diff options
Diffstat (limited to 'dom/security/test/csp')
-rw-r--r-- | dom/security/test/csp/file_csp_error_messages.html | 33 | ||||
-rw-r--r-- | dom/security/test/csp/mochitest.toml | 3 | ||||
-rw-r--r-- | dom/security/test/csp/test_csp_error_messages.html | 75 |
3 files changed, 111 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_csp_error_messages.html b/dom/security/test/csp/file_csp_error_messages.html new file mode 100644 index 0000000000..65d26ac57e --- /dev/null +++ b/dom/security/test/csp/file_csp_error_messages.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta http-equiv="Content-Security-Policy" content="default-src 'nonce-abc';"> + <title></title> +</head> + +<!-- event handler --> +<body onload="alert('onload');"> + + <!-- img-src --> + <img src="image.png"> + + <!-- external script --> + <script src=script.js></script> + + <!-- inline script --> + <script> + alert("failure"); + </script> + + <script nonce="abc"> + /* worker-src */ + new Worker("/worker.js") + </script> + + <script nonce="abc"> + // eslint-disable-next-line no-eval + eval("hello world"); + </script> +</body> +</html>
\ No newline at end of file diff --git a/dom/security/test/csp/mochitest.toml b/dom/security/test/csp/mochitest.toml index 8d8c6c31f5..5dd9a14222 100644 --- a/dom/security/test/csp/mochitest.toml +++ b/dom/security/test/csp/mochitest.toml @@ -433,6 +433,9 @@ skip-if = [ ["test_connect-src.html"] +["test_csp_error_messages.html"] +support-files = ["file_csp_error_messages.html"] + ["test_csp_frame_ancestors_about_blank.html"] support-files = [ "file_csp_frame_ancestors_about_blank.html", diff --git a/dom/security/test/csp/test_csp_error_messages.html b/dom/security/test/csp/test_csp_error_messages.html new file mode 100644 index 0000000000..51be37e7c0 --- /dev/null +++ b/dom/security/test/csp/test_csp_error_messages.html @@ -0,0 +1,75 @@ +<!doctype html> +<html> +<head> + <meta charset="utf-8"> + <title>Test some specialized CSP errors</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> +</head> +<body> + +<iframe id="cspframe"></iframe> + +<script class="testbody" type="text/javascript"> +SimpleTest.waitForExplicitFinish(); + +function cleanup() { + SpecialPowers.postConsoleSentinel(); + SimpleTest.finish(); +}; + +let errors = []; +function add(name) { + ok(!errors.includes(name), `duplicate error for ${name}`); + errors.push(name); +} + +SpecialPowers.registerConsoleListener(msg => { + if (!msg.errorMessage) { + return; + } + + let {errorMessage} = msg; + function contains(str) { + ok(errorMessage.includes(str), `error message contains "${str}"`); + } + + if (errorMessage.includes("(script-src-attr)")) { + contains("blocked an event handler"); + contains("from being executed"); + contains("Source: alert('onload');"); + add("event handler"); + } else if (errorMessage.includes("(img-src)")) { + contains("blocked the loading of a resource"); + contains("/image.png"); + add("image"); + } else if (errorMessage.includes("an inline script")) { + contains("(script-src-elem)"); + contains("from being executed"); + add("inline script"); + } else if (errorMessage.includes("a script")) { + contains("(script-src-elem)"); + contains("from being executed"); + contains("/script.js"); + add("script"); + } else if (errorMessage.includes("(worker-src)")) { + contains("(worker-src)"); + contains("from being executed"); + contains("/worker.js"); + add("worker"); + } else if (errorMessage.includes("a JavaScript eval")) { + contains("(script-src)"); + contains("from being executed"); + contains("Missing 'unsafe-eval'") + add("eval"); + } + + if (errors.length == 6) { + SimpleTest.executeSoon(cleanup); + } +}); + +document.getElementById('cspframe').src = 'file_csp_error_messages.html'; +</script> +</body> +</html> |