diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html new file mode 100644 index 0000000000..e46449117f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html @@ -0,0 +1,75 @@ +<!DOCTYPE HTML> +<html> +<head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script> + var tests = [ + // Make sure that csp works properly in normal situations + { + "csp": "", + "expected": true, + "name": "Should load image without any CSP", + }, + { + "csp": "img-src 'none';", + "expected": false, + "name": "Should not load image with 'none' CSP", + }, + + // Now test with non-ASCII characters. + { + "csp": "img-src 'none' \u00A1invalid-source; style-src 'none'", + "expected": true, + "name": "Non-ASCII character in directive value should drop the whole directive.", + }, + { + "csp": "img-src ‘none’;", + "expected": true, + "name": "Non-ASCII quote character in directive value should drop the whole directive.", + }, + { + "csp": "img-src 'none'; style-src \u00A1invalid-source 'none'", + "expected": false, + "name": "Non-ASCII character in directive value should not affect other directives.", + }, + { + "csp": "img-src 'none'; style\u00A1-src 'none'", + "expected": false, + "name": "Non-ASCII character in directive name should not affect other directives.", + }, + ]; + + tests.forEach(test => { + async_test(t => { + var url = "support/load_img_and_post_result_meta.sub.html?csp=" + + encodeURIComponent(test.csp); + test_image_loads_as_expected(test, t, url); + }, test.name + " - meta tag"); + + async_test(t => { + var url = "support/load_img_and_post_result_header.html?csp=" + + encodeURIComponent(test.csp); + test_image_loads_as_expected(test, t, url); + }, test.name + " - HTTP header"); + }); + + function test_image_loads_as_expected(test, t, url) { + var i = document.createElement('iframe'); + i.src = url; + window.addEventListener('message', t.step_func(function(e) { + if (e.source != i.contentWindow) return; + if (test.expected) { + assert_equals(e.data, "img loaded"); + } else { + assert_equals(e.data, "img not loaded"); + } + t.done(); + })); + document.body.appendChild(i); + } + </script> +</body> +</html> |