diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:29 +0000 |
commit | 59203c63bb777a3bacec32fb8830fba33540e809 (patch) | |
tree | 58298e711c0ff0575818c30485b44a2f21bf28a0 /testing/web-platform/tests/content-security-policy/generic | |
parent | Adding upstream version 126.0.1. (diff) | |
download | firefox-59203c63bb777a3bacec32fb8830fba33540e809.tar.xz firefox-59203c63bb777a3bacec32fb8830fba33540e809.zip |
Adding upstream version 127.0.upstream/127.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic')
2 files changed, 78 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/case-insensitive-scheme.sub.html b/testing/web-platform/tests/content-security-policy/generic/case-insensitive-scheme.sub.html new file mode 100644 index 0000000000..7225cd359f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/case-insensitive-scheme.sub.html @@ -0,0 +1,51 @@ +<!DOCTYPE HTML> +<html> +<head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script> + let tests = [ + { + "csp": "img-src http://{{host}}:{{ports[http][0]}}/", + "name": "Lowercase `http` should allow the image to load.", + }, + { + "csp": "img-src HtTp://{{host}}:{{ports[http][0]}}/", + "name": "Mixed-case `http` should allow the image to load.", + }, + { + "csp": "img-src HTTP://{{host}}:{{ports[http][0]}}/", + "name": "Uppercase `http` should allow the image to load.", + }, + ]; + + tests.forEach(test => { + async_test(t => { + let url = "support/load_img_and_post_result_meta.sub.html?csp=" + + encodeURIComponent(test.csp); + test_image_loads_as_expected(test, t, url); + }, test.name + " - meta tag"); + + async_test(t => { + let url = "support/load_img_and_post_result_header.html?csp=" + + encodeURIComponent(test.csp); + test_image_loads_as_expected(test, t, url); + }, test.name + " - HTTP header"); + }); + + function test_image_loads_as_expected(test, t, url) { + let i = document.createElement('iframe'); + i.src = url; + window.addEventListener('message', t.step_func(function(e) { + if (e.source != i.contentWindow) return; + assert_equals(e.data, "img loaded"); + t.done(); + })); + document.body.appendChild(i); + } + </script> +</body> +</html> + diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js b/testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js new file mode 100644 index 0000000000..d210cc6670 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js @@ -0,0 +1,27 @@ +setup(_ => { + const meta = document.createElement("meta"); + meta.httpEquiv = "content-security-policy"; + meta.content = "img-src http://*:{{ports[http][0]}}"; + document.head.appendChild(meta); +}); + +async_test((t) => { + const img = document.createElement("img"); + img.onerror = t.step_func_done(); + img.onload = t.unreached_func("`data:` image should have been blocked."); + img.src = "" +}, "Host wildcard doesn't affect scheme matching."); + +async_test((t) => { + const img = document.createElement("img"); + img.onload = t.step_func_done(); + img.onerror = t.unreached_func("Image from www2 host should have loaded."); + img.src = "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/pass.png"; +}, "Host wildcard allows arbitrary hosts (www1)."); + +async_test((t) => { + const img = document.createElement("img"); + img.onload = t.step_func_done(); + img.onerror = t.unreached_func("Image from www2 host should have loaded."); + img.src = "http://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/pass.png"; +}, "Host wildcard allows arbitrary hosts (www2)."); |