Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(881)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html

Issue 2436003002: CSP: Add 'script-sample' to violation reports. (Closed)
Patch Set: Rebase Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/style-sample.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html
new file mode 100644
index 0000000000000000000000000000000000000000..36104d4ee4ddc9aebd0fe96ba1d9a8006ea45645
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html
@@ -0,0 +1,67 @@
+<!doctype html>
+<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc'; style-src 'self'; img-src 'none'">
+<script nonce="abc" src="/resources/testharness.js"></script>
+<script nonce="abc" src="/resources/testharnessreport.js"></script>
+<body>
+<script nonce="abc">
+ function waitForViolation(el) {
+ return new Promise(resolve => {
+ el.addEventListener('securitypolicyviolation', e => resolve(e));
+ });
+ }
+
+ async_test(t => {
+ var s = document.createElement('script');
+ s.innerText = "assert_unreached('inline script block')";
+
+ waitForViolation(s)
+ .then(t.step_func_done(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.sample, "");
+ }));
+
+ document.head.append(s);
+ }, "Inline script should not have a sample.");
+
+ async_test(t => {
+ var a = document.createElement("a");
+ a.setAttribute("onclick", "assert_unreached('inline event handler')");
+
+ waitForViolation(a)
+ .then(t.step_func_done(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.sample, "");
+ }));
+
+ document.body.append(a);
+ a.click();
+ }, "Inline event handlers should not have a sample.");
+
+ async_test(t => {
+ var i = document.createElement("iframe");
+ i.src = "javascript:'inline url'";
+
+ waitForViolation(i)
+ .then(t.step_func_done(e => {
+ assert_equals(e.blockedURI, "inline");
+ assert_equals(e.sample, "");
+ }));
+
+ document.body.append(i);
+ }, "JavaScript URLs in iframes should not have a sample.");
+
+ async_test(t => {
+ document.addEventListener('securitypolicyviolation', t.step_func(e => {
+ if (e.blockedURI != "eval")
+ return;
+
+ assert_equals(e.sample, "");
+ t.done();
+ }));
+ try {
+ eval("assert_unreached('eval')");
+ assert_unreached('eval');
+ } catch (e) {
+ }
+ }, "eval() should not have a sample.");
+</script>
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/script-sample.html ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/style-sample.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698