-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5184 from w3c/chromium-export-try
CSP: Upstream worker tests to WPT repository.
- Loading branch information
Showing
12 changed files
with
294 additions
and
2 deletions.
There are no files selected for viewing
44 changes: 44 additions & 0 deletions
44
content-security-policy/inside-worker/dedicated-inheritance.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| <!DOCTYPE html> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
|
|
||
| <meta http-equiv="content-security-policy" content="connect-src 'self'"> | ||
| <script> | ||
| // External URLs inherit policy. | ||
| fetch_tests_from_worker(new Worker("./support/connect-src-self.sub.js")); | ||
| fetch_tests_from_worker(new Worker("./support/connect-src-self.sub.js?pipe=sub|header(Content-Security-Policy,connect-src 'none')")); | ||
| fetch_tests_from_worker(new Worker("./support/connect-src-self.sub.js?pipe=sub|header(Content-Security-Policy,connect-src *)")); | ||
| fetch_tests_from_worker(new Worker("./support/connect-src-self.sub.js?pipe=sub|header(Content-Security-Policy,default-src 'none')")); | ||
| fetch_tests_from_worker(new Worker("./support/connect-src-self.sub.js?pipe=sub|header(Content-Security-Policy,default-src *)")); | ||
|
|
||
| async_test(t => { | ||
| fetch("./support/connect-src-self.sub.js") | ||
| .then(r => r.blob()) | ||
| .then(b => { | ||
| // 'blob:' URLs inherit policy. | ||
| var u = URL.createObjectURL(b); | ||
| fetch_tests_from_worker(new Worker(u)); | ||
|
|
||
| if (!window.webkitRequestFileSystem) | ||
| return t.done(); | ||
|
|
||
|
|
||
| // 'filesystem:' urls inherit policy. | ||
| window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => { | ||
| fs.root.getFile('dedicated-inheritance-worker.js', { create: true }, entry => { | ||
| entry.createWriter(w => { | ||
| w.onwriteend = _ => { | ||
| var u = entry.toURL(); | ||
| fetch_tests_from_worker(new Worker(u)); | ||
|
|
||
| // explicit_done: yay. | ||
| t.done(); | ||
| }; | ||
| w.onerror = _ => t.unreached_func(); | ||
| w.write(b); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| }, "Filesystem and blob."); | ||
| </script> |
44 changes: 44 additions & 0 deletions
44
content-security-policy/inside-worker/dedicated-script.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| <!DOCTYPE html> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
|
|
||
| <meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-a' blob: filesystem:"> | ||
| <script nonce="a"> | ||
| // External URLs inherit policy: the header delivered with the script resource is ignored. | ||
| fetch_tests_from_worker(new Worker("./support/script-src-self.sub.js")); | ||
| fetch_tests_from_worker(new Worker("./support/script-src-self.sub.js?pipe=sub|header(Content-Security-Policy,script-src 'none')")); | ||
| fetch_tests_from_worker(new Worker("./support/script-src-self.sub.js?pipe=sub|header(Content-Security-Policy,script-src *)")); | ||
| fetch_tests_from_worker(new Worker("./support/script-src-self.sub.js?pipe=sub|header(Content-Security-Policy,default-src 'none')")); | ||
| fetch_tests_from_worker(new Worker("./support/script-src-self.sub.js?pipe=sub|header(Content-Security-Policy,default-src *)")); | ||
|
|
||
| async_test(t => { | ||
| fetch("./support/script-src-self.sub.js") | ||
| .then(r => r.blob()) | ||
| .then(b => { | ||
| // 'blob:' URLs inherit policy. | ||
| var u = URL.createObjectURL(b); | ||
| fetch_tests_from_worker(new Worker(u)); | ||
|
|
||
| if (!window.webkitRequestFileSystem) | ||
| return t.done(); | ||
|
|
||
|
|
||
| // 'filesystem:' urls inherit policy. | ||
| window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => { | ||
| fs.root.getFile('dedicated-script-worker.js', { create: true }, entry => { | ||
| entry.createWriter(w => { | ||
| w.onwriteend = _ => { | ||
| var u = entry.toURL(); | ||
| fetch_tests_from_worker(new Worker(u)); | ||
|
|
||
| // explicit_done: yay. | ||
| t.done(); | ||
| }; | ||
| w.onerror = _ => t.unreached_func(); | ||
| w.write(b); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| }, "Filesystem and blob."); | ||
| </script> |
11 changes: 11 additions & 0 deletions
11
content-security-policy/inside-worker/shared-inheritance.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| <!DOCTYPE html> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
|
|
||
| <meta http-equiv="content-security-policy" content="connect-src 'self'"> | ||
| <script> | ||
| // SharedWorkers do not inherit policy. | ||
| fetch_tests_from_worker(new SharedWorker("./support/connect-src-allow.sub.js")); | ||
| fetch_tests_from_worker(new SharedWorker("./support/connect-src-self.sub.js?pipe=sub|header(Content-Security-Policy,connect-src 'self')")); | ||
| fetch_tests_from_worker(new SharedWorker("./support/connect-src-self.sub.js?pipe=sub|header(Content-Security-Policy,default-src 'self')")); | ||
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| <!DOCTYPE html> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
|
|
||
| <meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-a' blob: filesystem:"> | ||
| <script nonce="a"> | ||
| // SharedWorker URLs do not inherit policy. | ||
| fetch_tests_from_worker(new SharedWorker("./support/script-src-allow.sub.js")); | ||
| fetch_tests_from_worker(new SharedWorker("./support/script-src-self.sub.js?pipe=sub|header(Content-Security-Policy,script-src 'self'")); | ||
| fetch_tests_from_worker(new SharedWorker("./support/script-src-self.sub.js?pipe=sub|header(Content-Security-Policy,default-src 'self'")); | ||
| </script> |
59 changes: 59 additions & 0 deletions
59
content-security-policy/inside-worker/support/connect-src-allow.sub.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| importScripts("{{location[server]}}/resources/testharness.js"); | ||
| importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); | ||
|
|
||
| // Same-origin | ||
| async_test(t => { | ||
| var url = "{{location[server]}}/content-security-policy/support/resource.py?same-origin-fetch"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| fetch(url) | ||
| .then(t.step_func_done(r => assert_equals(r.status, 200))); | ||
| }, "Same-origin 'fetch()' in " + self.location.protocol + self.location.search); | ||
|
|
||
| async_test(t => { | ||
| var url = "{{location[server]}}/content-security-policy/support/resource.py?same-origin-xhr"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| var xhr = new XMLHttpRequest(); | ||
| try { | ||
| xhr.open("GET", url); | ||
| t.done(); | ||
| } catch (e) { | ||
| assert_unreached(); | ||
| } | ||
| xhr.send(); | ||
| }, "Same-origin XHR in " + self.location.protocol + self.location.search); | ||
|
|
||
| // Cross-origin | ||
| async_test(t => { | ||
| var url = "http://{{domains[www]}}:{{ports[http][1]}}/content-security-policy/support/resource.py?cross-origin-fetch"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| fetch(url) | ||
| .then(t.step_func_done(r => assert_equals(r.status, 200))); | ||
| }, "Cross-origin 'fetch()' in " + self.location.protocol + self.location.search); | ||
|
|
||
| async_test(t => { | ||
| var url = "http://{{domains[www]}}:{{ports[http][1]}}/content-security-policy/support/resource.py?cross-origin-xhr"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| var xhr = new XMLHttpRequest(); | ||
| try { | ||
| xhr.open("GET", url); | ||
| t.done(); | ||
| } catch (e) { | ||
| assert_unreached(); | ||
| } | ||
| xhr.send(); | ||
| }, "Cross-origin XHR in " + self.location.protocol + self.location.search); | ||
|
|
||
| // Same-origin redirecting to cross-origin | ||
| async_test(t => { | ||
| var url = "{{location[server]}}/common/redirect-opt-in.py?status=307&location=http://{{domains[www]}}:{{ports[http][1]}}/content-security-policy/support/resource.py?cross-origin-fetch"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| fetch(url) | ||
| .then(t.step_func_done(r => assert_equals(r.status, 200))); | ||
| }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + self.location.search); | ||
|
|
||
| done(); |
64 changes: 64 additions & 0 deletions
64
content-security-policy/inside-worker/support/connect-src-self.sub.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| importScripts("{{location[server]}}/resources/testharness.js"); | ||
| importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); | ||
|
|
||
| // Same-origin | ||
| async_test(t => { | ||
| var url = "{{location[server]}}/common/text-plain.txt?same-origin-fetch"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| fetch(url) | ||
| .then(t.step_func_done(r => assert_equals(r.status, 200))); | ||
| }, "Same-origin 'fetch()' in " + self.location.protocol + self.location.search); | ||
|
|
||
| async_test(t => { | ||
| var url = "{{location[server]}}/common/text-plain.txt?same-origin-xhr"; | ||
| assert_no_csp_event_for_url(t, url); | ||
|
|
||
| var xhr = new XMLHttpRequest(); | ||
| try { | ||
| xhr.open("GET", url); | ||
| t.done(); | ||
| } catch (e) { | ||
| assert_unreached(); | ||
| } | ||
| xhr.send(); | ||
| }, "Same-origin XHR in " + self.location.protocol + self.location.search); | ||
|
|
||
| // Cross-origin | ||
| async_test(t => { | ||
| var url = "http://{{domains[www]}}:{{ports[http][1]}}/common/text-plain.txt?cross-origin-fetch"; | ||
|
|
||
| Promise.all([ | ||
| waitUntilCSPEventForURL(t, url), | ||
| fetch(url) | ||
| .catch(t.step_func(e => assert_true(e instanceof TypeError))) | ||
| ]).then(_ => t.done()); | ||
| }, "Cross-origin 'fetch()' in " + self.location.protocol + self.location.search); | ||
|
|
||
| async_test(t => { | ||
| var url = "http://{{domains[www]}}:{{ports[http][1]}}/common/text-plain.txt?cross-origin-xhr"; | ||
|
|
||
| Promise.all([ | ||
| waitUntilCSPEventForURL(t, url), | ||
| new Promise((resolve, reject) => { | ||
| var xhr = new XMLHttpRequest(); | ||
| try { | ||
| xhr.open("GET", url); | ||
| reject("xhr.open should have thrown"); | ||
| } catch (e) { | ||
| resolve(); | ||
| } | ||
| }) | ||
| ]).then(_ => t.done()); | ||
| }, "Cross-origin XHR in " + self.location.protocol + self.location.search); | ||
|
|
||
| // Same-origin redirecting to cross-origin | ||
| async_test(t => { | ||
| var url = "{{location[server]}}/common/redirect-opt-in.py?status=307&location=http://{{domains[www]}}:{{ports[http][1]}}/common/text-plain.txt?cross-origin-fetch"; | ||
| // TODO(mkwst): The event should be firing. :( | ||
|
|
||
| fetch(url) | ||
| .catch(t.step_func_done(e => assert_true(e instanceof TypeError))) | ||
| }, "Same-origin => cross-origin 'fetch()' in " + self.location.protocol + self.location.search); | ||
|
|
||
| done(); |
18 changes: 18 additions & 0 deletions
18
content-security-policy/inside-worker/support/script-src-allow.sub.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| importScripts("{{location[server]}}/resources/testharness.js"); | ||
|
|
||
| test(t => { | ||
| importScripts("http://{{domains[www]}}:{{ports[http][1]}}/content-security-policy/support/testharness-helper.js"); | ||
| }, "Cross-origin `importScripts()` not blocked in " + self.location.protocol + self.location.search); | ||
|
|
||
| test(t => { | ||
| assert_equals(2, eval("1+1")); | ||
| assert_equals(2, (new Function("return 1+1;"))()); | ||
| }, "`eval()` not blocked in " + self.location.protocol + self.location.search); | ||
|
|
||
| async_test(t => { | ||
| self.callback = t.step_func_done(); | ||
|
|
||
| setTimeout("self.callback();", 1); | ||
| }, "`setTimeout([string])` not blocked in " + self.location.protocol + self.location.search); | ||
|
|
||
| done(); |
31 changes: 31 additions & 0 deletions
31
content-security-policy/inside-worker/support/script-src-self.sub.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| importScripts("{{location[server]}}/resources/testharness.js"); | ||
| importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); | ||
|
|
||
| test(t => { | ||
| self.a = false; | ||
| assert_throws("NetworkError", | ||
| _ => importScripts("http://{{domains[www]}}:{{ports[http][1]}}/content-security-policy/support/var-a.js"), | ||
| "importScripts should throw `NetworkError`"); | ||
| assert_false(self.a); | ||
| }, "Cross-origin `importScripts()` blocked in " + self.location.protocol + self.location.search); | ||
|
|
||
| test(t => { | ||
| assert_throws(EvalError(), | ||
| _ => eval("1 + 1"), | ||
| "`eval()` should throw 'EvalError'."); | ||
|
|
||
| assert_throws(EvalError(), | ||
| _ => new Function("1 + 1"), | ||
| "`new Function()` should throw 'EvalError'."); | ||
| }, "`eval()` blocked in " + self.location.protocol + self.location.search); | ||
|
|
||
| async_test(t => { | ||
| waitUntilCSPEventForEval(t, 27) | ||
| .then(t.step_func_done()); | ||
|
|
||
| self.setTimeoutTest = t; | ||
| var result = setTimeout("(self.setTimeoutTest.unreached_func('setTimeout([string]) should not execute.'))()", 1); | ||
| assert_equals(result, 0); | ||
| }, "`setTimeout([string])` blocked in " + self.location.protocol + self.location.search); | ||
|
|
||
| done(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| self.a = true; |
Submodule resources
updated
4 files
| +6 −6 | docs/api.md | |
| +23 −70 | idlharness.js | |
| +6 −56 | testharness.js | |
| +6 −1 | testharnessreport.js |
Submodule tools
updated
27 files
| +0 −2 | .travis.yml | |
| +0 −1 | appveyor.yml | |
| +34 −108 | lint/lint.py | |
| +0 −1 | lint/tests/dummy/dependency.html | |
| +0 −1 | lint/tests/dummy/ref/absolute.html | |
| +0 −0 | lint/tests/dummy/ref/existent_relative-ref.html | |
| +0 −1 | lint/tests/dummy/ref/existent_relative.html | |
| +0 −1 | lint/tests/dummy/ref/existent_root_relative.html | |
| +0 −1 | lint/tests/dummy/ref/non_existent_relative.html | |
| +0 −1 | lint/tests/dummy/ref/non_existent_root_relative.html | |
| +0 −1 | lint/tests/dummy/ref/same_file_empty.html | |
| +0 −1 | lint/tests/dummy/ref/same_file_path.html | |
| +2 −122 | lint/tests/test_file_lints.py | |
| +10 −144 | lint/tests/test_lint.py | |
| +3 −3 | lint/tests/test_path_lints.py | |
| +0 −17 | manifest/item.py | |
| +1 −5 | manifest/log.py | |
| +7 −56 | manifest/sourcefile.py | |
| +5 −124 | manifest/tests/test_sourcefile.py | |
| +3 −1 | runner/index.html | |
| +8 −4 | runner/runner.css | |
| +18 −24 | runner/runner.js | |
| +18 −68 | serve/serve.py | |
| +4 −15 | sslutils/openssl.py | |
| +1 −1 | tox.ini | |
| +1 −1 | webdriver | |
| +1 −1 | wptserve |