-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9504d6f
commit 2924187
Showing
4 changed files
with
96 additions
and
70 deletions.
There are no files selected for viewing
33 changes: 15 additions & 18 deletions
33
content-security-policy/connect-src/connect-src-json-import-allowed.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,24 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';"> | ||
| <head> | ||
| <title>connect-src-json-import-allowed</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src='../support/logTest.sub.js?logs=["allowed"]'></script> | ||
| <script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
| </head> | ||
| </head> | ||
|
|
||
| <body> | ||
| <body> | ||
| <script> | ||
| window.addEventListener('securitypolicyviolation', function(e) { | ||
| log("blocked"); | ||
| }); | ||
|
|
||
| import("./resources/dummy.json", { with: { type: "json" } }).then( | ||
| () => { log("allowed") }, | ||
| () => { log("error") }, | ||
| ) | ||
| promise_test(async (t) => { | ||
| window.addEventListener( | ||
| "securitypolicyviolation", | ||
| t.unreached_func("No security policy violation should be raised.") | ||
| ); | ||
| return import("./resources/dummy.json", { with: { type: "json" } }); | ||
| }, "import should be allowed"); | ||
| </script> | ||
| <div id="log"></div> | ||
| </body> | ||
|
|
||
| </body> | ||
| </html> |
39 changes: 22 additions & 17 deletions
39
content-security-policy/connect-src/connect-src-json-import-blocked.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,32 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <meta http-equiv="Content-Security-Policy" content="connect-src 'none'; script-src 'self' 'unsafe-inline';"> | ||
| <title>connect-src-json-import-blocked</title> | ||
| <head> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="connect-src 'none'; script-src 'self' 'unsafe-inline';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src='../support/logTest.sub.js?logs=["allowed"]'></script> | ||
| <script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
| </head> | ||
| </head> | ||
|
|
||
| <body> | ||
| <body> | ||
| <script> | ||
| window.addEventListener('securitypolicyviolation', function(e) { | ||
| log("blocked"); | ||
| promise_test((t) => { | ||
| let spv = new Promise((resolve, reject) => { | ||
| window.addEventListener("securitypolicyviolation", (e) => { | ||
| if (e.blockedURI.endsWith("dummy.json")) { | ||
| resolve(); | ||
| } else { | ||
| reject(); | ||
| } | ||
| }); | ||
| }); | ||
|
|
||
| import("./resources/dummy.json", { with: { type: "json" } }).then( | ||
| () => { log("allowed") }, | ||
| () => { log("error") }, | ||
| ) | ||
| return Promise.all([ | ||
| promise_rejects_js(t, Error, import("./resources/dummy.json", { with: { type: "json" } })), | ||
| check_spv, | ||
| ]); | ||
| }); | ||
| </script> | ||
| <div id="log"></div> | ||
| </body> | ||
|
|
||
| </body> | ||
| </html> |
40 changes: 24 additions & 16 deletions
40
content-security-policy/style-src/import-declaration-style-allowed.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,35 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> | ||
| <meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline' 'self' 'http://{{domains[www1]}}:{{ports[http][0]}}'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';"> | ||
| <head> | ||
| <title>import-declaration-style-allowed</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src='../support/logTest.sub.js?logs=["PASS"]'></script> | ||
| <script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
| </head> | ||
|
|
||
| <body> | ||
| <script> | ||
| window.addEventListener('securitypolicyviolation', function(e) { | ||
| log("FAIL"); | ||
| promise_test(async (t) => { | ||
| window.addEventListener( | ||
| "securitypolicyviolation", | ||
| t.unreached_func("No security policy violation should be raised.") | ||
| ); | ||
|
|
||
| let load = new Promise((resolve, reject) => { | ||
| globalThis.onLoadSuccess = resolve; | ||
| globalThis.onLoadError = reject; | ||
| }); | ||
| </script> | ||
| </head> | ||
|
|
||
| <body> | ||
| <script type="module"> | ||
| import "./resources/allowed.css" assert { type: "css" }; | ||
| log('PASS'); | ||
| return load; | ||
| }, "import should be allowed"); | ||
| </script> | ||
| <div id="log"></div> | ||
| </body> | ||
|
|
||
| <script type="module" onerror="onLoadError()"> | ||
| import "./resources/allowed.css" with { type: "css" }; | ||
| onLoadSuccess(); | ||
| </script> | ||
| </body> | ||
| </html> |
54 changes: 35 additions & 19 deletions
54
content-security-policy/style-src/import-declaration-style-blocked.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,26 +1,42 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';"> | ||
| <title>import-declaration-style-blocked</title> | ||
| <head> | ||
| <title>import-declaration-style-disallowed</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src='../support/logTest.sub.js?logs=["PASS"]'></script> | ||
| <script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
| <script> | ||
| window.addEventListener('securitypolicyviolation', function(e) { | ||
| log("FAIL"); | ||
| }); | ||
| </script> | ||
| </head> | ||
| </head> | ||
|
|
||
| <body> | ||
| <body> | ||
| <script> | ||
| promise_test(async (t) => { | ||
| let check_spv = new Promise((resolve, reject) => { | ||
| window.addEventListener("securitypolicyviolation", (e) => { | ||
| if (e.blockedURI.endsWith("blocked.css")) { | ||
| resolve(); | ||
| } else { | ||
| reject(); | ||
| } | ||
| }); | ||
| }); | ||
|
|
||
| let load = new Promise((resolve, reject) => { | ||
| globalThis.onLoadSuccess = resolve; | ||
| globalThis.onLoadError = reject; | ||
| }); | ||
|
|
||
| <body> | ||
| <script type="module" onerror="log('PASS')"> | ||
| import "./resources/blocked.css" assert { type: "css" }; | ||
| log('FAIL'); | ||
| </script> | ||
| <div id="log"></div> | ||
| </body> | ||
| return Promise.all([promise_rejects_js(t, Error, load), check_spv]); | ||
| }, "import should be allowed"); | ||
| </script> | ||
|
|
||
| <script type="module" onerror="onLoadError()"> | ||
| import "./resources/blocked.css" with { type: "css" }; | ||
| onLoadSuccess(); | ||
| </script> | ||
| </body> | ||
| </body> | ||
| </html> |