third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html - Issue 2436003002: CSP: Add 'script-sample' to violation reports.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html

Issue 2436003002: CSP: Add 'script-sample' to violation reports. (Closed)

Patch Set: Rebase Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/style-sample.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 <!doctype html>

	2 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc'; styl e-src 'self'; img-src 'none'">

	3 <script nonce="abc" src="/resources/testharness.js"></script>

	4 <script nonce="abc" src="/resources/testharnessreport.js"></script>

	5 <body>

	6 <script nonce="abc">

	7 function waitForViolation(el) {

	8 return new Promise(resolve => {

	9 el.addEventListener('securitypolicyviolation', e => resolve(e));

	10 });

	11 }

	12

	13 async_test(t => {

	14 var s = document.createElement('script');

	15 s.innerText = "assert_unreached('inline script block')";

	16

	17 waitForViolation(s)

	18 .then(t.step_func_done(e => {

	19 assert_equals(e.blockedURI, "inline");

	20 assert_equals(e.sample, "");

	21 }));

	22

	23 document.head.append(s);

	24 }, "Inline script should not have a sample.");

	25

	26 async_test(t => {

	27 var a = document.createElement("a");

	28 a.setAttribute("onclick", "assert_unreached('inline event handler')");

	29

	30 waitForViolation(a)

	31 .then(t.step_func_done(e => {

	32 assert_equals(e.blockedURI, "inline");

	33 assert_equals(e.sample, "");

	34 }));

	35

	36 document.body.append(a);

	37 a.click();

	38 }, "Inline event handlers should not have a sample.");

	39

	40 async_test(t => {

	41 var i = document.createElement("iframe");

	42 i.src = "javascript:'inline url'";

	43

	44 waitForViolation(i)

	45 .then(t.step_func_done(e => {

	46 assert_equals(e.blockedURI, "inline");

	47 assert_equals(e.sample, "");

	48 }));

	49

	50 document.body.append(i);

	51 }, "JavaScript URLs in iframes should not have a sample.");

	52

	53 async_test(t => {

	54 document.addEventListener('securitypolicyviolation', t.step_func(e => {

	55 if (e.blockedURI != "eval")

	56 return;

	57

	58 assert_equals(e.sample, "");

	59 t.done();

	60 }));

	61 try {

	62 eval("assert_unreached('eval')");

	63 assert_unreached('eval');

	64 } catch (e) {

	65 }

	66 }, "eval() should not have a sample.");

	67 </script>

OLD	NEW