diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
| commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
| tree | f435a8308119effd964b339f76abb83a57c29483 /testing/web-platform/tests/fenced-frame/csp-transparent-url.https.html | |
| parent | Initial commit. (diff) | |
| download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip | |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fenced-frame/csp-transparent-url.https.html')
| -rw-r--r-- | testing/web-platform/tests/fenced-frame/csp-transparent-url.https.html | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fenced-frame/csp-transparent-url.https.html b/testing/web-platform/tests/fenced-frame/csp-transparent-url.https.html new file mode 100644 index 0000000000..c1c815d49e --- /dev/null +++ b/testing/web-platform/tests/fenced-frame/csp-transparent-url.https.html @@ -0,0 +1,53 @@ +<!DOCTYPE html> +<title>Test transparent url navigated in fenced frame interacting with CSP</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<script src="/common/dispatcher/dispatcher.js"></script> +<script src="resources/utils.js"></script> + +<body> +<script> +function setupCSP(csp) { + let meta = document.createElement('meta'); + meta.httpEquiv = "Content-Security-Policy"; + meta.content = "fenced-frame-src " + csp; + document.head.appendChild(meta); +} + +const allowedCSPs = ["*", "https:", "'self'"]; +allowedCSPs.forEach((csp) => { + promise_test(async(t) => { + setupCSP(csp); + + t.step_timeout(t.unreached_func( + "The fenced frame should load for CSP fenced-frame-src " + csp), 3000); + + const fencedframe = attachFencedFrameContext(); + await fencedframe.execute(() => {}); + }, "Fenced frame loaded for CSP fenced-frame-src " + csp); +}); + +const blockedCSPs = ["'none'"]; +blockedCSPs.forEach((csp) => { + promise_test(async(t) => { + setupCSP(csp); + + const csp_violation = new Promise(resolve => { + window.addEventListener("securitypolicyviolation", resolve); + }); + + const fencedframe = attachFencedFrameContext(); + + const fencedframe_loaded = fencedframe.execute(() => {}); + fencedframe_loaded.then(t.unreached_func( + "The fenced frame should not load for CSP fenced-frame-src " + csp)); + + const csp_violation_event = await csp_violation; + const remote_url = getRemoteContextURL(location.origin).toString(); + assert_true(csp_violation_event.blockedURI.includes(remote_url), + "blockedURI should include the url"); + }, "Fenced frame blocked for CSP fenced-frame-src " + csp); +}); +</script> +</body> |