summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html')
-rw-r--r--testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html75
1 files changed, 75 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html
new file mode 100644
index 0000000000..e46449117f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html
@@ -0,0 +1,75 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+ <script>
+ var tests = [
+ // Make sure that csp works properly in normal situations
+ {
+ "csp": "",
+ "expected": true,
+ "name": "Should load image without any CSP",
+ },
+ {
+ "csp": "img-src 'none';",
+ "expected": false,
+ "name": "Should not load image with 'none' CSP",
+ },
+
+ // Now test with non-ASCII characters.
+ {
+ "csp": "img-src 'none' \u00A1invalid-source; style-src 'none'",
+ "expected": true,
+ "name": "Non-ASCII character in directive value should drop the whole directive.",
+ },
+ {
+ "csp": "img-src ‘none’;",
+ "expected": true,
+ "name": "Non-ASCII quote character in directive value should drop the whole directive.",
+ },
+ {
+ "csp": "img-src 'none'; style-src \u00A1invalid-source 'none'",
+ "expected": false,
+ "name": "Non-ASCII character in directive value should not affect other directives.",
+ },
+ {
+ "csp": "img-src 'none'; style\u00A1-src 'none'",
+ "expected": false,
+ "name": "Non-ASCII character in directive name should not affect other directives.",
+ },
+ ];
+
+ tests.forEach(test => {
+ async_test(t => {
+ var url = "support/load_img_and_post_result_meta.sub.html?csp="
+ + encodeURIComponent(test.csp);
+ test_image_loads_as_expected(test, t, url);
+ }, test.name + " - meta tag");
+
+ async_test(t => {
+ var url = "support/load_img_and_post_result_header.html?csp="
+ + encodeURIComponent(test.csp);
+ test_image_loads_as_expected(test, t, url);
+ }, test.name + " - HTTP header");
+ });
+
+ function test_image_loads_as_expected(test, t, url) {
+ var i = document.createElement('iframe');
+ i.src = url;
+ window.addEventListener('message', t.step_func(function(e) {
+ if (e.source != i.contentWindow) return;
+ if (test.expected) {
+ assert_equals(e.data, "img loaded");
+ } else {
+ assert_equals(e.data, "img not loaded");
+ }
+ t.done();
+ }));
+ document.body.appendChild(i);
+ }
+ </script>
+</body>
+</html>