72 lines
2.7 KiB
HTML
72 lines
2.7 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
|
|
<head>
|
|
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
|
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-nonceynonce' 'sha256-9UFeeZbvnMa0tLNu76v96T4Hh+UtDWHm2lPQJoTWb9c='; connect-src 'self';">
|
|
<title>scripthash-unicode-normalization</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
</head>
|
|
|
|
<body>
|
|
<!-- The following two scripts contain two separate code points (U+00C5
|
|
and U+212B, respectively) which, depending on your text editor, might be
|
|
rendered the same.However, their difference is important because, under
|
|
NFC normalization, they would become the same code point, which would be
|
|
against the spec. This test, therefore, validates that the scripts have
|
|
*different* hash values. -->
|
|
<script nonce="nonceynonce">
|
|
var t_spv = async_test("Should fire securitypolicyviolation");
|
|
window.addEventListener('securitypolicyviolation', t_spv.step_func_done(function(e) {
|
|
assert_equals(e.violatedDirective, "script-src-elem");
|
|
}));
|
|
|
|
var matchingContent = 'Å';
|
|
var nonMatchingContent = 'Å';
|
|
|
|
// This script should have a hash value of
|
|
// sha256-9UFeeZbvnMa0tLNu76v96T4Hh+UtDWHm2lPQJoTWb9c=
|
|
var scriptContent1 = "window.finish('" + matchingContent + "');";
|
|
|
|
// This script should have a hash value of
|
|
// sha256-iNjjXUXds31FFvkAmbC74Sxnvreug3PzGtu16udQyqM=
|
|
var scriptContent2 = "window.finish('" + nonMatchingContent + "');";
|
|
|
|
var script1 = document.createElement('script');
|
|
var script2 = document.createElement('script');
|
|
|
|
script1.test = async_test("Only matching content runs even with NFC normalization.");
|
|
|
|
var failure = function() {
|
|
assert_unreached();
|
|
}
|
|
|
|
window.finish = function(content) {
|
|
if (content == matchingContent) {
|
|
script1.test.step(function() {
|
|
script1.test.done();
|
|
});
|
|
} else {
|
|
script1.test.step(function() {
|
|
assert_unreached("nonMatchingContent script ran");
|
|
});
|
|
}
|
|
}
|
|
|
|
script1.onerror = failure;
|
|
|
|
document.body.appendChild(script2);
|
|
script2.textContent = scriptContent2;
|
|
document.body.appendChild(script1);
|
|
script1.textContent = scriptContent1;
|
|
</script>
|
|
|
|
<p>
|
|
This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken.
|
|
</p>
|
|
<div id="log"></div>
|
|
</body>
|
|
|
|
</html>
|