diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
commit | 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch) | |
tree | a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html | |
parent | Initial commit. (diff) | |
download | firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip |
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html new file mode 100644 index 0000000000..e46449117f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html @@ -0,0 +1,75 @@ +<!DOCTYPE HTML> +<html> +<head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script> + var tests = [ + // Make sure that csp works properly in normal situations + { + "csp": "", + "expected": true, + "name": "Should load image without any CSP", + }, + { + "csp": "img-src 'none';", + "expected": false, + "name": "Should not load image with 'none' CSP", + }, + + // Now test with non-ASCII characters. + { + "csp": "img-src 'none' \u00A1invalid-source; style-src 'none'", + "expected": true, + "name": "Non-ASCII character in directive value should drop the whole directive.", + }, + { + "csp": "img-src ‘none’;", + "expected": true, + "name": "Non-ASCII quote character in directive value should drop the whole directive.", + }, + { + "csp": "img-src 'none'; style-src \u00A1invalid-source 'none'", + "expected": false, + "name": "Non-ASCII character in directive value should not affect other directives.", + }, + { + "csp": "img-src 'none'; style\u00A1-src 'none'", + "expected": false, + "name": "Non-ASCII character in directive name should not affect other directives.", + }, + ]; + + tests.forEach(test => { + async_test(t => { + var url = "support/load_img_and_post_result_meta.sub.html?csp=" + + encodeURIComponent(test.csp); + test_image_loads_as_expected(test, t, url); + }, test.name + " - meta tag"); + + async_test(t => { + var url = "support/load_img_and_post_result_header.html?csp=" + + encodeURIComponent(test.csp); + test_image_loads_as_expected(test, t, url); + }, test.name + " - HTTP header"); + }); + + function test_image_loads_as_expected(test, t, url) { + var i = document.createElement('iframe'); + i.src = url; + window.addEventListener('message', t.step_func(function(e) { + if (e.source != i.contentWindow) return; + if (test.expected) { + assert_equals(e.data, "img loaded"); + } else { + assert_equals(e.data, "img not loaded"); + } + t.done(); + })); + document.body.appendChild(i); + } + </script> +</body> +</html> |