Adding upstream version 125.0.1.upstream/125.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 111 insertions, 0 deletions

diff --git a/dom/security/test/csp/file_csp_error_messages.html b/dom/security/test/csp/file_csp_error_messages.html
new file mode 100644
index 0000000000..65d26ac57e
--- /dev/null
+++ b/dom/security/test/csp/file_csp_error_messages.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Security-Policy" content="default-src 'nonce-abc';">
+  <title></title>
+</head>
+
+<!-- event handler -->
+<body onload="alert('onload');">
+
+  <!-- img-src -->
+  <img src="image.png">
+
+  <!-- external script -->
+  <script src=script.js></script>
+
+  <!-- inline script -->
+  <script>
+    alert("failure");
+  </script>
+
+  <script nonce="abc">
+    /* worker-src */
+    new Worker("/worker.js")
+  </script>
+
+  <script nonce="abc">
+    // eslint-disable-next-line no-eval
+    eval("hello world");
+  </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/dom/security/test/csp/mochitest.toml b/dom/security/test/csp/mochitest.toml
index 8d8c6c31f5..5dd9a14222 100644
--- a/dom/security/test/csp/mochitest.toml
+++ b/dom/security/test/csp/mochitest.toml
@@ -433,6 +433,9 @@ skip-if = [
 
 ["test_connect-src.html"]
 
+["test_csp_error_messages.html"]
+support-files = ["file_csp_error_messages.html"]
+
 ["test_csp_frame_ancestors_about_blank.html"]
 support-files = [
   "file_csp_frame_ancestors_about_blank.html",
diff --git a/dom/security/test/csp/test_csp_error_messages.html b/dom/security/test/csp/test_csp_error_messages.html
new file mode 100644
index 0000000000..51be37e7c0
--- /dev/null
+++ b/dom/security/test/csp/test_csp_error_messages.html
@@ -0,0 +1,75 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test some specialized CSP errors</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+
+<iframe id="cspframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+SimpleTest.waitForExplicitFinish();
+
+function cleanup() {
+  SpecialPowers.postConsoleSentinel();
+  SimpleTest.finish();
+};
+
+let errors = [];
+function add(name) {
+  ok(!errors.includes(name), `duplicate error for ${name}`);
+  errors.push(name);
+}
+
+SpecialPowers.registerConsoleListener(msg => {
+  if (!msg.errorMessage) {
+    return;
+  }
+
+  let {errorMessage} = msg;
+  function contains(str) {
+    ok(errorMessage.includes(str), `error message contains "${str}"`);
+  }
+
+  if (errorMessage.includes("(script-src-attr)")) {
+    contains("blocked an event handler");
+    contains("from being executed");
+    contains("Source: alert('onload');");
+    add("event handler");
+  } else if (errorMessage.includes("(img-src)")) {
+    contains("blocked the loading of a resource");
+    contains("/image.png");
+    add("image");
+  } else if (errorMessage.includes("an inline script")) {
+    contains("(script-src-elem)");
+    contains("from being executed");
+    add("inline script");
+  } else if (errorMessage.includes("a script")) {
+    contains("(script-src-elem)");
+    contains("from being executed");
+    contains("/script.js");
+    add("script");
+  } else if (errorMessage.includes("(worker-src)")) {
+    contains("(worker-src)");
+    contains("from being executed");
+    contains("/worker.js");
+    add("worker");
+  } else if (errorMessage.includes("a JavaScript eval")) {
+    contains("(script-src)");
+    contains("from being executed");
+    contains("Missing 'unsafe-eval'")
+    add("eval");
+  }
+
+  if (errors.length == 6) {
+    SimpleTest.executeSoon(cleanup);
+  }
+});
+
+document.getElementById('cspframe').src = 'file_csp_error_messages.html';
+</script>
+</body>
+</html>