/
helper.js
73 lines (63 loc) · 2.13 KB
/
helper.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
window.waitForOneSecurityPolicyViolationEvent = expectedBlockedURI => {
return new Promise(resolve => {
let eventCount = 0;
let blockedURI = null;
document.addEventListener("securitypolicyviolation", e => {
++eventCount;
blockedURI = e.blockedURI;
// We want to test that only one event is fired, but we want to do so
// without waiting indefinitely. By waiting for one tick, we at least
// ensure that there's no bug that leads to two securitypolicyviolation
// events being fired at the same time, as a result of the one violation.
step_timeout(() => {
assert_equals(eventCount, 1);
resolve(blockedURI);
});
});
});
};
window.waitForImgFail = imgSrc => {
return new Promise((resolve, reject) => {
const img = document.createElement("img");
img.onload = () => reject(new Error("Must not load the image"));
img.onerror = () => resolve();
img.src = imgSrc;
document.body.append(img);
});
};
window.waitForImgSuccess = imgSrc => {
return new Promise((resolve, reject) => {
const img = document.createElement("img");
img.onload = () => resolve();
img.onerror = () => reject(new Error("Must load the image"));
img.src = imgSrc;
document.body.append(img);
});
};
// Both params are optional; if they are not given as booleans then we will not test that aspect.
window.runCSPTest = ({ unsafeEval, img }) => {
if (unsafeEval === true) {
test(() => {
eval("window.evalAllowed = true;");
assert_equals(window.evalAllowed, true);
}, "eval must be allowed");
} else if (unsafeEval === false) {
test(() => {
try {
eval("window.evalAllowed = true;");
} catch (e) { }
assert_equals(window.evalAllowed, undefined);
}, "eval must be disallowed");
}
if (img === true) {
promise_test(
() => waitForImgSuccess("/common/security-features/subresource/image.py"),
"img loading must be allowed"
);
} else if (img === false) {
promise_test(
() => waitForImgFail("/common/security-features/subresource/image.py"),
"img loading must be disallowed"
);
}
};