зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1117650 - Part 1 - Move all CSP tests into dom/security/test (r=sstamm)
--HG-- rename : dom/base/test/TestCSPParser.cpp => dom/security/test/TestCSPParser.cpp rename : dom/base/test/csp/chrome.ini => dom/security/test/csp/chrome.ini rename : dom/base/test/csp/file_CSP.css => dom/security/test/csp/file_CSP.css rename : dom/base/test/csp/file_CSP.sjs => dom/security/test/csp/file_CSP.sjs rename : dom/base/test/csp/file_csp_allow_https_schemes.html => dom/security/test/csp/file_allow_https_schemes.html rename : dom/base/test/csp/file_base-uri.html => dom/security/test/csp/file_base-uri.html rename : dom/base/test/csp/file_CSP_bug663567.xsl => dom/security/test/csp/file_bug663567.xsl rename : dom/base/test/csp/file_CSP_bug663567_allows.xml => dom/security/test/csp/file_bug663567_allows.xml rename : dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^ => dom/security/test/csp/file_bug663567_allows.xml^headers^ rename : dom/base/test/csp/file_CSP_bug663567_blocks.xml => dom/security/test/csp/file_bug663567_blocks.xml rename : dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^ => dom/security/test/csp/file_bug663567_blocks.xml^headers^ rename : dom/base/test/csp/file_csp_bug768029.html => dom/security/test/csp/file_bug768029.html rename : dom/base/test/csp/file_csp_bug768029.sjs => dom/security/test/csp/file_bug768029.sjs rename : dom/base/test/csp/file_csp_bug773891.html => dom/security/test/csp/file_bug773891.html rename : dom/base/test/csp/file_csp_bug773891.sjs => dom/security/test/csp/file_bug773891.sjs rename : dom/base/test/csp/file_CSP_bug802872.html => dom/security/test/csp/file_bug802872.html rename : dom/base/test/csp/file_CSP_bug802872.html^headers^ => dom/security/test/csp/file_bug802872.html^headers^ rename : dom/base/test/csp/file_CSP_bug802872.js => dom/security/test/csp/file_bug802872.js rename : dom/base/test/csp/file_CSP_bug802872.sjs => dom/security/test/csp/file_bug802872.sjs rename : dom/base/test/csp/file_bug836922_npolicies.html => dom/security/test/csp/file_bug836922_npolicies.html rename : dom/base/test/csp/file_bug836922_npolicies.html^headers^ => dom/security/test/csp/file_bug836922_npolicies.html^headers^ rename : dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs => dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs rename : dom/base/test/csp/file_bug836922_npolicies_violation.sjs => dom/security/test/csp/file_bug836922_npolicies_violation.sjs rename : dom/base/test/csp/file_CSP_bug885433_allows.html => dom/security/test/csp/file_bug885433_allows.html rename : dom/base/test/csp/file_CSP_bug885433_allows.html^headers^ => dom/security/test/csp/file_bug885433_allows.html^headers^ rename : dom/base/test/csp/file_CSP_bug885433_blocks.html => dom/security/test/csp/file_bug885433_blocks.html rename : dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^ => dom/security/test/csp/file_bug885433_blocks.html^headers^ rename : dom/base/test/csp/file_bug886164.html => dom/security/test/csp/file_bug886164.html rename : dom/base/test/csp/file_bug886164.html^headers^ => dom/security/test/csp/file_bug886164.html^headers^ rename : dom/base/test/csp/file_bug886164_2.html => dom/security/test/csp/file_bug886164_2.html rename : dom/base/test/csp/file_bug886164_2.html^headers^ => dom/security/test/csp/file_bug886164_2.html^headers^ rename : dom/base/test/csp/file_bug886164_3.html => dom/security/test/csp/file_bug886164_3.html rename : dom/base/test/csp/file_bug886164_3.html^headers^ => dom/security/test/csp/file_bug886164_3.html^headers^ rename : dom/base/test/csp/file_bug886164_4.html => dom/security/test/csp/file_bug886164_4.html rename : dom/base/test/csp/file_bug886164_4.html^headers^ => dom/security/test/csp/file_bug886164_4.html^headers^ rename : dom/base/test/csp/file_bug886164_5.html => dom/security/test/csp/file_bug886164_5.html rename : dom/base/test/csp/file_bug886164_5.html^headers^ => dom/security/test/csp/file_bug886164_5.html^headers^ rename : dom/base/test/csp/file_bug886164_6.html => dom/security/test/csp/file_bug886164_6.html rename : dom/base/test/csp/file_bug886164_6.html^headers^ => dom/security/test/csp/file_bug886164_6.html^headers^ rename : dom/base/test/csp/file_CSP_bug888172.html => dom/security/test/csp/file_bug888172.html rename : dom/base/test/csp/file_CSP_bug888172.sjs => dom/security/test/csp/file_bug888172.sjs rename : dom/base/test/csp/file_CSP_bug909029_none.html => dom/security/test/csp/file_bug909029_none.html rename : dom/base/test/csp/file_CSP_bug909029_none.html^headers^ => dom/security/test/csp/file_bug909029_none.html^headers^ rename : dom/base/test/csp/file_CSP_bug909029_star.html => dom/security/test/csp/file_bug909029_star.html rename : dom/base/test/csp/file_CSP_bug909029_star.html^headers^ => dom/security/test/csp/file_bug909029_star.html^headers^ rename : dom/base/test/csp/file_CSP_bug910139.sjs => dom/security/test/csp/file_bug910139.sjs rename : dom/base/test/csp/file_CSP_bug910139.xml => dom/security/test/csp/file_bug910139.xml rename : dom/base/test/csp/file_CSP_bug910139.xsl => dom/security/test/csp/file_bug910139.xsl rename : dom/base/test/csp/file_CSP_bug941404.html => dom/security/test/csp/file_bug941404.html rename : dom/base/test/csp/file_CSP_bug941404_xhr.html => dom/security/test/csp/file_bug941404_xhr.html rename : dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^ => dom/security/test/csp/file_bug941404_xhr.html^headers^ rename : dom/base/test/csp/file_connect-src.html => dom/security/test/csp/file_connect-src.html rename : dom/base/test/csp/file_CSP_evalscript_main.html => dom/security/test/csp/file_evalscript_main.html rename : dom/base/test/csp/file_CSP_evalscript_main.html^headers^ => dom/security/test/csp/file_evalscript_main.html^headers^ rename : dom/base/test/csp/file_CSP_evalscript_main.js => dom/security/test/csp/file_evalscript_main.js rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.html => dom/security/test/csp/file_evalscript_main_allowed.html rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^ => dom/security/test/csp/file_evalscript_main_allowed.html^headers^ rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.js => dom/security/test/csp/file_evalscript_main_allowed.js rename : dom/base/test/csp/file_form-action.html => dom/security/test/csp/file_form-action.html rename : dom/base/test/csp/file_CSP_frameancestors.sjs => dom/security/test/csp/file_frameancestors.sjs rename : dom/base/test/csp/file_CSP_frameancestors_main.html => dom/security/test/csp/file_frameancestors_main.html rename : dom/base/test/csp/file_CSP_frameancestors_main.js => dom/security/test/csp/file_frameancestors_main.js rename : dom/base/test/csp/file_hash_source.html => dom/security/test/csp/file_hash_source.html rename : dom/base/test/csp/file_hash_source.html^headers^ => dom/security/test/csp/file_hash_source.html^headers^ rename : dom/base/test/csp/file_CSP_inlinescript_main.html => dom/security/test/csp/file_inlinescript_main.html rename : dom/base/test/csp/file_CSP_inlinescript_main.html^headers^ => dom/security/test/csp/file_inlinescript_main.html^headers^ rename : dom/base/test/csp/file_CSP_inlinescript_main_allowed.html => dom/security/test/csp/file_inlinescript_main_allowed.html rename : dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^ => dom/security/test/csp/file_inlinescript_main_allowed.html^headers^ rename : dom/base/test/csp/file_CSP_inlinestyle_main.html => dom/security/test/csp/file_inlinestyle_main.html rename : dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^ => dom/security/test/csp/file_inlinestyle_main.html^headers^ rename : dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html => dom/security/test/csp/file_inlinestyle_main_allowed.html rename : dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^ => dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^ rename : dom/base/test/csp/file_csp_invalid_source_expression.html => dom/security/test/csp/file_invalid_source_expression.html rename : dom/base/test/csp/file_leading_wildcard.html => dom/security/test/csp/file_leading_wildcard.html rename : dom/base/test/csp/file_CSP_main.html => dom/security/test/csp/file_main.html rename : dom/base/test/csp/file_CSP_main.html^headers^ => dom/security/test/csp/file_main.html^headers^ rename : dom/base/test/csp/file_CSP_main.js => dom/security/test/csp/file_main.js rename : dom/base/test/csp/file_multi_policy_injection_bypass.html => dom/security/test/csp/file_multi_policy_injection_bypass.html rename : dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^ => dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^ rename : dom/base/test/csp/file_multi_policy_injection_bypass_2.html => dom/security/test/csp/file_multi_policy_injection_bypass_2.html rename : dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^ => dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^ rename : dom/base/test/csp/file_nonce_source.html => dom/security/test/csp/file_nonce_source.html rename : dom/base/test/csp/file_nonce_source.html^headers^ => dom/security/test/csp/file_nonce_source.html^headers^ rename : dom/base/test/csp/file_csp_path_matching.html => dom/security/test/csp/file_path_matching.html rename : dom/base/test/csp/file_csp_path_matching.js => dom/security/test/csp/file_path_matching.js rename : dom/base/test/csp/file_csp_path_matching_redirect.html => dom/security/test/csp/file_path_matching_redirect.html rename : dom/base/test/csp/file_csp_path_matching_redirect_server.sjs => dom/security/test/csp/file_path_matching_redirect_server.sjs rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy.html => dom/security/test/csp/file_policyuri_regression_from_multipolicy.html rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ => dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy => dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy rename : dom/base/test/csp/file_redirect_content.sjs => dom/security/test/csp/file_redirect_content.sjs rename : dom/base/test/csp/file_redirect_report.sjs => dom/security/test/csp/file_redirect_report.sjs rename : dom/base/test/csp/file_csp_redirects_main.html => dom/security/test/csp/file_redirects_main.html rename : dom/base/test/csp/file_csp_redirects_page.sjs => dom/security/test/csp/file_redirects_page.sjs rename : dom/base/test/csp/file_csp_redirects_resource.sjs => dom/security/test/csp/file_redirects_resource.sjs rename : dom/base/test/csp/file_csp_referrerdirective.html => dom/security/test/csp/file_referrerdirective.html rename : dom/base/test/csp/file_csp_report.html => dom/security/test/csp/file_report.html rename : dom/base/test/csp/file_report_uri_missing_in_report_only_header.html => dom/security/test/csp/file_report_uri_missing_in_report_only_header.html rename : dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ => dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ rename : dom/base/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_self_none_as_hostname_confusion.html rename : dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ rename : dom/base/test/csp/file_subframe_run_js_if_allowed.html => dom/security/test/csp/file_subframe_run_js_if_allowed.html rename : dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^ => dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^ rename : dom/base/test/csp/file_csp_testserver.sjs => dom/security/test/csp/file_testserver.sjs rename : dom/base/test/csp/file_worker_redirect.html => dom/security/test/csp/file_worker_redirect.html rename : dom/base/test/csp/file_worker_redirect.sjs => dom/security/test/csp/file_worker_redirect.sjs rename : dom/base/test/csp/mochitest.ini => dom/security/test/csp/mochitest.ini rename : dom/base/test/csp/referrerdirective.sjs => dom/security/test/csp/referrerdirective.sjs rename : dom/base/test/csp/test_301_redirect.html => dom/security/test/csp/test_301_redirect.html rename : dom/base/test/csp/test_302_redirect.html => dom/security/test/csp/test_302_redirect.html rename : dom/base/test/csp/test_303_redirect.html => dom/security/test/csp/test_303_redirect.html rename : dom/base/test/csp/test_307_redirect.html => dom/security/test/csp/test_307_redirect.html rename : dom/base/test/csp/test_CSP.html => dom/security/test/csp/test_CSP.html rename : dom/base/test/csp/test_csp_allow_https_schemes.html => dom/security/test/csp/test_allow_https_schemes.html rename : dom/base/test/csp/test_base-uri.html => dom/security/test/csp/test_base-uri.html rename : dom/base/test/csp/test_CSP_bug663567.html => dom/security/test/csp/test_bug663567.html rename : dom/base/test/csp/test_csp_bug768029.html => dom/security/test/csp/test_bug768029.html rename : dom/base/test/csp/test_csp_bug773891.html => dom/security/test/csp/test_bug773891.html rename : dom/base/test/csp/test_CSP_bug802872.html => dom/security/test/csp/test_bug802872.html rename : dom/base/test/csp/test_bug836922_npolicies.html => dom/security/test/csp/test_bug836922_npolicies.html rename : dom/base/test/csp/test_CSP_bug885433.html => dom/security/test/csp/test_bug885433.html rename : dom/base/test/csp/test_bug886164.html => dom/security/test/csp/test_bug886164.html rename : dom/base/test/csp/test_CSP_bug888172.html => dom/security/test/csp/test_bug888172.html rename : dom/base/test/csp/test_CSP_bug909029.html => dom/security/test/csp/test_bug909029.html rename : dom/base/test/csp/test_CSP_bug910139.html => dom/security/test/csp/test_bug910139.html rename : dom/base/test/csp/test_CSP_bug941404.html => dom/security/test/csp/test_bug941404.html rename : dom/base/test/csp/test_bug949549.html => dom/security/test/csp/test_bug949549.html rename : dom/base/test/csp/test_connect-src.html => dom/security/test/csp/test_connect-src.html rename : dom/base/test/csp/test_CSP_evalscript.html => dom/security/test/csp/test_evalscript.html rename : dom/base/test/csp/test_form-action.html => dom/security/test/csp/test_form-action.html rename : dom/base/test/csp/test_CSP_frameancestors.html => dom/security/test/csp/test_frameancestors.html rename : dom/base/test/csp/test_hash_source.html => dom/security/test/csp/test_hash_source.html rename : dom/base/test/csp/test_CSP_inlinescript.html => dom/security/test/csp/test_inlinescript.html rename : dom/base/test/csp/test_CSP_inlinestyle.html => dom/security/test/csp/test_inlinestyle.html rename : dom/base/test/csp/test_csp_invalid_source_expression.html => dom/security/test/csp/test_invalid_source_expression.html rename : dom/base/test/csp/test_leading_wildcard.html => dom/security/test/csp/test_leading_wildcard.html rename : dom/base/test/csp/test_multi_policy_injection_bypass.html => dom/security/test/csp/test_multi_policy_injection_bypass.html rename : dom/base/test/csp/test_nonce_source.html => dom/security/test/csp/test_nonce_source.html rename : dom/base/test/csp/test_csp_path_matching.html => dom/security/test/csp/test_path_matching.html rename : dom/base/test/csp/test_csp_path_matching_redirect.html => dom/security/test/csp/test_path_matching_redirect.html rename : dom/base/test/csp/test_policyuri_regression_from_multipolicy.html => dom/security/test/csp/test_policyuri_regression_from_multipolicy.html rename : dom/base/test/csp/test_csp_redirects.html => dom/security/test/csp/test_redirects.html rename : dom/base/test/csp/test_CSP_referrerdirective.html => dom/security/test/csp/test_referrerdirective.html rename : dom/base/test/csp/test_csp_report.html => dom/security/test/csp/test_report.html rename : dom/base/test/csp/test_report_uri_missing_in_report_only_header.html => dom/security/test/csp/test_report_uri_missing_in_report_only_header.html rename : dom/base/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_self_none_as_hostname_confusion.html rename : dom/base/test/csp/test_subframe_run_js_if_allowed.html => dom/security/test/csp/test_subframe_run_js_if_allowed.html rename : dom/base/test/csp/test_worker_redirect.html => dom/security/test/csp/test_worker_redirect.html rename : dom/base/test/unit/test_cspreports.js => dom/security/test/unit/test_cspreports.js
This commit is contained in:
Родитель
a63756e767
Коммит
c8504a0662
|
@ -1,4 +0,0 @@
|
|||
[DEFAULT]
|
||||
|
||||
[test_csp_bug768029.html]
|
||||
[test_csp_bug773891.html]
|
|
@ -1,15 +0,0 @@
|
|||
<html>
|
||||
<head>
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='/tests/dom/base/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
|
||||
<img src="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
|
||||
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,15 +0,0 @@
|
|||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox="allow-same-origin" -->
|
||||
<!-- Content-Security-Policy: default-src 'self' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
|
||||
<!-- these should load ok -->
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
|
||||
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,12 +0,0 @@
|
|||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,12 +0,0 @@
|
|||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,14 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
|
||||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<!--
|
||||
We resue file_csp_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
|
||||
Note, that we are loading the file_csp_path_matchting.js using a scheme of 'https'.
|
||||
-->
|
||||
<script src="https://example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,25 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_csp_bug768029.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_csp_bug768029.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_csp_bug768029.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,25 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for csp testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_csp_bug773891.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_csp_bug773891.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_csp_bug773891.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1 +0,0 @@
|
|||
content-security-policy-report-only: policy-uri /tests/dom/base/test/csp/file_CSP_policyuri_regression_from_multipolicy_policy
|
|
@ -10,7 +10,6 @@ XPCSHELL_TESTS_MANIFESTS += [
|
|||
]
|
||||
|
||||
GeckoCppUnitTests([
|
||||
'TestCSPParser',
|
||||
'TestGetURL',
|
||||
'TestNativeXMLHttpRequest',
|
||||
'TestPlainTextSerializer',
|
||||
|
@ -18,7 +17,6 @@ GeckoCppUnitTests([
|
|||
|
||||
MOCHITEST_MANIFESTS += [
|
||||
'chrome/mochitest.ini',
|
||||
'csp/mochitest.ini',
|
||||
'mixedcontentblocker/mochitest.ini',
|
||||
'mochitest.ini',
|
||||
'websocket_hybi/mochitest.ini',
|
||||
|
@ -34,7 +32,6 @@ if CONFIG['MOZ_CHILD_PERMISSIONS']:
|
|||
MOCHITEST_CHROME_MANIFESTS += [
|
||||
'chrome.ini',
|
||||
'chrome/chrome.ini',
|
||||
'csp/chrome.ini',
|
||||
]
|
||||
|
||||
BROWSER_CHROME_MANIFESTS += ['browser.ini']
|
||||
|
|
|
@ -13,7 +13,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=713980
|
|||
<style>
|
||||
@font-face {
|
||||
font-family: "bad_cross_origin_webfont";
|
||||
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
}
|
||||
div#bad_webfont { font-family: "bad_cross_origin_webfont"; }
|
||||
</style>
|
||||
|
|
|
@ -23,8 +23,6 @@ support-files =
|
|||
|
||||
[test_bug553888.js]
|
||||
[test_bug737966.js]
|
||||
[test_cspreports.js]
|
||||
skip-if = buildapp == 'mulet'
|
||||
[test_error_codes.js]
|
||||
run-sequentially = Hardcoded 4444 port.
|
||||
# Bug 1018414: hardcoded localhost doesn't work properly on some OS X installs
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
TEST_DIRS += ['test']
|
||||
|
||||
EXPORTS.mozilla.dom += [
|
||||
'nsCSPContext.h',
|
||||
'nsCSPService.h',
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
[DEFAULT]
|
||||
|
||||
[test_bug768029.html]
|
||||
[test_bug773891.html]
|
|
@ -12,7 +12,7 @@
|
|||
}
|
||||
@font-face {
|
||||
font-family: "arbitrary_bad";
|
||||
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
}
|
||||
|
||||
.div_arbitrary_good { font-family: "arbitrary_good"; }
|
|
@ -0,0 +1,14 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
|
||||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<!--
|
||||
We resue file_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
|
||||
Note, that we are loading the file_path_matchting.js using a scheme of 'https'.
|
||||
-->
|
||||
<script src="https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
|
||||
<catalog>
|
||||
<cd>
|
||||
<title>Empire Burlesque</title>
|
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
|
||||
<catalog>
|
||||
<cd>
|
||||
<title>Empire Burlesque</title>
|
|
@ -0,0 +1,25 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_bug768029.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_bug768029.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_bug768029.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,25 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for csp testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_bug773891.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_bug773891.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_bug773891.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -7,6 +7,6 @@
|
|||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<script src='file_CSP_bug802872.js'></script>
|
||||
<script src='file_bug802872.js'></script>
|
||||
</body>
|
||||
</html>
|
|
@ -8,7 +8,7 @@ function createAllowedEvent() {
|
|||
* Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
|
||||
* 'http://mochi.test', a default-src of 'self' allows this request.
|
||||
*/
|
||||
var src_event = new EventSource("http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
|
||||
var src_event = new EventSource("http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs");
|
||||
|
||||
src_event.onmessage = function(e) {
|
||||
src_event.close();
|
||||
|
@ -26,7 +26,7 @@ function createBlockedEvent() {
|
|||
* creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the
|
||||
* CSP of this page, therefore the CSP blocks this request.
|
||||
*/
|
||||
var src_event = new EventSource("http://example.com/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
|
||||
var src_event = new EventSource("http://example.com/tests/dom/security/test/csp/file_bug802872.sjs");
|
||||
|
||||
src_event.onmessage = function(e) {
|
||||
src_event.close();
|
|
@ -0,0 +1,15 @@
|
|||
<html>
|
||||
<head>
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='/tests/dom/security/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
|
||||
<img src="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
|
||||
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,2 +1,2 @@
|
|||
content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_violation.sjs
|
||||
content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
|
||||
content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_violation.sjs
|
||||
content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
|
|
@ -0,0 +1,15 @@
|
|||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox="allow-same-origin" -->
|
||||
<!-- Content-Security-Policy: default-src 'self' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
|
||||
<!-- these should load ok -->
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
|
||||
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -5,10 +5,10 @@
|
|||
<!-- Content-Security-Policy: default-src 'self' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
|
||||
<!-- these should load ok -->
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,12 @@
|
|||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,12 @@
|
|||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -18,9 +18,9 @@
|
|||
<!-- Content-Security-Policy: default-src 'none' 'unsafe-inline'-->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
|
||||
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
|
||||
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
|
||||
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
|
||||
</body>
|
||||
</html>
|
|
@ -21,8 +21,8 @@
|
|||
<script src='file_iframe_sandbox_pass.js'></script>
|
||||
<body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
|
||||
I am sandboxed but with "allow-scripts"
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
|
||||
|
||||
<form method="get" action="file_iframe_sandbox_form_fail.html" id="a_form">
|
||||
First name: <input type="text" name="firstname">
|
|
@ -39,5 +39,5 @@ function handleRequest(request, response)
|
|||
|
||||
// Send HTML to test allowed/blocked behaviors
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
response.write(loadHTMLFromFile("tests/dom/base/test/csp/file_CSP_bug888172.html"));
|
||||
response.write(loadHTMLFromFile("tests/dom/security/test/csp/file_bug888172.html"));
|
||||
}
|
|
@ -48,5 +48,5 @@ function handleRequest(request, response)
|
|||
response.setHeader("Content-Security-Policy", getPolicy(), false);
|
||||
|
||||
// return the requested XML file.
|
||||
response.write(loadResponseFromFile("tests/dom/base/test/csp/file_CSP_bug910139.xml"));
|
||||
response.write(loadResponseFromFile("tests/dom/security/test/csp/file_bug910139.xml"));
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
|
||||
<catalog>
|
||||
<cd>
|
||||
<title>Empire Burlesque</title>
|
|
@ -3,7 +3,7 @@
|
|||
<body>
|
||||
|
||||
<!-- this should be allowed (no CSP)-->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
|
@ -12,13 +12,13 @@
|
|||
//this should be allowed (no CSP)
|
||||
try {
|
||||
var img = document.createElement("img");
|
||||
img.src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
|
||||
img.src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
|
||||
document.body.appendChild(img);
|
||||
} catch(e) {
|
||||
console.log("yo: "+e);
|
||||
}
|
||||
};
|
||||
req.open("get", "file_CSP_bug941404_xhr.html", true);
|
||||
req.open("get", "file_bug941404_xhr.html", true);
|
||||
req.responseType = "document";
|
||||
req.send();
|
||||
</script>
|
|
@ -7,11 +7,11 @@
|
|||
<script type="text/javascript">
|
||||
|
||||
try {
|
||||
// Please note that file_csp_testserver.sjs?foo does not return a response.
|
||||
// Please note that file_testserver.sjs?foo does not return a response.
|
||||
// For testing purposes this is not necessary because we only want to check
|
||||
// whether CSP allows or blocks the load.
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("GET", "file_csp_testserver.sjs?foo", false);
|
||||
xhr.open("GET", "file_testserver.sjs?foo", false);
|
||||
xhr.send(null);
|
||||
}
|
||||
catch (e) { }
|
|
@ -2,7 +2,7 @@
|
|||
<head>
|
||||
<title>CSP eval script tests</title>
|
||||
<script type="application/javascript"
|
||||
src="file_CSP_evalscript_main.js"></script>
|
||||
src="file_evalscript_main.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
<head>
|
||||
<title>CSP eval script tests</title>
|
||||
<script type="application/javascript"
|
||||
src="file_CSP_evalscript_main_allowed.js"></script>
|
||||
src="file_evalscript_main_allowed.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
|
@ -30,9 +30,9 @@ function handleRequest(request, response)
|
|||
response.setHeader("Content-Type", "text/html", false);
|
||||
response.write('<html><head>');
|
||||
if (query['double'])
|
||||
response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
|
||||
response.write('<script src="file_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
|
||||
else
|
||||
response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
|
||||
response.write('<script src="file_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
|
||||
response.write('</head><body>');
|
||||
response.write(unescape(query['internalframe']));
|
||||
response.write('</body></html>');
|
|
@ -3,7 +3,7 @@
|
|||
<title>CSP frame ancestors tests</title>
|
||||
|
||||
<!-- this page shouldn't have a CSP, just the sub-pages. -->
|
||||
<script src='file_CSP_frameancestors_main.js'></script>
|
||||
<script src='file_frameancestors_main.js'></script>
|
||||
|
||||
</head>
|
||||
<body>
|
|
@ -4,9 +4,9 @@ function setupFrames() {
|
|||
|
||||
var $ = function(v) { return document.getElementById(v); }
|
||||
var base = {
|
||||
self: '/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
|
||||
a: 'http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
|
||||
b: 'http://example.com/tests/dom/base/test/csp/file_CSP_frameancestors.sjs'
|
||||
self: '/tests/dom/security/test/csp/file_frameancestors.sjs',
|
||||
a: 'http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs',
|
||||
b: 'http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs'
|
||||
};
|
||||
|
||||
var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };
|
|
@ -5,7 +5,7 @@
|
|||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<!-- Note, we reuse file_csp_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
|
||||
<script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"></script>
|
||||
<!-- Note, we reuse file_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
|
||||
<script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js"></script>
|
||||
</body>
|
||||
</html>
|
|
@ -5,7 +5,7 @@
|
|||
</head>
|
||||
<body>
|
||||
<!-- Please note that both scripts do *not* exist in the file system -->
|
||||
<script src="http://test1.example.com/tests/dom/base/test/csp/leading_wildcard_allowed.js" ></script>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/leading_wildcard_blocked.js" ></script>
|
||||
<script src="http://test1.example.com/tests/dom/security/test/csp/leading_wildcard_allowed.js" ></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/leading_wildcard_blocked.js" ></script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,7 +1,7 @@
|
|||
<html>
|
||||
<head>
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
|
||||
href='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='file_CSP.sjs?testid=style_good&type=text/css' />
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
|||
}
|
||||
@font-face {
|
||||
font-family: "arbitrary_bad";
|
||||
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
}
|
||||
|
||||
.div_arbitrary_good { font-family: "arbitrary_good"; }
|
||||
|
@ -23,13 +23,13 @@
|
|||
</head>
|
||||
<body>
|
||||
<!-- these should be stopped by CSP. :) -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<audio src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
|
||||
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
<iframe src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<audio src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
<iframe src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
|
||||
<object width="10" height="10">
|
||||
<param name="movie" value="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
|
||||
<embed src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
|
||||
<param name="movie" value="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
|
||||
<embed src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
|
||||
</object>
|
||||
|
||||
<!-- these should load ok. :) -->
|
||||
|
@ -46,7 +46,7 @@
|
|||
<!-- XHR tests... they're taken care of in this script,
|
||||
and since the URI doesn't have any 'testid' values,
|
||||
it will just be ignored by the test framework. -->
|
||||
<script src='file_CSP_main.js'></script>
|
||||
<script src='file_main.js'></script>
|
||||
|
||||
<!-- Support elements for the @font-face test -->
|
||||
<div class="div_arbitrary_good">arbitrary good</div>
|
|
@ -3,14 +3,14 @@
|
|||
|
||||
try {
|
||||
var xhr_good = new XMLHttpRequest();
|
||||
var xhr_good_uri ="http://mochi.test:8888/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_good";
|
||||
var xhr_good_uri ="http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_good";
|
||||
xhr_good.open("GET", xhr_good_uri, true);
|
||||
xhr_good.send(null);
|
||||
} catch(e) {}
|
||||
|
||||
try {
|
||||
var xhr_bad = new XMLHttpRequest();
|
||||
var xhr_bad_uri ="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_bad";
|
||||
var xhr_bad_uri ="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_bad";
|
||||
xhr_bad.open("GET", xhr_bad_uri, true);
|
||||
xhr_bad.send(null);
|
||||
} catch(e) {}
|
|
@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
|
|||
-->
|
||||
<body>
|
||||
<!-- these should be stopped by CSP after fixing bug 717511. :) -->
|
||||
<img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
<img src="http://example.org/tests/dom/security/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/security/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
|
||||
<!-- these should load ok after fixing bug 717511. :) -->
|
||||
<img src="file_CSP.sjs?testid=img_good&type=img/png" />
|
|
@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
|
|||
-->
|
||||
<body>
|
||||
<!-- these should be stopped by CSP after fixing bug 717511. :) -->
|
||||
<img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
|
||||
<img src="http://example.org/tests/dom/security/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/security/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
|
||||
|
||||
<!-- these should load ok after fixing bug 717511. :) -->
|
||||
<img src="file_CSP.sjs?testid=img2_good&type=img/png" />
|
|
@ -29,11 +29,11 @@
|
|||
</script>
|
||||
|
||||
<!-- external scripts -->
|
||||
<script nonce="correctscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
|
||||
<script nonce="anothercorrectscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
|
||||
<script nonce="incorrectscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
|
||||
<script nonce="correctstylenonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
|
||||
<script src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
|
||||
<script nonce="correctscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
|
||||
<script nonce="anothercorrectscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
|
||||
<script nonce="incorrectscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
|
||||
<script nonce="correctstylenonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
|
||||
<script src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
|
||||
|
||||
<!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. -->
|
||||
<script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script>
|
|
@ -5,6 +5,6 @@
|
|||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
|
||||
<script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
|
||||
</body>
|
||||
</html>
|
|
@ -5,6 +5,6 @@
|
|||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/file_csp_path_matching_redirect_server.sjs"></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/file_path_matching_redirect_server.sjs"></script>
|
||||
</body>
|
||||
</html>
|
|
@ -5,7 +5,7 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
|
||||
var newLocation = "http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js";
|
||||
var newLocation = "http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js";
|
||||
|
||||
response.setStatusLine("1.1", 302, "Found");
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче