diff options
Diffstat (limited to 'testing/web-platform/meta/fetch/security')
7 files changed, 95 insertions, 0 deletions
diff --git a/testing/web-platform/meta/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.tentative.sub.html.ini b/testing/web-platform/meta/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.tentative.sub.html.ini new file mode 100644 index 0000000000..7f912d09db --- /dev/null +++ b/testing/web-platform/meta/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.tentative.sub.html.ini @@ -0,0 +1,18 @@ +[dangling-markup-mitigation-data-url.tentative.sub.html] + [<iframe id="dangling"\\n src="data:text/html,\\n <img\\n onload='window.parent.postMessage("loaded", "*");'\\n onerror='window.parent.postMessage("error", "*");'\\n src='http://web-platform.test:8000/images/gr een-256x256.png?<'>\\n ">\\n </iframe>] + expected: FAIL + + [<iframe id="dangling"\\n src=" data:text/html,\\n <img\\n onload='window.parent.postMessage("loaded", "*");'\\n onerror='window.parent.postMessage("error", "*");'\\n src='http://web-platform.test:8000/images/gr een-256x256.png?<'>\\n ">\\n </iframe>] + expected: FAIL + + [<iframe id="dangling"\\n src="\\ndata:text/html,\\n <img\\n onload='window.parent.postMessage("loaded", "*");'\\n onerror='window.parent.postMessage("error", "*");'\\n src='http://web-platform.test:8000/images/gr een-256x256.png?<'>\\n ">\\n </iframe>] + expected: FAIL + + [<iframe id="dangling"\\n src=" data:text/html,\\n <img\\n onload='window.parent.postMessage("loaded", "*");'\\n onerror='window.parent.postMessage("error", "*");'\\n src='http://web-platform.test:8000/images/gr een-256x256.png?<'>\\n ">\\n </iframe>] + expected: FAIL + + [<iframe id="dangling"\\n src="\\tdata:text/html,\\n <img\\n onload='window.parent.postMessage("loaded", "*");'\\n onerror='window.parent.postMessage("error", "*");'\\n src='http://web-platform.test:8000/images/gr een-256x256.png?<'>\\n ">\\n </iframe>] + expected: FAIL + + [<iframe id="dangling"\\n src="\\rdata:text/html,\\n <img\\n onload='window.parent.postMessage("loaded", "*");'\\n onerror='window.parent.postMessage("error", "*");'\\n src='http://web-platform.test:8000/images/gr een-256x256.png?<'>\\n ">\\n </iframe>] + expected: FAIL diff --git a/testing/web-platform/meta/fetch/security/dangling-markup/dangling-markup-mitigation.tentative.html.ini b/testing/web-platform/meta/fetch/security/dangling-markup/dangling-markup-mitigation.tentative.html.ini new file mode 100644 index 0000000000..3b0a8472ab --- /dev/null +++ b/testing/web-platform/meta/fetch/security/dangling-markup/dangling-markup-mitigation.tentative.html.ini @@ -0,0 +1,27 @@ +[dangling-markup-mitigation.tentative.html] + [Fetch: /images/gre\\nen-1x1.png?img=<] + expected: FAIL + + [Fetch: /images/gre\\ren-1x1.png?img=<] + expected: FAIL + + [Fetch: /images/gre\\ten-1x1.png?img=<] + expected: FAIL + + [Fetch: /images/green-1x1.png?<\\n=block] + expected: FAIL + + [Fetch: /images/green-1x1.png?<\\r=block] + expected: FAIL + + [Fetch: /images/green-1x1.png?<\\t=block] + expected: FAIL + + [<img id="dangling" src="/images/green-1x1.png?img= <b">] + expected: FAIL + + [<img id="dangling" src="/images/green-1x1.png?img=< b">] + expected: FAIL + + [\\n <img id="dangling" src="/images/green-1x1.png?img=\\n <\\n b\\n ">\\n ] + expected: FAIL diff --git a/testing/web-platform/meta/fetch/security/dangling-markup/media.html.ini b/testing/web-platform/meta/fetch/security/dangling-markup/media.html.ini new file mode 100644 index 0000000000..320b53d711 --- /dev/null +++ b/testing/web-platform/meta/fetch/security/dangling-markup/media.html.ini @@ -0,0 +1,6 @@ +[media.html] + [Should not load audio with dangling markup in URL] + expected: FAIL + + [Should not load video with dangling markup in URL] + expected: FAIL diff --git a/testing/web-platform/meta/fetch/security/dangling-markup/option.html.ini b/testing/web-platform/meta/fetch/security/dangling-markup/option.html.ini new file mode 100644 index 0000000000..7be7277c4a --- /dev/null +++ b/testing/web-platform/meta/fetch/security/dangling-markup/option.html.ini @@ -0,0 +1,18 @@ +[option.html] + [ <form action="/resource-timing/resources/document-navigated.html" method="post"> <input type="submit"> <select name="dangling"><option> ] + expected: FAIL + + [ <div> <form action="/resource-timing/resources/document-navigated.html" method="post"> <input type="submit"> <select name="dangling"><option> ] + expected: FAIL + + [ <form action="/resource-timing/resources/document-navigated.html" method="post" id="form"> <input type="submit"> </form> <select name="dangling" form="form"><option> ] + expected: FAIL + + [ <form action="/resource-timing/resources/document-navigated.html" method="post"> <input type="submit"> <select name="dangling"><option label="yay"> ] + expected: FAIL + + [ <div> <form action="/resource-timing/resources/document-navigated.html" method="post"> <input type="submit"> <select name="dangling"><option label="yay"> ] + expected: FAIL + + [ <form action="/resource-timing/resources/document-navigated.html" method="post" id="form"> <input type="submit"> </form> <select name="dangling" form="form"><option label="yay"> ] + expected: FAIL diff --git a/testing/web-platform/meta/fetch/security/dangling-markup/textarea.html.ini b/testing/web-platform/meta/fetch/security/dangling-markup/textarea.html.ini new file mode 100644 index 0000000000..747f187f85 --- /dev/null +++ b/testing/web-platform/meta/fetch/security/dangling-markup/textarea.html.ini @@ -0,0 +1,9 @@ +[textarea.html] + [ <form action="/resource-timing/resources/document-navigated.html" method="post"> <input type="submit"> <textarea name="dangling"> ] + expected: FAIL + + [ <div> <form action="/resource-timing/resources/document-navigated.html" method="post"> <input type="submit"> <textarea name="dangling"> ] + expected: FAIL + + [ <form action="/resource-timing/resources/document-navigated.html" method="post" id="form"> <input type="submit"> </form> <textarea name="dangling" form="form"> ] + expected: FAIL diff --git a/testing/web-platform/meta/fetch/security/embedded-credentials.tentative.sub.html.ini b/testing/web-platform/meta/fetch/security/embedded-credentials.tentative.sub.html.ini new file mode 100644 index 0000000000..5aac034595 --- /dev/null +++ b/testing/web-platform/meta/fetch/security/embedded-credentials.tentative.sub.html.ini @@ -0,0 +1,14 @@ +[embedded-credentials.tentative.sub.html] + expected: + if (os == "android") and fission: [OK, TIMEOUT] + [Embedded credentials are treated as network errors in frames.] + expected: FAIL + + [Embedded credentials are treated as network errors in new windows.] + expected: FAIL + + [Embedded credentials matching the top-level are treated as network errors for cross-origin URLs.] + expected: FAIL + + [Embedded credentials are treated as network errors.] + expected: FAIL diff --git a/testing/web-platform/meta/fetch/security/redirect-to-url-with-credentials.https.html.ini b/testing/web-platform/meta/fetch/security/redirect-to-url-with-credentials.https.html.ini new file mode 100644 index 0000000000..3c0d97a69b --- /dev/null +++ b/testing/web-platform/meta/fetch/security/redirect-to-url-with-credentials.https.html.ini @@ -0,0 +1,3 @@ +[redirect-to-url-with-credentials.https.html] + expected: + if (os == "android") and fission: [OK, TIMEOUT] |