diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/content-security-policy/wasm-unsafe-eval | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/wasm-unsafe-eval')
17 files changed, 112 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js new file mode 100644 index 0000000000..15e9d87ce9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js @@ -0,0 +1,8 @@ +// META: global=window,worker + +promise_test(t => { + return promise_rejects_js( + t, WebAssembly.CompileError, + WebAssembly.instantiate( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]))); +}); diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers new file mode 100644 index 0000000000..d3790b6fbe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: default-src 'self' 'unsafe-inline'
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js new file mode 100644 index 0000000000..68a145caae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js @@ -0,0 +1,6 @@ +// META: global=window,worker + +promise_test(t => { + return WebAssembly.instantiate( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])); +}); diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers new file mode 100644 index 0000000000..1a1d90cf7c --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js new file mode 100644 index 0000000000..68a145caae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js @@ -0,0 +1,6 @@ +// META: global=window,worker + +promise_test(t => { + return WebAssembly.instantiate( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])); +}); diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers new file mode 100644 index 0000000000..2cb4ec4c87 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html new file mode 100644 index 0000000000..9d5e1e0ff3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <title>eval-in-iframe</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> +</head> +<body> + <iframe src="/content-security-policy/wasm-unsafe-eval/support/iframe.html"> + </iframe> + + <script> + async_test(t => { + self.addEventListener('message', t.step_func_done(({data}) => { + assert_equals(data.violatedDirective, "script-src"); + assert_equals(data.originalPolicy, "default-src 'unsafe-inline'") + assert_equals(data.blockedURI, "wasm-eval") + })); + }, "Got the expected securitypolicyviolation in the iframe"); + + const iframe = document.querySelector('iframe'); + iframe.addEventListener('load', () => { + let m = new WebAssembly.Module( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])); + iframe.contentWindow.postMessage(m); + }); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js new file mode 100644 index 0000000000..15e9d87ce9 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js @@ -0,0 +1,8 @@ +// META: global=window,worker + +promise_test(t => { + return promise_rejects_js( + t, WebAssembly.CompileError, + WebAssembly.instantiate( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0]))); +}); diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers new file mode 100644 index 0000000000..de46ceb5a1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline'
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js new file mode 100644 index 0000000000..360e00c715 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js @@ -0,0 +1,18 @@ +// META: global=window,worker +let code = new Uint8Array([0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0]); +async_test(t => { + self.addEventListener('securitypolicyviolation', t.step_func_done(e => { + assert_equals(e.violatedDirective, "script-src"); + assert_equals(e.originalPolicy, "default-src 'self' 'unsafe-inline'") + assert_equals(e.blockedURI, "wasm-eval") + })); +}, "Securitypolicyviolation event looks like it should"); + +promise_test(t => { + return promise_rejects_js( + t, WebAssembly.CompileError, + WebAssembly.instantiate(code)); +}); + + + diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers new file mode 100644 index 0000000000..d3790b6fbe --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: default-src 'self' 'unsafe-inline'
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js new file mode 100644 index 0000000000..68a145caae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js @@ -0,0 +1,6 @@ +// META: global=window,worker + +promise_test(t => { + return WebAssembly.instantiate( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])); +}); diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers new file mode 100644 index 0000000000..7b26c292f3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js new file mode 100644 index 0000000000..68a145caae --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js @@ -0,0 +1,6 @@ +// META: global=window,worker + +promise_test(t => { + return WebAssembly.instantiate( + new Uint8Array([0, 0x61, 0x73, 0x6d, 0x1, 0, 0, 0])); +}); diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers new file mode 100644 index 0000000000..3463403572 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html new file mode 100644 index 0000000000..4d8b937558 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html @@ -0,0 +1,15 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> +</head> +<body> + <h1>iframe</h1> + <script> + self.addEventListener('securitypolicyviolation', e => { + window.parent.postMessage({ violatedDirective: e.violatedDirective, + originalPolicy: e.originalPolicy, blockedURI: e.blockedURI }); + }); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers new file mode 100644 index 0000000000..bc3a72a880 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/support/iframe.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: default-src 'unsafe-inline' |