From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:47:29 +0200 Subject: Adding upstream version 115.8.0esr. Signed-off-by: Daniel Baumann --- .../304-response-should-update-csp.sub.html | 52 ++++++++++++ .../generic/cspro-not-enforced-in-worker.html | 22 +++++ .../cspro-not-enforced-in-worker.html.sub.headers | 1 + .../directive-name-case-insensitive.sub.html | 32 +++++++ .../generic/duplicate-directive.sub.html | 27 ++++++ .../eval-typecheck-callout-order.tentative.html | 28 +++++++ ...-typecheck-callout-order.tentative.html.headers | 1 + .../content-security-policy/generic/fail-0_1.js | 3 + .../filesystem-urls-do-not-match-self.sub.html | 60 +++++++++++++ .../filesystem-urls-match-filesystem.sub.html | 57 +++++++++++++ .../generic/generic-0_1-img-src.html | 38 +++++++++ .../generic/generic-0_1-script-src.html | 38 +++++++++ .../generic/generic-0_10.sub.html | 27 ++++++ .../generic/generic-0_10_1.sub.html | 26 ++++++ .../generic/generic-0_2.html | 28 +++++++ .../generic/generic-0_2_2.sub.html | 26 ++++++ .../generic/generic-0_2_3.html | 26 ++++++ .../generic/generic-0_8.sub.html | 27 ++++++ .../generic/generic-0_8_1.sub.html | 31 +++++++ .../generic/generic-0_9.sub.html | 27 ++++++ .../generic/invalid-characters-in-policy.html | 75 +++++++++++++++++ .../generic/negativeTests.js | 3 + .../generic/no-default-src.sub.html | 41 +++++++++ .../generic/no-default-src.sub.html.sub.headers | 6 ++ .../only-valid-whitespaces-are-allowed.html | 67 +++++++++++++++ .../content-security-policy/generic/pass-0_1.js | 3 + .../generic/policy-does-not-affect-child.sub.html | 24 ++++++ .../policy-inherited-correctly-by-plznavigate.html | 43 ++++++++++ ...rited-correctly-by-plznavigate.html.sub.headers | 5 ++ .../generic/positiveTest.js | 1 + .../generic/support/304-response.py | 33 ++++++++ .../generic/support/eval.js | 2 + .../support/load_img_and_post_result_header.html | 11 +++ ...oad_img_and_post_result_header.html.sub.headers | 1 + .../support/load_img_and_post_result_meta.sub.html | 14 ++++ .../generic/support/log-pass.html | 3 + .../generic/support/sandboxed-eval.sub.html | 4 + .../support/sandboxed-eval.sub.html.sub.headers | 1 + .../generic/test-case.sub.js | 98 ++++++++++++++++++++++ .../content-security-policy/generic/unreached.js | 3 + .../generic/wildcardHostTest.js | 8 ++ .../generic/wildcardHostTestFailure.js | 8 ++ .../generic/wildcardHostTestSuceeds.js | 1 + .../generic/wildcardPortTest.js | 8 ++ .../generic/wildcardPortTestSuceeds.js | 1 + 45 files changed, 1041 insertions(+) create mode 100644 testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/fail-0_1.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_2.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/negativeTests.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/pass-0_1.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/positiveTest.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/304-response.py create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/eval.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/log-pass.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/generic/test-case.sub.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/unreached.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js create mode 100644 testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js (limited to 'testing/web-platform/tests/content-security-policy/generic') diff --git a/testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html b/testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html new file mode 100644 index 0000000000..b16eadaedc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/304-response-should-update-csp.sub.html @@ -0,0 +1,52 @@ + + + + + + Test that a 304 response will update the CSP header + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html new file mode 100644 index 0000000000..784cdc8875 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html @@ -0,0 +1,22 @@ + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers new file mode 100644 index 0000000000..877e192bbf --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy-Report-Only: script-src 'self' 'nonce-abc'; diff --git a/testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html b/testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html new file mode 100644 index 0000000000..c65c59fb23 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/directive-name-case-insensitive.sub.html @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html b/testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html new file mode 100644 index 0000000000..0ab708356c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/duplicate-directive.sub.html @@ -0,0 +1,27 @@ + + + + + + + duplicate-directive + + + + + + + + +

+ This tests the effect of duplicated directives. It passes if the alert_assert() is executed. +

+
+ + + diff --git a/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html new file mode 100644 index 0000000000..0be7cf29a2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html @@ -0,0 +1,28 @@ + + + + + + Test for order of Type(evalInput) and host callout + + +
+ + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers new file mode 100644 index 0000000000..85de8bd415 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'nonce-abc' diff --git a/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js b/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js new file mode 100644 index 0000000000..5c580273dc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/fail-0_1.js @@ -0,0 +1,3 @@ +(function () { + scriptsrc1.step(function() { assert_unreached('Unsafe inline script ran.') }); +})(); diff --git a/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html new file mode 100644 index 0000000000..afb272cf36 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html @@ -0,0 +1,60 @@ + + + + + + + filesystem-urls-do-not-match-self + + + + + + + +

+ filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content.. +

+ +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html new file mode 100644 index 0000000000..f629228f9f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html @@ -0,0 +1,57 @@ + + + + + + + filesystem-urls-match-filesystem + + + + + + + +

+ filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content, but should match filesystem: source. +

+ +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html new file mode 100644 index 0000000000..71ff3219b6 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-img-src.html @@ -0,0 +1,38 @@ + + + + default-src should cascade to img-src directive + + + + + + +

default-src should cascade to img-src directive

+
+ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html new file mode 100644 index 0000000000..b374b8b88e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_1-script-src.html @@ -0,0 +1,38 @@ + + + + default-src should cascade to script-src directive + + + + + + +

default-src should cascade to script-src directive

+
+ + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html new file mode 100644 index 0000000000..62b69fb8fd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10.sub.html @@ -0,0 +1,27 @@ + + + + test implicit port number matching (requires port 80) + + + + + + + + +

test implicit port number matching (requires port 80)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html new file mode 100644 index 0000000000..f48c1e3c56 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_10_1.sub.html @@ -0,0 +1,26 @@ + + + + implicit port number matching fails with a different port + + + + + + + +

implicit port number matching fails with a different port

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html new file mode 100644 index 0000000000..4f295441cd --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2.html @@ -0,0 +1,28 @@ + + + + 'self' keyword positive test + + + + + + + + +

'self' keyword positive test

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html new file mode 100644 index 0000000000..6cb75e31ae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_2.sub.html @@ -0,0 +1,26 @@ + + + + 'self' fails with a different port + + + + + + + +

'self' fails with a different port

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html new file mode 100644 index 0000000000..d9c230d2a5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_2_3.html @@ -0,0 +1,26 @@ + + + + 'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com) + + + + + + + +

'self' fails with a different host (including sub-host e.g. foo.com as self with content from bar.foo.com)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html new file mode 100644 index 0000000000..a9a76c825e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8.sub.html @@ -0,0 +1,27 @@ + + + + test wildcard host name matching (asterisk as a subdomain of the current domain) + + + + + + + +

test wildcard host name matching (asterisk as a subdomain of the current domain)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html new file mode 100644 index 0000000000..c326af0e54 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_8_1.sub.html @@ -0,0 +1,31 @@ + + + + test wildcard host name matching (asterisk as part of a subdomain is not accepted) + + + + + + + +

test wildcard host name matching (asterisk as part of a subdomain is not accepted)

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html new file mode 100644 index 0000000000..564927bd7e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/generic-0_9.sub.html @@ -0,0 +1,27 @@ + + + + test wildcard port number matching + + + + + + + +

test wildcard port number matching

+
+ + diff --git a/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html new file mode 100644 index 0000000000..e46449117f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html @@ -0,0 +1,75 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/negativeTests.js b/testing/web-platform/tests/content-security-policy/generic/negativeTests.js new file mode 100644 index 0000000000..44b4d7f683 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/negativeTests.js @@ -0,0 +1,3 @@ +var t1 = async_test("Prevents access to external scripts."); + +onload = function() {t1.done();} diff --git a/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html new file mode 100644 index 0000000000..9a89ec05ad --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html @@ -0,0 +1,41 @@ + + + + no default src doesn't behave exactly like * + + + + + + + + +

no default src doesn't behave exactly like *

+ This page has a CSP header but an unknown directive. + This should have no impact on an img loaded from a data: + uri, or an inline script, although that would be blocked by a default-src policy of *. +
+ + + +
+ + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers new file mode 100644 index 0000000000..b40d6ffbab --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/no-default-src.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: no-default-src={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: foobar; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html b/testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html new file mode 100644 index 0000000000..9b3636c9fe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/only-valid-whitespaces-are-allowed.html @@ -0,0 +1,67 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js b/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js new file mode 100644 index 0000000000..3a08dd5621 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/pass-0_1.js @@ -0,0 +1,3 @@ +(function () { + allowedScriptRan = true; +})(); diff --git a/testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html b/testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html new file mode 100644 index 0000000000..e36ca477b5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/policy-does-not-affect-child.sub.html @@ -0,0 +1,24 @@ + + + + + + + object-src-url-blocked + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html new file mode 100644 index 0000000000..e21bede418 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html @@ -0,0 +1,43 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers new file mode 100644 index 0000000000..73fb991fb1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Set-Cookie: policy-inherited-correctly-by-plznavigate={{$id:uuid()}}; Path=/content-security-policy/generic/ +Content-Security-Policy: frame-src 'none'; script-src 'self' 'unsafe-inline'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/generic/positiveTest.js b/testing/web-platform/tests/content-security-policy/generic/positiveTest.js new file mode 100644 index 0000000000..15053e055d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/positiveTest.js @@ -0,0 +1 @@ +window.cspPositiveTest = true; diff --git a/testing/web-platform/tests/content-security-policy/generic/support/304-response.py b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py new file mode 100644 index 0000000000..f9756555f7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py @@ -0,0 +1,33 @@ +def main(request, response): + if request.headers.get(b"If-None-Match"): + # we are now receing the second request, we will send back a different CSP + # with the 304 response + response.status = 304 + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"ETag", b"123456")] + return headers, u"" + else: + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"Etag", b"123456")] + return headers, u''' + + + + + + + + +''' diff --git a/testing/web-platform/tests/content-security-policy/generic/support/eval.js b/testing/web-platform/tests/content-security-policy/generic/support/eval.js new file mode 100644 index 0000000000..d8ba2a5589 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/eval.js @@ -0,0 +1,2 @@ +postMessage('unsafe-inline allowed'); +eval("postMessage('unsafe-eval allowed')"); diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html new file mode 100644 index 0000000000..c7a2e75dba --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html @@ -0,0 +1,11 @@ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers new file mode 100644 index 0000000000..e9bf21bab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: {{GET[csp]}} diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html new file mode 100644 index 0000000000..ac0cf39dd0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html @@ -0,0 +1,14 @@ + + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html b/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html new file mode 100644 index 0000000000..4334ea4c66 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html @@ -0,0 +1,3 @@ + diff --git a/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html new file mode 100644 index 0000000000..9480e521de --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers new file mode 100644 index 0000000000..c7e4e7cc5b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: sandbox allow-scripts \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/test-case.sub.js b/testing/web-platform/tests/content-security-policy/generic/test-case.sub.js new file mode 100644 index 0000000000..d9a6494dd3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/test-case.sub.js @@ -0,0 +1,98 @@ +function TestCase(scenarios, sanityChecker) { + function runTest(scenario) { + sanityChecker.checkScenario(scenario, subresourceMap); + + const urls = getRequestURLs(scenario.subresource, + scenario.origin, + scenario.redirection); + + /** @type {Subresource} */ + const subresource = { + subresourceType: scenario.subresource, + url: urls.testUrl, + policyDeliveries: scenario.subresource_policy_deliveries, + }; + + let violationEventResolve; + // Resolved with an array of securitypolicyviolation events. + const violationEventPromise = new Promise(resolve => { + violationEventResolve = resolve; + }); + + promise_test(async t => { + await xhrRequest(urls.announceUrl); + + // Currently only requests from top-level Documents are tested + // (specified by `spec.src.json`) and thus securitypolicyviolation + // events are assumed to be fired on the top-level Document here. + // When adding non-top-level Document tests, securitypolicyviolation + // events should be caught in appropriate contexts. + const violationEvents = []; + const listener = e => { violationEvents.push(e); }; + document.addEventListener('securitypolicyviolation', listener); + + try { + // Send out the real resource request. + // This should tear down the key if it's not blocked. + const mainPromise = invokeRequest(subresource, scenario.source_context_list); + if (scenario.expectation === 'allowed') { + await mainPromise; + } else { + await mainPromise + .then(t.unreached_func('main promise resolved unexpectedly')) + .catch(_ => {}); + } + } finally { + // Always perform post-processing/clean up for + // 'securitypolicyviolation' events and resolve + // `violationEventPromise`, to prevent timeout of the + // promise_test() below. + + // securitypolicyviolation events are fired in a queued task in + // https://w3c.github.io/webappsec-csp/#report-violation + // so wait for queued tasks to run using setTimeout(). + let timeout = 0; + if (scenario.subresource.startsWith('worklet-') && + navigator.userAgent.includes("Firefox/")) { + // https://bugzilla.mozilla.org/show_bug.cgi?id=1808911 + // In Firefox sometimes violations from Worklets are delayed. + timeout = 10; + } + await new Promise(resolve => setTimeout(resolve, timeout)); + + // Pass violation events to `violationEventPromise` (which will be tested + // in the subsequent promise_test()) and clean up the listener. + violationEventResolve(violationEvents); + document.removeEventListener('securitypolicyviolation', listener); + } + + // Send request to check if the key has been torn down. + const assertResult = await xhrRequest(urls.assertUrl); + + // Now check if the value has been torn down. If it's still there, + // we have blocked the request by content security policy. + assert_equals(assertResult.status, scenario.expectation, + "The resource request should be '" + scenario.expectation + "'."); + + }, scenario.test_description); + + promise_test(async _ => { + const violationEvents = await violationEventPromise; + if (scenario.expectation === 'allowed') { + assert_array_equals(violationEvents, [], + 'no violation events should be fired'); + } else { + assert_equals(violationEvents.length, 1, + 'One violation event should be fired'); + } + }, scenario.test_description + ": securitypolicyviolation"); + } // runTest + + function runTests() { + for (const scenario of scenarios) { + runTest(scenario); + } + } + + return {start: runTests}; +} diff --git a/testing/web-platform/tests/content-security-policy/generic/unreached.js b/testing/web-platform/tests/content-security-policy/generic/unreached.js new file mode 100644 index 0000000000..893fb5eba1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/unreached.js @@ -0,0 +1,3 @@ +onload = function() { + t1.step(function() {assert_unreached("Script should not have ran.");}); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js new file mode 100644 index 0000000000..da3e2790f5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTest.js @@ -0,0 +1,8 @@ +wildcardHostTestRan = false; + +onload = function() { + test(function() { + assert_true(wildcardHostTestRan, 'Script should have ran.')}, + "Wildcard host matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js new file mode 100644 index 0000000000..75ec8cf80e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestFailure.js @@ -0,0 +1,8 @@ +wildcardHostTestRan = false; + +onload = function() { + test(function() { + assert_false(wildcardHostTestRan, 'Script should not have ran.')}, + "Wildcard host matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js new file mode 100644 index 0000000000..8b115d7fc4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardHostTestSuceeds.js @@ -0,0 +1 @@ +wildcardHostTestRan = true; diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js new file mode 100644 index 0000000000..3cd1d2eaed --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTest.js @@ -0,0 +1,8 @@ +wildcardPortTestRan = false; + +onload = function() { + test(function() { + assert_true(wildcardPortTestRan, 'Script should have ran.')}, + "Wildcard port matching works." + ); +} diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js new file mode 100644 index 0000000000..0138deb2ee --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcardPortTestSuceeds.js @@ -0,0 +1 @@ +wildcardPortTestRan = true; \ No newline at end of file -- cgit v1.2.3