summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/font-src
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/font-src')
-rw-r--r--testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html23
-rw-r--r--testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html22
-rw-r--r--testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html22
-rw-r--r--testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html23
-rw-r--r--testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html25
5 files changed, 115 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html
new file mode 100644
index 0000000000..ebba1e0096
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html
@@ -0,0 +1,23 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta http-equiv="Content-Security-Policy" content="font-src {{domains[www1]}}:{{ports[http][0]}}">
+<head>
+ <title>Test font loads if it matches font-src.</title>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+ <div id="log"/>
+ <script>
+ async_test(function(t) {
+ document.addEventListener("securitypolicyviolation", t.unreached_func("Loading allowed fonts should not trigger a violation."));
+ var link = document.createElement('link');
+ link.rel="preload";
+ link.as="font";
+ link.href="http://{{domains[www1]}}:{{ports[http][0]}}/fonts/Ahem.ttf?font-match-allowed";
+ link.onload = t.step_func_done();
+ link.onerror = t.unreached_func("Should have loaded the font.");
+ document.getElementsByTagName('head')[0].appendChild(link);
+ }, "Test font loads if it matches font-src.");
+ </script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html
new file mode 100644
index 0000000000..b164cf0f17
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html
@@ -0,0 +1,22 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta http-equiv="Content-Security-Policy" content="font-src {{domains[www1]}}:{{ports[http][0]}}">
+<head>
+ <title>Test font does not load if it does not match font-src.</title>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+ <div id="log"/>
+ <script>
+ async_test(function(t) {
+ var link = document.createElement('link');
+ link.rel="preload";
+ link.as="font";
+ link.href="http://{{domains[www2]}}:{{ports[http][0]}}/fonts/Ahem.ttf?font-mismatch-blocked";
+ link.onload = t.unreached_func("Should not have loaded the font.");
+ link.onerror = t.step_func_done();
+ document.getElementsByTagName('head')[0].appendChild(link);
+ }, "Test font does not load if it does not match font-src.");
+ </script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html
new file mode 100644
index 0000000000..eae1b4986d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html
@@ -0,0 +1,22 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta http-equiv="Content-Security-Policy" content="font-src 'none'">
+<head>
+ <title>Test font does not load if it does not match font-src.</title>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+ <div id="log"/>
+ <script>
+ async_test(function(t) {
+ var link = document.createElement('link');
+ link.rel="preload";
+ link.as="font";
+ link.href="http://{{domains[www]}}:{{ports[http][0]}}/fonts/Ahem.ttf?font-none-blocked";
+ link.onload = t.unreached_func("Should not have loaded the font.");
+ link.onerror = t.step_func_done();
+ document.getElementsByTagName('head')[0].appendChild(link);
+ }, "Test font does not load if it does not match font-src.");
+ </script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html b/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html
new file mode 100644
index 0000000000..b8d46e5c98
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html
@@ -0,0 +1,23 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta http-equiv="Content-Security-Policy" content="font-src 'self'">
+<head>
+ <title>Test font loads if it matches font-src.</title>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+ <div id="log"/>
+ <script>
+ async_test(function(t) {
+ document.addEventListener("securitypolicyviolation", t.unreached_func("Loading allowed fonts should not trigger a violation."));
+ var link = document.createElement('link');
+ link.rel="preload";
+ link.as="font";
+ link.href="/fonts/Ahem.ttf?font-self-allowed";
+ link.onload = t.step_func_done();
+ link.onerror = t.unreached_func("Should have loaded the font.");
+ document.getElementsByTagName('head')[0].appendChild(link);
+ }, "Test font loads if it matches font-src.");
+ </script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html
new file mode 100644
index 0000000000..3b47d0b2e2
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta http-equiv="Content-Security-Policy" content="font-src 'none'">
+<head>
+ <title>Test font does not load if it does not match font-src.</title>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+ <div id="log"/>
+ <script>
+ async_test(function(t) {
+ var link = document.createElement('link');
+ link.rel="stylesheet";
+ link.type="text/css";
+ link.href="/content-security-policy/support/fonts.css";
+ // The stylesheet should stil load, even though the font contained does not
+ link.onerror = t.unreached_func("Should have loaded the stylesheet.");
+ document.addEventListener("securitypolicyviolation", t.step_func_done(function(e) {
+ assert_equals(e.violatedDirective, "font-src");
+ }));
+ document.getElementsByTagName('head')[0].appendChild(link);
+ }, "Test font does not load if it does not match font-src.");
+ </script>
+</body>