diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/font-src')
5 files changed, 115 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html new file mode 100644 index 0000000000..ebba1e0096 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-match-allowed.sub.html @@ -0,0 +1,23 @@ +<!doctype html> +<meta charset=utf-8> +<meta http-equiv="Content-Security-Policy" content="font-src {{domains[www1]}}:{{ports[http][0]}}"> +<head> + <title>Test font loads if it matches font-src.</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <div id="log"/> + <script> + async_test(function(t) { + document.addEventListener("securitypolicyviolation", t.unreached_func("Loading allowed fonts should not trigger a violation.")); + var link = document.createElement('link'); + link.rel="preload"; + link.as="font"; + link.href="http://{{domains[www1]}}:{{ports[http][0]}}/fonts/Ahem.ttf?font-match-allowed"; + link.onload = t.step_func_done(); + link.onerror = t.unreached_func("Should have loaded the font."); + document.getElementsByTagName('head')[0].appendChild(link); + }, "Test font loads if it matches font-src."); + </script> +</body> diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html new file mode 100644 index 0000000000..b164cf0f17 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-mismatch-blocked.sub.html @@ -0,0 +1,22 @@ +<!doctype html> +<meta charset=utf-8> +<meta http-equiv="Content-Security-Policy" content="font-src {{domains[www1]}}:{{ports[http][0]}}"> +<head> + <title>Test font does not load if it does not match font-src.</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <div id="log"/> + <script> + async_test(function(t) { + var link = document.createElement('link'); + link.rel="preload"; + link.as="font"; + link.href="http://{{domains[www2]}}:{{ports[http][0]}}/fonts/Ahem.ttf?font-mismatch-blocked"; + link.onload = t.unreached_func("Should not have loaded the font."); + link.onerror = t.step_func_done(); + document.getElementsByTagName('head')[0].appendChild(link); + }, "Test font does not load if it does not match font-src."); + </script> +</body> diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html new file mode 100644 index 0000000000..eae1b4986d --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-none-blocked.sub.html @@ -0,0 +1,22 @@ +<!doctype html> +<meta charset=utf-8> +<meta http-equiv="Content-Security-Policy" content="font-src 'none'"> +<head> + <title>Test font does not load if it does not match font-src.</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <div id="log"/> + <script> + async_test(function(t) { + var link = document.createElement('link'); + link.rel="preload"; + link.as="font"; + link.href="http://{{domains[www]}}:{{ports[http][0]}}/fonts/Ahem.ttf?font-none-blocked"; + link.onload = t.unreached_func("Should not have loaded the font."); + link.onerror = t.step_func_done(); + document.getElementsByTagName('head')[0].appendChild(link); + }, "Test font does not load if it does not match font-src."); + </script> +</body> diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html b/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html new file mode 100644 index 0000000000..b8d46e5c98 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-self-allowed.html @@ -0,0 +1,23 @@ +<!doctype html> +<meta charset=utf-8> +<meta http-equiv="Content-Security-Policy" content="font-src 'self'"> +<head> + <title>Test font loads if it matches font-src.</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <div id="log"/> + <script> + async_test(function(t) { + document.addEventListener("securitypolicyviolation", t.unreached_func("Loading allowed fonts should not trigger a violation.")); + var link = document.createElement('link'); + link.rel="preload"; + link.as="font"; + link.href="/fonts/Ahem.ttf?font-self-allowed"; + link.onload = t.step_func_done(); + link.onerror = t.unreached_func("Should have loaded the font."); + document.getElementsByTagName('head')[0].appendChild(link); + }, "Test font loads if it matches font-src."); + </script> +</body> diff --git a/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html b/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html new file mode 100644 index 0000000000..3b47d0b2e2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html @@ -0,0 +1,25 @@ +<!doctype html> +<meta charset=utf-8> +<meta http-equiv="Content-Security-Policy" content="font-src 'none'"> +<head> + <title>Test font does not load if it does not match font-src.</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <div id="log"/> + <script> + async_test(function(t) { + var link = document.createElement('link'); + link.rel="stylesheet"; + link.type="text/css"; + link.href="/content-security-policy/support/fonts.css"; + // The stylesheet should stil load, even though the font contained does not + link.onerror = t.unreached_func("Should have loaded the stylesheet."); + document.addEventListener("securitypolicyviolation", t.step_func_done(function(e) { + assert_equals(e.violatedDirective, "font-src"); + })); + document.getElementsByTagName('head')[0].appendChild(link); + }, "Test font does not load if it does not match font-src."); + </script> +</body> |