summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /testing/web-platform/tests/content-security-policy/wasm-unsafe-eval
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/wasm-unsafe-eval')
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js8
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js6
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js6
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html31
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js8
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js18
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js6
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js6
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers1
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html15
-rw-r--r--testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers1
17 files changed, 112 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js
new file mode 100644
index 0000000000..15e9d87ce9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js
@@ -0,0 +1,8 @@
+// META: global=window,worker
+
+promise_test(t => {
+ return promise_rejects_js(
+ t, WebAssembly.CompileError,
+ WebAssembly.instantiate(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])));
+});
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers
new file mode 100644
index 0000000000..d3790b6fbe
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' 'unsafe-inline' \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js
new file mode 100644
index 0000000000..68a145caae
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js
@@ -0,0 +1,6 @@
+// META: global=window,worker
+
+promise_test(t => {
+ return WebAssembly.instantiate(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]));
+});
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers
new file mode 100644
index 0000000000..1a1d90cf7c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js
new file mode 100644
index 0000000000..68a145caae
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js
@@ -0,0 +1,6 @@
+// META: global=window,worker
+
+promise_test(t => {
+ return WebAssembly.instantiate(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]));
+});
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers
new file mode 100644
index 0000000000..2cb4ec4c87
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html
new file mode 100644
index 0000000000..9d5e1e0ff3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>eval-in-iframe</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/utils.js"></script>
+</head>
+<body>
+ <iframe src="/content-security-policy/wasm-unsafe-eval/support/iframe.html">
+ </iframe>
+
+ <script>
+ async_test(t => {
+ self.addEventListener('message', t.step_func_done(({data}) => {
+ assert_equals(data.violatedDirective, "script-src");
+ assert_equals(data.originalPolicy, "default-src 'unsafe-inline'")
+ assert_equals(data.blockedURI, "wasm-eval")
+ }));
+ }, "Got the expected securitypolicyviolation in the iframe");
+
+ const iframe = document.querySelector('iframe');
+ iframe.addEventListener('load', () => {
+ let m = new WebAssembly.Module(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]));
+ iframe.contentWindow.postMessage(m);
+ });
+ </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js
new file mode 100644
index 0000000000..15e9d87ce9
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js
@@ -0,0 +1,8 @@
+// META: global=window,worker
+
+promise_test(t => {
+ return promise_rejects_js(
+ t, WebAssembly.CompileError,
+ WebAssembly.instantiate(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])));
+});
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers
new file mode 100644
index 0000000000..de46ceb5a1
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: script-src 'self' 'unsafe-inline' \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js
new file mode 100644
index 0000000000..360e00c715
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js
@@ -0,0 +1,18 @@
+// META: global=window,worker
+let code = new Uint8Array([0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0]);
+async_test(t => {
+ self.addEventListener('securitypolicyviolation', t.step_func_done(e => {
+ assert_equals(e.violatedDirective, "script-src");
+ assert_equals(e.originalPolicy, "default-src 'self' 'unsafe-inline'")
+ assert_equals(e.blockedURI, "wasm-eval")
+ }));
+}, "Securitypolicyviolation event looks like it should");
+
+promise_test(t => {
+ return promise_rejects_js(
+ t, WebAssembly.CompileError,
+ WebAssembly.instantiate(code));
+});
+
+
+
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers
new file mode 100644
index 0000000000..d3790b6fbe
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' 'unsafe-inline' \ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js
new file mode 100644
index 0000000000..68a145caae
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js
@@ -0,0 +1,6 @@
+// META: global=window,worker
+
+promise_test(t => {
+ return WebAssembly.instantiate(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]));
+});
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers
new file mode 100644
index 0000000000..7b26c292f3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js
new file mode 100644
index 0000000000..68a145caae
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js
@@ -0,0 +1,6 @@
+// META: global=window,worker
+
+promise_test(t => {
+ return WebAssembly.instantiate(
+ new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]));
+});
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers
new file mode 100644
index 0000000000..3463403572
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html
new file mode 100644
index 0000000000..4d8b937558
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+</head>
+<body>
+ <h1>iframe</h1>
+ <script>
+ self.addEventListener('securitypolicyviolation', e => {
+ window.parent.postMessage({ violatedDirective: e.violatedDirective,
+ originalPolicy: e.originalPolicy, blockedURI: e.blockedURI });
+ });
+ </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers
new file mode 100644
index 0000000000..bc3a72a880
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'unsafe-inline'