diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/support')
8 files changed, 69 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/support/304-response.py b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py new file mode 100644 index 0000000000..f9756555f7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/304-response.py @@ -0,0 +1,33 @@ +def main(request, response): + if request.headers.get(b"If-None-Match"): + # we are now receing the second request, we will send back a different CSP + # with the 304 response + response.status = 304 + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-def' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"ETag", b"123456")] + return headers, u"" + else: + headers = [(b"Content-Type", b"text/html"), + (b"Content-Security-Policy", b"script-src 'nonce-abc' 'sha256-IIB78ZS1RMMrAWpsLg/RrDbVPhI14rKm3sFOeKPYulw=';"), + (b"Cache-Control", b"private, max-age=0, must-revalidate"), + (b"Etag", b"123456")] + return headers, u''' +<!DOCTYPE html> +<html> +<head> + <script> + window.addEventListener("securitypolicyviolation", function(e) { + top.postMessage(e.originalPolicy, '*'); + }); + </script> + <script nonce="abc"> + top.postMessage('abc_executed', '*'); + </script> + <script nonce="def"> + top.postMessage('def_executed', '*'); + </script> +</head> +</html> +''' diff --git a/testing/web-platform/tests/content-security-policy/generic/support/eval.js b/testing/web-platform/tests/content-security-policy/generic/support/eval.js new file mode 100644 index 0000000000..d8ba2a5589 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/eval.js @@ -0,0 +1,2 @@ +postMessage('unsafe-inline allowed'); +eval("postMessage('unsafe-eval allowed')"); diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html new file mode 100644 index 0000000000..c7a2e75dba --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html @@ -0,0 +1,11 @@ +<html> +<body> + <script> + var img = document.createElement("img"); + img.src = "/content-security-policy/support/pass.png"; + img.onload = function() { parent.postMessage('img loaded', '*'); } + img.onerror = function() { parent.postMessage('img not loaded', '*'); } + document.body.appendChild(img); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers new file mode 100644 index 0000000000..e9bf21bab4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_header.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: {{GET[csp]}} diff --git a/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html new file mode 100644 index 0000000000..ac0cf39dd0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/load_img_and_post_result_meta.sub.html @@ -0,0 +1,14 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="{{GET[csp]}}"> +</head> +<body> + <script> + var img = document.createElement("img"); + img.src = "/content-security-policy/support/pass.png"; + img.onload = function() { parent.postMessage('img loaded', '*'); } + img.onerror = function() { parent.postMessage('img not loaded', '*'); } + document.body.appendChild(img); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html b/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html new file mode 100644 index 0000000000..4334ea4c66 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/log-pass.html @@ -0,0 +1,3 @@ +<script> + window.parent.postMessage('PASS', '*'); +</script> diff --git a/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html new file mode 100644 index 0000000000..9480e521de --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html @@ -0,0 +1,4 @@ +<script> + window.parent.postMessage('PASS (1/2): Script can execute', '*'); + eval("window.parent.postMessage('PASS (2/2): Eval works', '*')"); +</script>
\ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers new file mode 100644 index 0000000000..c7e4e7cc5b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/support/sandboxed-eval.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: sandbox allow-scripts
\ No newline at end of file |