-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3acf677
commit f784549
Showing
6 changed files
with
96 additions
and
87 deletions.
There are no files selected for viewing
33 changes: 15 additions & 18 deletions
33
content-security-policy/connect-src/connect-src-json-import-allowed.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,24 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <meta http-equiv="Content-Security-Policy" content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';"> | ||
| <head> | ||
| <title>connect-src-json-import-allowed</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src='../support/logTest.sub.js?logs=["allowed"]'></script> | ||
| <script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
| </head> | ||
| </head> | ||
|
|
||
| <body> | ||
| <body> | ||
| <script> | ||
| window.addEventListener('securitypolicyviolation', function(e) { | ||
| log("blocked"); | ||
| }); | ||
|
|
||
| import("./resources/dummy.json", { with: { type: "json" } }).then( | ||
| () => { log("allowed") }, | ||
| () => { log("error") }, | ||
| ) | ||
| promise_test(async (t) => { | ||
| window.addEventListener( | ||
| "securitypolicyviolation", | ||
| t.unreached_func("No security policy violation should be raised.") | ||
| ); | ||
| return import("./resources/dummy.json", { with: { type: "json" } }); | ||
| }, "import should be allowed"); | ||
| </script> | ||
| <div id="log"></div> | ||
| </body> | ||
|
|
||
| </body> | ||
| </html> |
38 changes: 22 additions & 16 deletions
38
content-security-policy/connect-src/connect-src-json-import-blocked.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,33 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <meta http-equiv="Content-Security-Policy" content="connect-src 'none'; script-src 'self' 'unsafe-inline';"> | ||
| <head> | ||
| <title>connect-src-json-import-blocked</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="connect-src 'none'; script-src 'self' 'unsafe-inline';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src='../support/logTest.sub.js?logs=["allowed"]'></script> | ||
| <script src="../support/alertAssert.sub.js?alerts=[]"></script> | ||
| </head> | ||
| </head> | ||
|
|
||
| <body> | ||
| <body> | ||
| <script> | ||
| window.addEventListener('securitypolicyviolation', function(e) { | ||
| log("blocked"); | ||
| promise_test((t) => { | ||
| let spv = new Promise((resolve, reject) => { | ||
| window.addEventListener("securitypolicyviolation", (e) => { | ||
| if (e.blockedURI.endsWith("dummy.json")) { | ||
| resolve(); | ||
| } else { | ||
| reject(); | ||
| } | ||
| }); | ||
| }); | ||
|
|
||
| import("./resources/dummy.json", { with: { type: "json" } }).then( | ||
| () => { log("allowed") }, | ||
| () => { log("error") }, | ||
| ) | ||
| return Promise.all([ | ||
| promise_rejects_js(t, Error, import("./resources/dummy.json", { with: { type: "json" } })), | ||
| check_spv, | ||
| ]); | ||
| }); | ||
| </script> | ||
| <div id="log"></div> | ||
| </body> | ||
|
|
||
| </body> | ||
| </html> |
27 changes: 0 additions & 27 deletions
27
content-security-policy/style-src/import-declaration-style-allowed.sub.html
This file was deleted.
Oops, something went wrong.
26 changes: 0 additions & 26 deletions
26
content-security-policy/style-src/import-declaration-style-blocked.sub.html
This file was deleted.
Oops, something went wrong.
24 changes: 24 additions & 0 deletions
24
content-security-policy/style-src/import-style-allowed.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <title>import-style-allowed</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="style-src 'unsafe-inline' 'self' 'http://{{domains[www1]}}:{{ports[http][0]}}'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| </head> | ||
|
|
||
| <body> | ||
| <script> | ||
| promise_test(async (t) => { | ||
| window.addEventListener( | ||
| "securitypolicyviolation", | ||
| t.unreached_func("No security policy violation should be raised.") | ||
| ); | ||
| return import("./resources/allowed.css", { with: { type: "css" } }); | ||
| }, "import should be allowed"); | ||
| </script> | ||
| </body> | ||
| </html> |
35 changes: 35 additions & 0 deletions
35
content-security-policy/style-src/import-style-blocked.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <title>import-style-disallowed</title> | ||
| <meta | ||
| http-equiv="Content-Security-Policy" | ||
| content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self';" | ||
| /> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| </head> | ||
|
|
||
| <body> | ||
| <body> | ||
| <script> | ||
| promise_test((t) => { | ||
| let spv = new Promise((resolve, reject) => { | ||
| window.addEventListener("securitypolicyviolation", (e) => { | ||
| if (e.blockedURI.endsWith("blocked.css")) { | ||
| resolve(); | ||
| } else { | ||
| reject(); | ||
| } | ||
| }); | ||
| }); | ||
|
|
||
| return Promise.all([ | ||
| promise_rejects_js(t, Error, import("./resources/blocked.css", { with: { type: "css" } })), | ||
| check_spv, | ||
| ]); | ||
| }); | ||
| </script> | ||
| </body> | ||
| </body> | ||
| </html> |