Skip to content

Commit

Permalink
Adding tests for CSP header trusted-types 'none' 'none' cases.
Browse files Browse the repository at this point in the history 
https://bugs.webkit.org/show_bug.cgi?id=273625

Reviewed by Manuel Rego Casasnovas.

When multiple 'none' are specified, it should just behave the same as one 'none'.

* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none-name-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none-name.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none.html: Added.

Canonical link: https://commits.webkit.org/278908@main
  • Loading branch information
@ziransun
ziransun committed May 17, 2024
1 parent b64d047 commit e78bb9b
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 0 deletions.
10 changes: 10 additions & 0 deletions ...tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none-expected.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
CONSOLE MESSAGE: Invalid policy name in 'trusted-types' Content Security Policy directive: 'none'. Note that 'none' has no effect unless it is the only expression.

CONSOLE MESSAGE: Invalid policy name in 'trusted-types' Content Security Policy directive: 'none'. Note that 'none' has no effect unless it is the only expression.

CONSOLE MESSAGE: Refused to create a TrustedTypePolicy named 'SomeName' because it violates the following Content Security Policy directive: "trusted-types 'none' 'none'"
CONSOLE MESSAGE: Refused to create a TrustedTypePolicy named 'default' because it violates the following Content Security Policy directive: "trusted-types 'none' 'none'"

PASS Cannot create policy with name 'SomeName' - policy creation throws
PASS Cannot create policy with name 'default' - policy creation throws

9 changes: 9 additions & 0 deletions .../trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none-name-expected.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
CONSOLE MESSAGE: Invalid policy name in 'trusted-types' Content Security Policy directive: 'none'. Note that 'none' has no effect unless it is the only expression.

CONSOLE MESSAGE: Invalid policy name in 'trusted-types' Content Security Policy directive: 'none'. Note that 'none' has no effect unless it is the only expression.

CONSOLE MESSAGE: Refused to create a TrustedTypePolicy named 'default' because it violates the following Content Security Policy directive: "trusted-types 'none' 'none' SomeName"

PASS Can create policy with name 'SomeName'
PASS Cannot create policy with name 'default' - policy creation throws

17 changes: 17 additions & 0 deletions ...rm-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none-name.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<!DOCTYPE html>
<script src="/resources/testharness.js" ></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<meta http-equiv="Content-Security-Policy" content="trusted-types 'none' 'none' SomeName">
<body>
<script>
test(t => {
window.trustedTypes.createPolicy('SomeName', { createHTML: s => s } );
}, "Can create policy with name 'SomeName'");

test(t => {
assert_throws_js(TypeError, _ => {
window.trustedTypes.createPolicy('default', { createHTML: s => s } );
});
}, "Cannot create policy with name 'default' - policy creation throws");
</script>
20 changes: 20 additions & 0 deletions ...latform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-none.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<!DOCTYPE html>
<script src="/resources/testharness.js" ></script>
<script src="/resources/testharnessreport.js"></script>
<script src="support/helper.sub.js"></script>
<!-- This should behave the same as one `none` case and the case when no policy specified. -->
<meta http-equiv="Content-Security-Policy" content="trusted-types 'none' 'none'">
<body>
<script>
test(t => {
assert_throws_js(TypeError, _ => {
window.trustedTypes.createPolicy('SomeName', { createHTML: s => s } );
});
}, "Cannot create policy with name 'SomeName' - policy creation throws");

test(t => {
assert_throws_js(TypeError, _ => {
window.trustedTypes.createPolicy('default', { createHTML: s => s } );
});
}, "Cannot create policy with name 'default' - policy creation throws");
</script>

0 comments on commit e78bb9b

Please sign in to comment.