html
rename : dom/base/test/csp/test_csp_path_matching.html => dom/security/test/csp/test_path_matching.html
rename : dom/base/test/csp/test_csp_path_matching_redirect.html => dom/security/test/csp/test_path_matching_redirect.html
rename : dom/base/test/csp/test_policyuri_regression_from_multipolicy.html => dom/security/test/csp/test_policyuri_regression_from_multipolicy.html
rename : dom/base/test/csp/test_csp_redirects.html => dom/security/test/csp/test_redirects.html
rename : dom/base/test/csp/test_CSP_referrerdirective.html => dom/security/test/csp/test_referrerdirective.html
rename : dom/base/test/csp/test_csp_report.html => dom/security/test/csp/test_report.html
rename : dom/base/test/csp/test_report_uri_missing_in_report_only_header.html => dom/security/test/csp/test_report_uri_missing_in_report_only_header.html
rename : dom/base/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_self_none_as_hostname_confusion.html
rename : dom/base/test/csp/test_subframe_run_js_if_allowed.html => dom/security/test/csp/test_subframe_run_js_if_allowed.html
rename : dom/base/test/csp/test_worker_redirect.html => dom/security/test/csp/test_worker_redirect.html
rename : dom/base/test/unit/test_cspreports.js => dom/security/test/unit/test_cspreports.js
This commit is contained in:
Christoph Kerschbaumer 2015-02-06 12:40:52 -08:00
Родитель a63756e767
Коммит c8504a0662
164 изменённых файлов: 392 добавлений и 366 удалений

Просмотреть файл

@ -1,4 +0,0 @@
[DEFAULT]
[test_csp_bug768029.html]
[test_csp_bug773891.html]

Просмотреть файл

@ -1,15 +0,0 @@
<html>
<head>
<link rel='stylesheet' type='text/css'
href='/tests/dom/base/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
<link rel='stylesheet' type='text/css'
href='http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
</head>
<body>
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
<img src="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
</body>
</html>

Просмотреть файл

@ -1,15 +0,0 @@
<html>
<head> <meta charset="utf-8"> </head>
<body>
<!-- sandbox="allow-same-origin" -->
<!-- Content-Security-Policy: default-src 'self' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<!-- these should load ok -->
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
</body>
</html>

Просмотреть файл

@ -1,12 +0,0 @@
<html>
<head> <meta charset="utf-8"> </head>
<body>
<!-- sandbox -->
<!-- Content-Security-Policy: default-src 'none' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
</body>
</html>

Просмотреть файл

@ -1,12 +0,0 @@
<html>
<head> <meta charset="utf-8"> </head>
<body>
<!-- sandbox -->
<!-- Content-Security-Policy: default-src 'none' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
</body>
</html>

Просмотреть файл

@ -1,14 +0,0 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
</head>
<body>
<div id="testdiv">blocked</div>
<!--
We resue file_csp_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
Note, that we are loading the file_csp_path_matchting.js using a scheme of 'https'.
-->
<script src="https://example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
</body>
</html>

Просмотреть файл

@ -1,25 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
-->
<head>
<meta charset="utf-8">
<title>This is an app for testing</title>
<link rel="stylesheet" type="text/css"
href="file_csp_bug768029.sjs?type=style&origin=same_origin" />
<link rel="stylesheet" type="text/css"
href="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=style&origin=cross_origin" />
</head>
<body>
<script src="file_csp_bug768029.sjs?type=script&origin=same_origin"></script>
<script src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=script&origin=cross_origin"></script>
<img src="file_csp_bug768029.sjs?type=img&origin=same_origin" />
<img src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=img&origin=cross_origin" />
Test for CSP applied to (simulated) app.
</body>
</html>

Просмотреть файл

@ -1,25 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
-->
<head>
<meta charset="utf-8">
<title>This is an app for csp testing</title>
<link rel="stylesheet" type="text/css"
href="file_csp_bug773891.sjs?type=style&origin=same_origin" />
<link rel="stylesheet" type="text/css"
href="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=style&origin=cross_origin" />
</head>
<body>
<script src="file_csp_bug773891.sjs?type=script&origin=same_origin"></script>
<script src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=script&origin=cross_origin"></script>
<img src="file_csp_bug773891.sjs?type=img&origin=same_origin" />
<img src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=img&origin=cross_origin" />
Test for CSP applied to (simulated) app.
</body>
</html>

Просмотреть файл

@ -1 +0,0 @@
content-security-policy-report-only: policy-uri /tests/dom/base/test/csp/file_CSP_policyuri_regression_from_multipolicy_policy

Просмотреть файл

@ -10,7 +10,6 @@ XPCSHELL_TESTS_MANIFESTS += [
]
GeckoCppUnitTests([
'TestCSPParser',
'TestGetURL',
'TestNativeXMLHttpRequest',
'TestPlainTextSerializer',
@ -18,7 +17,6 @@ GeckoCppUnitTests([
MOCHITEST_MANIFESTS += [
'chrome/mochitest.ini',
'csp/mochitest.ini',
'mixedcontentblocker/mochitest.ini',
'mochitest.ini',
'websocket_hybi/mochitest.ini',
@ -34,7 +32,6 @@ if CONFIG['MOZ_CHILD_PERMISSIONS']:
MOCHITEST_CHROME_MANIFESTS += [
'chrome.ini',
'chrome/chrome.ini',
'csp/chrome.ini',
]
BROWSER_CHROME_MANIFESTS += ['browser.ini']

Просмотреть файл

@ -13,7 +13,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=713980
<style>
@font-face {
font-family: "bad_cross_origin_webfont";
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
}
div#bad_webfont { font-family: "bad_cross_origin_webfont"; }
</style>

Просмотреть файл

@ -23,8 +23,6 @@ support-files =
[test_bug553888.js]
[test_bug737966.js]
[test_cspreports.js]
skip-if = buildapp == 'mulet'
[test_error_codes.js]
run-sequentially = Hardcoded 4444 port.
# Bug 1018414: hardcoded localhost doesn't work properly on some OS X installs

Просмотреть файл

@ -4,6 +4,8 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
TEST_DIRS += ['test']
EXPORTS.mozilla.dom += [
'nsCSPContext.h',
'nsCSPService.h',

Просмотреть файл

Просмотреть файл

@ -0,0 +1,4 @@
[DEFAULT]
[test_bug768029.html]
[test_bug773891.html]

Просмотреть файл

@ -12,7 +12,7 @@
}
@font-face {
font-family: "arbitrary_bad";
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
}
.div_arbitrary_good { font-family: "arbitrary_good"; }

Просмотреть файл

Просмотреть файл

@ -0,0 +1,14 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
</head>
<body>
<div id="testdiv">blocked</div>
<!--
We resue file_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
Note, that we are loading the file_path_matchting.js using a scheme of 'https'.
-->
<script src="https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
</body>
</html>

Просмотреть файл

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
<catalog>
<cd>
<title>Empire Burlesque</title>

Просмотреть файл

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
<catalog>
<cd>
<title>Empire Burlesque</title>

Просмотреть файл

@ -0,0 +1,25 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
-->
<head>
<meta charset="utf-8">
<title>This is an app for testing</title>
<link rel="stylesheet" type="text/css"
href="file_bug768029.sjs?type=style&origin=same_origin" />
<link rel="stylesheet" type="text/css"
href="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=style&origin=cross_origin" />
</head>
<body>
<script src="file_bug768029.sjs?type=script&origin=same_origin"></script>
<script src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=script&origin=cross_origin"></script>
<img src="file_bug768029.sjs?type=img&origin=same_origin" />
<img src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=img&origin=cross_origin" />
Test for CSP applied to (simulated) app.
</body>
</html>

Просмотреть файл

@ -0,0 +1,25 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
-->
<head>
<meta charset="utf-8">
<title>This is an app for csp testing</title>
<link rel="stylesheet" type="text/css"
href="file_bug773891.sjs?type=style&origin=same_origin" />
<link rel="stylesheet" type="text/css"
href="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=style&origin=cross_origin" />
</head>
<body>
<script src="file_bug773891.sjs?type=script&origin=same_origin"></script>
<script src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=script&origin=cross_origin"></script>
<img src="file_bug773891.sjs?type=img&origin=same_origin" />
<img src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=img&origin=cross_origin" />
Test for CSP applied to (simulated) app.
</body>
</html>

Просмотреть файл

@ -7,6 +7,6 @@
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script src='file_CSP_bug802872.js'></script>
<script src='file_bug802872.js'></script>
</body>
</html>

Просмотреть файл

@ -8,7 +8,7 @@ function createAllowedEvent() {
* Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
* 'http://mochi.test', a default-src of 'self' allows this request.
*/
var src_event = new EventSource("http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
var src_event = new EventSource("http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs");
src_event.onmessage = function(e) {
src_event.close();
@ -26,7 +26,7 @@ function createBlockedEvent() {
* creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the
* CSP of this page, therefore the CSP blocks this request.
*/
var src_event = new EventSource("http://example.com/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
var src_event = new EventSource("http://example.com/tests/dom/security/test/csp/file_bug802872.sjs");
src_event.onmessage = function(e) {
src_event.close();

Просмотреть файл

@ -0,0 +1,15 @@
<html>
<head>
<link rel='stylesheet' type='text/css'
href='/tests/dom/security/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
<link rel='stylesheet' type='text/css'
href='http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
</head>
<body>
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
<img src="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
</body>
</html>

Просмотреть файл

@ -1,2 +1,2 @@
content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_violation.sjs
content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_violation.sjs
content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs

Просмотреть файл

@ -0,0 +1,15 @@
<html>
<head> <meta charset="utf-8"> </head>
<body>
<!-- sandbox="allow-same-origin" -->
<!-- Content-Security-Policy: default-src 'self' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<!-- these should load ok -->
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
</body>
</html>

Просмотреть файл

@ -5,10 +5,10 @@
<!-- Content-Security-Policy: default-src 'self' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
<!-- these should load ok -->
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
</body>
</html>

Просмотреть файл

@ -0,0 +1,12 @@
<html>
<head> <meta charset="utf-8"> </head>
<body>
<!-- sandbox -->
<!-- Content-Security-Policy: default-src 'none' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
</body>
</html>

Просмотреть файл

@ -0,0 +1,12 @@
<html>
<head> <meta charset="utf-8"> </head>
<body>
<!-- sandbox -->
<!-- Content-Security-Policy: default-src 'none' -->
<!-- these should be stopped by CSP -->
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
</body>
</html>

Просмотреть файл

@ -18,9 +18,9 @@
<!-- Content-Security-Policy: default-src 'none' 'unsafe-inline'-->
<!-- these should be stopped by CSP -->
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
</body>
</html>

Просмотреть файл

@ -21,8 +21,8 @@
<script src='file_iframe_sandbox_pass.js'></script>
<body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
I am sandboxed but with "allow-scripts"
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
<form method="get" action="file_iframe_sandbox_form_fail.html" id="a_form">
First name: <input type="text" name="firstname">

Просмотреть файл

@ -39,5 +39,5 @@ function handleRequest(request, response)
// Send HTML to test allowed/blocked behaviors
response.setHeader("Content-Type", "text/html", false);
response.write(loadHTMLFromFile("tests/dom/base/test/csp/file_CSP_bug888172.html"));
response.write(loadHTMLFromFile("tests/dom/security/test/csp/file_bug888172.html"));
}

Просмотреть файл

@ -48,5 +48,5 @@ function handleRequest(request, response)
response.setHeader("Content-Security-Policy", getPolicy(), false);
// return the requested XML file.
response.write(loadResponseFromFile("tests/dom/base/test/csp/file_CSP_bug910139.xml"));
response.write(loadResponseFromFile("tests/dom/security/test/csp/file_bug910139.xml"));
}

Просмотреть файл

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
<?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
<catalog>
<cd>
<title>Empire Burlesque</title>

Просмотреть файл

@ -3,7 +3,7 @@
<body>
<!-- this should be allowed (no CSP)-->
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
<script type="text/javascript">
@ -12,13 +12,13 @@
//this should be allowed (no CSP)
try {
var img = document.createElement("img");
img.src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
img.src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
document.body.appendChild(img);
} catch(e) {
console.log("yo: "+e);
}
};
req.open("get", "file_CSP_bug941404_xhr.html", true);
req.open("get", "file_bug941404_xhr.html", true);
req.responseType = "document";
req.send();
</script>

Просмотреть файл

@ -7,11 +7,11 @@
<script type="text/javascript">
try {
// Please note that file_csp_testserver.sjs?foo does not return a response.
// Please note that file_testserver.sjs?foo does not return a response.
// For testing purposes this is not necessary because we only want to check
// whether CSP allows or blocks the load.
var xhr = new XMLHttpRequest();
xhr.open("GET", "file_csp_testserver.sjs?foo", false);
xhr.open("GET", "file_testserver.sjs?foo", false);
xhr.send(null);
}
catch (e) { }

Просмотреть файл

@ -2,7 +2,7 @@
<head>
<title>CSP eval script tests</title>
<script type="application/javascript"
src="file_CSP_evalscript_main.js"></script>
src="file_evalscript_main.js"></script>
</head>
<body>

Просмотреть файл

@ -2,7 +2,7 @@
<head>
<title>CSP eval script tests</title>
<script type="application/javascript"
src="file_CSP_evalscript_main_allowed.js"></script>
src="file_evalscript_main_allowed.js"></script>
</head>
<body>

Просмотреть файл

@ -30,9 +30,9 @@ function handleRequest(request, response)
response.setHeader("Content-Type", "text/html", false);
response.write('<html><head>');
if (query['double'])
response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
response.write('<script src="file_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
else
response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
response.write('<script src="file_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
response.write('</head><body>');
response.write(unescape(query['internalframe']));
response.write('</body></html>');

Просмотреть файл

@ -3,7 +3,7 @@
<title>CSP frame ancestors tests</title>
<!-- this page shouldn't have a CSP, just the sub-pages. -->
<script src='file_CSP_frameancestors_main.js'></script>
<script src='file_frameancestors_main.js'></script>
</head>
<body>

Просмотреть файл

@ -4,9 +4,9 @@ function setupFrames() {
var $ = function(v) { return document.getElementById(v); }
var base = {
self: '/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
a: 'http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
b: 'http://example.com/tests/dom/base/test/csp/file_CSP_frameancestors.sjs'
self: '/tests/dom/security/test/csp/file_frameancestors.sjs',
a: 'http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs',
b: 'http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs'
};
var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };

Просмотреть файл

@ -5,7 +5,7 @@
</head>
<body>
<div id="testdiv">blocked</div>
<!-- Note, we reuse file_csp_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
<script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"></script>
<!-- Note, we reuse file_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
<script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js"></script>
</body>
</html>

Просмотреть файл

@ -5,7 +5,7 @@
</head>
<body>
<!-- Please note that both scripts do *not* exist in the file system -->
<script src="http://test1.example.com/tests/dom/base/test/csp/leading_wildcard_allowed.js" ></script>
<script src="http://example.com/tests/dom/base/test/csp/leading_wildcard_blocked.js" ></script>
<script src="http://test1.example.com/tests/dom/security/test/csp/leading_wildcard_allowed.js" ></script>
<script src="http://example.com/tests/dom/security/test/csp/leading_wildcard_blocked.js" ></script>
</body>
</html>

Просмотреть файл

@ -1,7 +1,7 @@
<html>
<head>
<link rel='stylesheet' type='text/css'
href='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
href='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
<link rel='stylesheet' type='text/css'
href='file_CSP.sjs?testid=style_good&type=text/css' />
@ -14,7 +14,7 @@
}
@font-face {
font-family: "arbitrary_bad";
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
}
.div_arbitrary_good { font-family: "arbitrary_good"; }
@ -23,13 +23,13 @@
</head>
<body>
<!-- these should be stopped by CSP. :) -->
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<audio src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
<iframe src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<audio src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
<iframe src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
<object width="10" height="10">
<param name="movie" value="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
<embed src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
<param name="movie" value="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
<embed src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
</object>
<!-- these should load ok. :) -->
@ -46,7 +46,7 @@
<!-- XHR tests... they're taken care of in this script,
and since the URI doesn't have any 'testid' values,
it will just be ignored by the test framework. -->
<script src='file_CSP_main.js'></script>
<script src='file_main.js'></script>
<!-- Support elements for the @font-face test -->
<div class="div_arbitrary_good">arbitrary good</div>

Просмотреть файл

@ -3,14 +3,14 @@
try {
var xhr_good = new XMLHttpRequest();
var xhr_good_uri ="http://mochi.test:8888/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_good";
var xhr_good_uri ="http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_good";
xhr_good.open("GET", xhr_good_uri, true);
xhr_good.send(null);
} catch(e) {}
try {
var xhr_bad = new XMLHttpRequest();
var xhr_bad_uri ="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_bad";
var xhr_bad_uri ="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_bad";
xhr_bad.open("GET", xhr_bad_uri, true);
xhr_bad.send(null);
} catch(e) {}

Просмотреть файл

@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
-->
<body>
<!-- these should be stopped by CSP after fixing bug 717511. :) -->
<img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
<img src="http://example.org/tests/dom/security/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<script src='http://example.org/tests/dom/security/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
<!-- these should load ok after fixing bug 717511. :) -->
<img src="file_CSP.sjs?testid=img_good&type=img/png" />

Просмотреть файл

@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
-->
<body>
<!-- these should be stopped by CSP after fixing bug 717511. :) -->
<img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
<script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
<img src="http://example.org/tests/dom/security/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
<script src='http://example.org/tests/dom/security/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
<!-- these should load ok after fixing bug 717511. :) -->
<img src="file_CSP.sjs?testid=img2_good&type=img/png" />

Просмотреть файл

@ -29,11 +29,11 @@
</script>
<!-- external scripts -->
<script nonce="correctscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
<script nonce="anothercorrectscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
<script nonce="incorrectscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
<script nonce="correctstylenonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
<script src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
<script nonce="correctscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
<script nonce="anothercorrectscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
<script nonce="incorrectscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
<script nonce="correctstylenonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
<script src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
<!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. -->
<script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script>

Просмотреть файл

@ -5,6 +5,6 @@
</head>
<body>
<div id="testdiv">blocked</div>
<script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
<script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
</body>
</html>

Просмотреть файл

@ -5,6 +5,6 @@
</head>
<body>
<div id="testdiv">blocked</div>
<script src="http://example.com/tests/dom/base/test/csp/file_csp_path_matching_redirect_server.sjs"></script>
<script src="http://example.com/tests/dom/security/test/csp/file_path_matching_redirect_server.sjs"></script>
</body>
</html>

Просмотреть файл

@ -5,7 +5,7 @@
function handleRequest(request, response)
{
var newLocation = "http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js";
var newLocation = "http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js";
response.setStatusLine("1.1", 302, "Found");
response.setHeader("Cache-Control", "no-cache", false);

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше