summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_csp_error_messages.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/test_csp_error_messages.html')
-rw-r--r--dom/security/test/csp/test_csp_error_messages.html75
1 files changed, 75 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_csp_error_messages.html b/dom/security/test/csp/test_csp_error_messages.html
new file mode 100644
index 0000000000..51be37e7c0
--- /dev/null
+++ b/dom/security/test/csp/test_csp_error_messages.html
@@ -0,0 +1,75 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Test some specialized CSP errors</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+
+<iframe id="cspframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+SimpleTest.waitForExplicitFinish();
+
+function cleanup() {
+ SpecialPowers.postConsoleSentinel();
+ SimpleTest.finish();
+};
+
+let errors = [];
+function add(name) {
+ ok(!errors.includes(name), `duplicate error for ${name}`);
+ errors.push(name);
+}
+
+SpecialPowers.registerConsoleListener(msg => {
+ if (!msg.errorMessage) {
+ return;
+ }
+
+ let {errorMessage} = msg;
+ function contains(str) {
+ ok(errorMessage.includes(str), `error message contains "${str}"`);
+ }
+
+ if (errorMessage.includes("(script-src-attr)")) {
+ contains("blocked an event handler");
+ contains("from being executed");
+ contains("Source: alert('onload');");
+ add("event handler");
+ } else if (errorMessage.includes("(img-src)")) {
+ contains("blocked the loading of a resource");
+ contains("/image.png");
+ add("image");
+ } else if (errorMessage.includes("an inline script")) {
+ contains("(script-src-elem)");
+ contains("from being executed");
+ add("inline script");
+ } else if (errorMessage.includes("a script")) {
+ contains("(script-src-elem)");
+ contains("from being executed");
+ contains("/script.js");
+ add("script");
+ } else if (errorMessage.includes("(worker-src)")) {
+ contains("(worker-src)");
+ contains("from being executed");
+ contains("/worker.js");
+ add("worker");
+ } else if (errorMessage.includes("a JavaScript eval")) {
+ contains("(script-src)");
+ contains("from being executed");
+ contains("Missing 'unsafe-eval'")
+ add("eval");
+ }
+
+ if (errors.length == 6) {
+ SimpleTest.executeSoon(cleanup);
+ }
+});
+
+document.getElementById('cspframe').src = 'file_csp_error_messages.html';
+</script>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 03:44:09 +0000