summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:33 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:33 +0000
commit086c044dc34dfc0f74fbe41f4ecb402b2cd34884 (patch)
treea4f824bd33cb075dd5aa3eb5a0a94af221bbe83a /dom/security/test/csp
parentAdding debian version 124.0.1-1. (diff)
downloadfirefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.tar.xz
firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.zip
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp')
-rw-r--r--dom/security/test/csp/file_csp_error_messages.html33
-rw-r--r--dom/security/test/csp/mochitest.toml3
-rw-r--r--dom/security/test/csp/test_csp_error_messages.html75
3 files changed, 111 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_csp_error_messages.html b/dom/security/test/csp/file_csp_error_messages.html
new file mode 100644
index 0000000000..65d26ac57e
--- /dev/null
+++ b/dom/security/test/csp/file_csp_error_messages.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta http-equiv="Content-Security-Policy" content="default-src 'nonce-abc';">
+ <title></title>
+</head>
+
+<!-- event handler -->
+<body onload="alert('onload');">
+
+ <!-- img-src -->
+ <img src="image.png">
+
+ <!-- external script -->
+ <script src=script.js></script>
+
+ <!-- inline script -->
+ <script>
+ alert("failure");
+ </script>
+
+ <script nonce="abc">
+ /* worker-src */
+ new Worker("/worker.js")
+ </script>
+
+ <script nonce="abc">
+ // eslint-disable-next-line no-eval
+ eval("hello world");
+ </script>
+</body>
+</html> \ No newline at end of file
diff --git a/dom/security/test/csp/mochitest.toml b/dom/security/test/csp/mochitest.toml
index 8d8c6c31f5..5dd9a14222 100644
--- a/dom/security/test/csp/mochitest.toml
+++ b/dom/security/test/csp/mochitest.toml
@@ -433,6 +433,9 @@ skip-if = [
["test_connect-src.html"]
+["test_csp_error_messages.html"]
+support-files = ["file_csp_error_messages.html"]
+
["test_csp_frame_ancestors_about_blank.html"]
support-files = [
"file_csp_frame_ancestors_about_blank.html",
diff --git a/dom/security/test/csp/test_csp_error_messages.html b/dom/security/test/csp/test_csp_error_messages.html
new file mode 100644
index 0000000000..51be37e7c0
--- /dev/null
+++ b/dom/security/test/csp/test_csp_error_messages.html
@@ -0,0 +1,75 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Test some specialized CSP errors</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+
+<iframe id="cspframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+SimpleTest.waitForExplicitFinish();
+
+function cleanup() {
+ SpecialPowers.postConsoleSentinel();
+ SimpleTest.finish();
+};
+
+let errors = [];
+function add(name) {
+ ok(!errors.includes(name), `duplicate error for ${name}`);
+ errors.push(name);
+}
+
+SpecialPowers.registerConsoleListener(msg => {
+ if (!msg.errorMessage) {
+ return;
+ }
+
+ let {errorMessage} = msg;
+ function contains(str) {
+ ok(errorMessage.includes(str), `error message contains "${str}"`);
+ }
+
+ if (errorMessage.includes("(script-src-attr)")) {
+ contains("blocked an event handler");
+ contains("from being executed");
+ contains("Source: alert('onload');");
+ add("event handler");
+ } else if (errorMessage.includes("(img-src)")) {
+ contains("blocked the loading of a resource");
+ contains("/image.png");
+ add("image");
+ } else if (errorMessage.includes("an inline script")) {
+ contains("(script-src-elem)");
+ contains("from being executed");
+ add("inline script");
+ } else if (errorMessage.includes("a script")) {
+ contains("(script-src-elem)");
+ contains("from being executed");
+ contains("/script.js");
+ add("script");
+ } else if (errorMessage.includes("(worker-src)")) {
+ contains("(worker-src)");
+ contains("from being executed");
+ contains("/worker.js");
+ add("worker");
+ } else if (errorMessage.includes("a JavaScript eval")) {
+ contains("(script-src)");
+ contains("from being executed");
+ contains("Missing 'unsafe-eval'")
+ add("eval");
+ }
+
+ if (errors.length == 6) {
+ SimpleTest.executeSoon(cleanup);
+ }
+});
+
+document.getElementById('cspframe').src = 'file_csp_error_messages.html';
+</script>
+</body>
+</html>