web-platform-tests · sideshowbarker · Oct 29, 2023 · Aug 28, 2023 · Oct 10, 2023 · Oct 10, 2023
diff --git a/common/dummy.json b/common/dummy.json
@@ -0,0 +1 @@
+{}
diff --git a/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html b/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>connect-src-json-import-allowed</title>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="connect-src 'self'; script-src http://{{host}}:{{ports[http][0]}}/resources/testharness.js http://{{host}}:{{ports[http][0]}}/resources/testharnessreport.js 'unsafe-inline';"
+    />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+
+  <body>
+    <script>
+      promise_test(t => new Promise((resolve, reject) => {
+        window.addEventListener("securitypolicyviolation", (err) => {
+          if (err.blockedURI.endsWith("/common/dummy.json")) {
+            reject("Should not raise securitypolicyviolation.");
+          }
+        });
+        import("/common/dummy.json", { with: { type: "json" } }).then(resolve, reject)
+      }), "import should be allowed");
+    </script>
+  </body>
+</html>
diff --git a/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html b/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>connect-src-json-import-blocked</title>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="connect-src 'none'; script-src 'self' 'unsafe-inline';"
+    />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+
+  <body>
+    <script>
+      promise_test((t) => {
+        let check_spv = new Promise((resolve) => {
+          window.addEventListener("securitypolicyviolation", (e) => {
+            if (e.blockedURI.endsWith("dummy.json")) {
+              resolve();
+            }
+          });
+        });
+
+        return Promise.all([
+          promise_rejects_js(t, TypeError, import("/common/dummy.json", { with: { type: "json" } })),
+          check_spv,
+        ]);
+      });
+    </script>
+  </body>
+</html>
diff --git a/content-security-policy/style-src/import-style-allowed.sub.html b/content-security-policy/style-src/import-style-allowed.sub.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>import-style-allowed</title>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="style-src 'unsafe-inline' 'self'; script-src http://{{host}}:{{ports[http][0]}}/resources/testharness.js http://{{host}}:{{ports[http][0]}}/resources/testharnessreport.js 'unsafe-inline' 'unsafe-inline'; connect-src 'self';"
+    />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+
+  <body>
+    <script>
+      promise_test(t => new Promise((resolve, reject) => {
+        window.addEventListener("securitypolicyviolation", (err) => {
+          if (err.blockedURI.endsWith("/resources/allowed.css")) {
+            reject("Should not raise securitypolicyviolation.");
+          }
+        });
+        import("./resources/allowed.css", { with: { type: "css" } }).then(resolve, reject)
+      }), "import should be allowed");
+    </script>
+  </body>
+</html>
diff --git a/content-security-policy/style-src/import-style-blocked.sub.html b/content-security-policy/style-src/import-style-blocked.sub.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>import-style-disallowed</title>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self';"
+    />
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+
+  <body>
+    <body>
+      <script>
+        promise_test((t) => {
+          let check_spv = new Promise((resolve, reject) => {
+            window.addEventListener("securitypolicyviolation", (e) => {
+              if (e.blockedURI.endsWith("blocked.css")) {
+                resolve();
+              }
+            });
+          });
+
+          return Promise.all([
+            promise_rejects_js(t, TypeError, import("./resources/blocked.css", { with: { type: "css" } })),
+            check_spv,
+          ]);
+        });
+      </script>
+    </body>
+  </body>
+</html>
diff --git a/content-security-policy/style-src/resources/blocked.css b/content-security-policy/style-src/resources/blocked.css
@@ -0,0 +1,3 @@
+#test {
+  color: red;
+}
diff --git a/fetch/api/request/destination/fetch-destination.https.html b/fetch/api/request/destination/fetch-destination.https.html
@@ -194,6 +194,40 @@
   });
 }, 'HTMLLinkElement with rel=stylesheet fetches with a "style" Request.destination');
 
+// Import declaration with `type: "css"` - style destination
+promise_test(t => {
+  return new Promise((resolve, reject) => {
+      frame.contentWindow.onerror = reject;
+
+      let node = frame.contentWindow.document.createElement("script");
+      node.onload = resolve;
+      node.onerror = reject;
+      node.src = "import-declaration-type-css.js";
+      node.type = "module";
+      frame.contentWindow.document.body.appendChild(node);
+  }).then(() => {
+    frame.contentWindow.onerror = null;
+  });
+}, 'Import declaration with `type: "css"` fetches with a "style" Request.destination');
+
+// JSON destination
+///////////////////
+
+// Import declaration with `type: "json"` - json destination
+promise_test(t => {
+  return new Promise((resolve, reject) => {
+      frame.contentWindow.onerror = reject;
+      let node = frame.contentWindow.document.createElement("script");
+      node.onload = resolve;
+      node.onerror = reject;
+      node.src = "import-declaration-type-json.js";
+      node.type = "module";
+      frame.contentWindow.document.body.appendChild(node);
+  }).then(() => {
+    frame.contentWindow.onerror = null;
+  });
+}, 'Import declaration with `type: "json"` fetches with a "json" Request.destination');
+
 // Preload tests
 ////////////////
 // HTMLLinkElement with rel=preload and as=fetch - empty string destination
@@ -232,6 +266,22 @@
   });
 }, 'HTMLLinkElement with rel=preload and as=style fetches with a "style" Request.destination');
 
+// HTMLLinkElement with rel=preload and as=json - json destination
+promise_test(t => {
+  return new Promise((resolve, reject) => {
+      let node = frame.contentWindow.document.createElement("link");
+      node.rel = "preload";
+      node.as = "json";
+      if (node.as != "json") {
+        resolve();
+      }
+      node.onload = resolve;
+      node.onerror = reject;
+      node.href = "dummy.json?t=2&dest=json";
+      frame.contentWindow.document.body.appendChild(node);
+  });
+}, 'HTMLLinkElement with rel=preload and as=json fetches with a "json" Request.destination');
+
 // HTMLLinkElement with rel=preload and as=script - script destination
 promise_test(async t => {
   await new Promise((resolve, reject) => {

diff --git a/fetch/api/request/destination/resources/dummy.css b/fetch/api/request/destination/resources/dummy.css
diff --git a/fetch/api/request/destination/resources/dummy.json b/fetch/api/request/destination/resources/dummy.json
@@ -0,0 +1 @@
+{}
diff --git a/fetch/api/request/destination/resources/import-declaration-type-css.js b/fetch/api/request/destination/resources/import-declaration-type-css.js
@@ -0,0 +1 @@
+import "./dummy.css?dest=style" with { type: "css" };
diff --git a/fetch/api/request/destination/resources/import-declaration-type-json.js b/fetch/api/request/destination/resources/import-declaration-type-json.js
@@ -0,0 +1 @@
+import "./dummy.json?dest=json" with { type: "json" };
diff --git a/preload/modulepreload-as.html b/preload/modulepreload-as.html
@@ -11,6 +11,7 @@
 <link rel="modulepreload" href="resources/module1.js?frame" as="frame" data-as="frame">
 <link rel="modulepreload" href="resources/module1.js?iframe" as="iframe" data-as="iframe">
 <link rel="modulepreload" href="resources/module1.js?image" as="image" data-as="image">
+<link rel="modulepreload" href="resources/module1.js?json" as="json" data-as="json">
 <link rel="modulepreload" href="resources/module1.js?manifest" as="manifest" data-as="manifest">
 <link rel="modulepreload" href="resources/module1.js?object" as="object" data-as="object">
 <link rel="modulepreload" href="resources/module1.js?paintworklet" as="paintworklet" data-as="paintworklet">

diff --git a/preload/preload-csp.sub.html b/preload/preload-csp.sub.html
@@ -1,12 +1,13 @@
 <!DOCTYPE html>
-<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none';">
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none'; connect-src 'none'">
 <title>Makes sure that preload requests respect CSP</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
 <script src="/preload/resources/preload_helper.js"></script>
 <link rel=preload href="http://{{host}}:{{ports[http][1]}}/preload/resources/stash-put.py?key={{uuid()}}" as=style>
 <link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=style>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=json>
 <link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=image>
 <link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=font crossorigin>
 <link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=video>

diff --git a/preload/preload-type-match.html b/preload/preload-type-match.html
@@ -13,7 +13,8 @@
     ttf: '/fonts/Ahem.ttf',
     script: 'resources/dummy.js',
     css: 'resources/dummy.css',
-    track: '/media/foo.vtt'
+    track: '/media/foo.vtt',
+    json: '/common/dummy.json',
 }
 
 function test_type_with_destination(type, as, resourceType, expect) {
@@ -68,4 +69,10 @@
 test_type_with_destination('text/plain', 'track', 'track', 'timeout');
 test_type_with_destination('not-a-mime', 'track', 'track', 'timeout');
 
+test_type_with_destination('application/json', 'json', 'json', 'load');
+test_type_with_destination('text/json', 'json', 'json', 'load');
+test_type_with_destination('application/geo+json', 'json', 'json', 'load');
+test_type_with_destination('text/plain', 'json', 'json', 'timeout');
+test_type_with_destination('application/javascript', 'json', 'json', 'timeout');
+
 </script>
diff --git a/preload/reflected-as-value.html b/preload/reflected-as-value.html
@@ -14,6 +14,7 @@
     "audio": "audio",
     "track": "track",
     "fetch": "fetch",
+    "json": "json",
   };
   var link = document.createElement("link");
   var keys = Object.keys(values);