From c95c32b46d98c83fe3840225df041b884f0ead6e Mon Sep 17 00:00:00 2001
From: Erlend Oftedal <erlend@oftedal.no>
Date: Thu, 10 Dec 2015 13:09:03 +0100
Subject: [PATCH] child-src

---
 app/models/test_case.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/models/test_case.rb b/app/models/test_case.rb
index 01fd8a0..de08738 100644
--- a/app/models/test_case.rb
+++ b/app/models/test_case.rb
@@ -174,6 +174,10 @@ def self.load_1_1_draft()
         self.testcase(true,   "Plugin-types bare - allowed",    "default-src 'self'; plugin-types application/x-shockwave-flash", "",   {:load_part => "flash", :query => "pass=true"}, 1.1)        
         self.testcase(false,  "Plugin-types bare - disallowed", "default-src 'self'; plugin-types application/x-shockwave-flash", "", {:load_part => "flash", :query => "pass=false"}, 1.1)        
 
+        self.create_testcases("child",      "child-src",  "iframe.erb",       "")
+        self.testcase(false, "Iframe set to 'self' + base",   "child-src 'self'", "iframe.erb", { :head_content => '<base href="{other_host}" />', :include_other_host => true  })
+        self.testcase(true,  "Iframe with data-uri allowed",    "default-src 'self'; child-src data: ",  "iframe_data.erb", { :include_host => true })
+        self.testcase(false, "Iframe with data-uri disallowed", "default-src 'self'; child-src 'self'",  "iframe_data.erb", { :include_host => true })
 
     end
 
@@ -194,4 +198,4 @@ def self.create_testcase_list_standard(type, directive, value, template, additio
         self.testcase(true,  "Load " + type + " from " + directive + " " + value,     "default-src 'none'; " + directive + " " + value + additional,      template, options, version)
         self.testcase(false, "Load " + type + " from " + directive + " 'none'",       "default-src " + value + "; " + directive + " 'none'" + additional, template, options, version)
     end
-end
\ No newline at end of file
+end