summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/meta/content-security-policy/script-src
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /testing/web-platform/meta/content-security-policy/script-src
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/meta/content-security-policy/script-src')
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini14
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini3
62 files changed, 210 insertions, 0 deletions
diff --git a/testing/web-platform/meta/content-security-policy/script-src/__dir__.ini b/testing/web-platform/meta/content-security-policy/script-src/__dir__.ini
new file mode 100644
index 0000000000..0229377837
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/__dir__.ini
@@ -0,0 +1 @@
+lsan-allowed: [already_AddRefed, detail::ProxyRelease, mozilla::SupportsThreadSafeWeakPtr, mozilla::ipc::BackgroundChildImpl::AllocPRemoteWorkerChild]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini b/testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini
new file mode 100644
index 0000000000..2133a6aad9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini
@@ -0,0 +1,3 @@
+[utf-8.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini b/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini
new file mode 100644
index 0000000000..482c520355
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini
@@ -0,0 +1,3 @@
+[javascript-window-open-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini b/testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini
new file mode 100644
index 0000000000..210a0da496
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini
@@ -0,0 +1,5 @@
+[nonce-enforce-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Unnonced scripts generate reports.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
new file mode 100644
index 0000000000..5b8cc4e727
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini
new file mode 100644
index 0000000000..4daea0ea59
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_10_1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
new file mode 100644
index 0000000000..8f763fe393
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
new file mode 100644
index 0000000000..05feccd4cb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_2_1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini
new file mode 100644
index 0000000000..ba7823939d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_3.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
new file mode 100644
index 0000000000..41378c133d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_4.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
new file mode 100644
index 0000000000..ed5e9f73fc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
@@ -0,0 +1,5 @@
+[script-src-1_4_1.html]
+ disabled:
+ if os == "win": bug 1094323
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
new file mode 100644
index 0000000000..7f30f25258
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_4_2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini
new file mode 100644
index 0000000000..4168827bd0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini
@@ -0,0 +1,3 @@
+[script-src-multiple-policies-multiple-hashing-algorithms.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini
new file mode 100644
index 0000000000..54c8cd47d2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini
@@ -0,0 +1,3 @@
+[script-src-multiple-policies-one-using-hashing-algorithms.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini
new file mode 100644
index 0000000000..62b545fa4f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini
@@ -0,0 +1,3 @@
+[script-src-overrides-default-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini
new file mode 100644
index 0000000000..833dfeeddb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini
@@ -0,0 +1,8 @@
+implementation-status: backlog
+[script-src-report-only-policy-works-with-external-hash-policy.html]
+ [External script in a script tag with matching SRI hash should run.]
+ expected: FAIL
+
+ [Should fire securitypolicyviolation event]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini
new file mode 100644
index 0000000000..57dc32dbd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini
@@ -0,0 +1,3 @@
+[script-src-report-only-policy-works-with-hash-policy.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini
new file mode 100644
index 0000000000..46422119ad
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini
@@ -0,0 +1,14 @@
+[script-src-sri_hash.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [matching integrity]
+ expected: FAIL
+
+ [multiple matching integrity]
+ expected: FAIL
+
+ [matching plus unsupported integrity]
+ expected: FAIL
+
+ [External script in a script tag with matching SRI hash should run.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini
new file mode 100644
index 0000000000..00d5f8380c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_and_unsafe_eval_eval.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini
new file mode 100644
index 0000000000..44cfa087ed
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_and_unsafe_eval_new_function.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini
new file mode 100644
index 0000000000..44b238ebd8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_discard_source_expressions.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
new file mode 100644
index 0000000000..3fc83ed8f3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_double_policy_different_nonce.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
new file mode 100644
index 0000000000..04be905d00
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
new file mode 100644
index 0000000000..6c20025f61
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_double_policy_report_only.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini
new file mode 100644
index 0000000000..dbda70d090
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_eval.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini
new file mode 100644
index 0000000000..4aae75b70f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_hashes.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini
new file mode 100644
index 0000000000..bb81bcb0ce
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_in_img-src.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
new file mode 100644
index 0000000000..7ac86a1d3b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_javascript_uri.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
new file mode 100644
index 0000000000..4c4cbfb285
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_meta_tag.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini
new file mode 100644
index 0000000000..2d78e15593
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_new_function.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
new file mode 100644
index 0000000000..5661eae6fe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_non_parser_inserted.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
new file mode 100644
index 0000000000..b616b72cc7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
new file mode 100644
index 0000000000..51a88a5f85
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_parser_inserted.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini
new file mode 100644
index 0000000000..5141ac2679
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_parser_inserted_correct_nonce.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini
new file mode 100644
index 0000000000..a901cfbcaa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_worker-importScripts.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini
new file mode 100644
index 0000000000..b984104f8e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_worker.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini
new file mode 100644
index 0000000000..84b9ab96b1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini
@@ -0,0 +1,3 @@
+[script-src-wildcards-disallowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini
new file mode 100644
index 0000000000..fbb73475f6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini
new file mode 100644
index 0000000000..5b82b78986
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-base64url-converts-to-base64.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini
new file mode 100644
index 0000000000..07be83bb33
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini
@@ -0,0 +1,3 @@
+[scripthash-basic-blocked-error-event.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini
new file mode 100644
index 0000000000..c328026f27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-basic-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini
new file mode 100644
index 0000000000..f62b8e7a50
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-case-insensitive.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini
new file mode 100644
index 0000000000..237ba4c6b3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini
@@ -0,0 +1,5 @@
+[scripthash-changed-1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [scr1.innerText before modification should not be blocked]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini
new file mode 100644
index 0000000000..15983b4d85
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini
@@ -0,0 +1,3 @@
+[scripthash-changed-2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini
new file mode 100644
index 0000000000..be29f728c3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-default-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini
new file mode 100644
index 0000000000..85cd13bfa8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-ignore-unsafeinline.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
new file mode 100644
index 0000000000..3518d486ea
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-unicode-normalization.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini
new file mode 100644
index 0000000000..44409f9725
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
new file mode 100644
index 0000000000..e29d244a78
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-and-scripthash.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini
new file mode 100644
index 0000000000..05981b3d28
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini
@@ -0,0 +1,5 @@
+implementation-status: backlog
+[scriptnonce-basic-blocked.sub.html]
+ [Expecting alerts: ["PASS (closely-quoted nonce)","PASS (nonce w/whitespace)", "violated-directive=script-src-elem", "violated-directive=script-src-elem", "violated-directive=script-src-elem"\]]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini
new file mode 100644
index 0000000000..a796e9f5e6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-changed-1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini
new file mode 100644
index 0000000000..234f0bba60
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-changed-2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
new file mode 100644
index 0000000000..2fb5be837d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-ignore-unsafeinline.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini
new file mode 100644
index 0000000000..9a0e497219
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-redirect.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini
new file mode 100644
index 0000000000..5a86e9f66f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-specified-source.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini
new file mode 100644
index 0000000000..9e439ed117
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini
@@ -0,0 +1,3 @@
+[srcdoc-doesnt-bypass-script-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
new file mode 100644
index 0000000000..58af8ea968
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
@@ -0,0 +1,5 @@
+[worker-data-set-timeout.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Shared worker with data: url inherits CSP]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini
new file mode 100644
index 0000000000..599b06347b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-eval-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini
new file mode 100644
index 0000000000..685ca59ba2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-function-function-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
new file mode 100644
index 0000000000..0fa80a1f11
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-importscripts.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini
new file mode 100644
index 0000000000..0e29cd0aec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-script-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
new file mode 100644
index 0000000000..1e9f9e34f7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-set-timeout.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]