Skip to content

Commit

Permalink
Fixing data URI tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@eoftedal
eoftedal committed Sep 28, 2012
1 parent cf4b123 commit fc092b0
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions app/models/test_case.rb
View file
Expand Up @@ -66,15 +66,15 @@ def self.load()
end
def self.load_1_0()
self.create_testcases("stylesheet", "style-src", "linked_style.erb", "")
self.testcase(true, "Style in data-uri allowed", "default-src 'self'; style-src data: ", "linked_style_data.erb")
self.testcase(false, "Style in data-uri disallowed", "default-src 'self'; style-src 'self'", "linked_style_data.erb")
self.testcase(true, "Style in data-uri allowed", "default-src 'self'; style-src data: ", "linked_style_data.erb", { :include_host => true })
self.testcase(false, "Style in data-uri disallowed", "default-src 'self'; style-src 'self'", "linked_style_data.erb", { :include_host => true })
self.testcase(true, "Use inline styles", "default-src 'self'; style-src 'self' 'unsafe-inline'", "inline_style.erb")
self.testcase(false, "Use inline styles violation", "style-src 'self'", "inline_style.erb")
self.testcase(true, "Use inline style attributes", "style-src 'self' 'unsafe-inline'", "inline_style_attr.erb")
self.testcase(false, "Use inline style attributes violation", "style-src 'self'", "inline_style_attr.erb")
self.create_testcases("script", "script-src", "linked_script.erb","")
self.testcase(true, "Script in data-uri allowed", "default-src 'self'; script-src data: ", "linked_script_data.erb")
self.testcase(false, "Script in data-uri disallowed", "default-src 'self'; script-src 'self'", "linked_script_data.erb")
self.testcase(true, "Script in data-uri allowed", "default-src 'self'; script-src data: ", "linked_script_data.erb", { :include_host => true })
self.testcase(false, "Script in data-uri disallowed", "default-src 'self'; script-src 'self'", "linked_script_data.erb", { :include_host => true })
self.testcase(true, "Use inline script", "script-src 'unsafe-inline'", "inline_script_tag.erb")
self.testcase(false, "Use inline script violation", "script-src 'self'", "inline_script_tag.erb")
self.testcase(true, "Use inline script in event handler", "script-src 'unsafe-inline'", "inline_script_eventhandler.erb")
Expand Down

0 comments on commit fc092b0

Please sign in to comment.