diff options
Diffstat (limited to '')
26 files changed, 1089 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/css-integration/README.md b/testing/web-platform/tests/referrer-policy/css-integration/README.md new file mode 100644 index 0000000000..150b0e6526 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/README.md @@ -0,0 +1,14 @@ +These tests exercise different ways to fetch a resource (image, font-face, svg +references), generated via the sub-resource python script in +```./generic/subresource/``` (for example, loading an image: +```/common/security-features/subresource/image.py?id=<UUID>```) and later verify +the headers used to fetch the resource. + +Since there is no way to wait for a resource referenced from CSS to be loaded, +all tests use ```step_timeout()``` to delay the verification step until +after the resource (hopefully) was loaded. + +Since there is also no way to retrieve headers (or other information) from +resources loaded via CSS, we store the headers with the given ```UUID``` as key +on the server, and retrieve them later via an XHR, for example: +```/common/security-features/subresource/image.py?id=<UUID>&report-headers```. diff --git a/testing/web-platform/tests/referrer-policy/css-integration/child-css/external-import-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/child-css/external-import-stylesheet.html new file mode 100644 index 0000000000..a4bbddb564 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/child-css/external-import-stylesheet.html @@ -0,0 +1,46 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Child css from external stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that child css are loaded with the referrer and referrer policy + from the external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port; + let css_url = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + id + + "&import-rule" + "&referrer-policy=no-referrer"; + let check_url = url_prefix + "/common/security-features/subresource/stylesheet.py" + + "?id=" + id + "&report-headers"; + + return new Promise(resolve => { + let link = document.createElement("link"); + link.href = css_url; + link.rel = "stylesheet"; + link.onload = resolve; + document.head.appendChild(link); + }) + .then(() => timeoutPromise(css_test, 1000)) + .then(() => requestViaXhr(check_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_equals(message.referrer, undefined); + }); + }, "Child css from external stylesheet."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet-with-differentorigin-base-url-from-preload.tentative.html b/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet-with-differentorigin-base-url-from-preload.tentative.html new file mode 100644 index 0000000000..4d2228c9a3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet-with-differentorigin-base-url-from-preload.tentative.html @@ -0,0 +1,47 @@ +<!DOCTYPE html> +<title>CSS integration - child CSS fetch from inline stylesheet</title> +<link rel="help" href="https://crbug.com/1158645" /> + +<head> + <meta name="referrer" content="origin"> +</head> + +<body> + + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + + <script> + promise_test(function (css_test) { + let id = token(); + let url_prefix = location.protocol + "//www." + location.hostname + + ":" + location.port; + let css_url = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + id + + "&type=stylesheet-only"; + let check_url = url_prefix + + "/common/security-features/subresource/stylesheet.py" + + "?id=" + id + "&report-headers"; + + const frame = document.createElement('iframe'); + const contents = ` + <base href="http://other-site.example" /> + <style type=text/css> + @import url('${css_url}'); + </style>`; + frame.srcdoc = contents; + document.body.appendChild(frame); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(check_url)) + .then(function (message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, "A child stylesheet from inline style should use the document's" + + " URL, not the document's base URL, as its referrer, even when the " + + "HTML parser preloads the stylesheet."); + </script> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet-with-differentorigin-base-url.tentative.html b/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet-with-differentorigin-base-url.tentative.html new file mode 100644 index 0000000000..7130e2a14a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet-with-differentorigin-base-url.tentative.html @@ -0,0 +1,47 @@ +<!DOCTYPE html> +<title>CSS integration - Child css from internal stylesheet</title> +<link rel="help" href="https://crbug.com/1158645" /> + +<head> + <meta name="referrer" content="origin"> +</head> + +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<!-- Common global functions for referrer-policy tests. --> +<script src="/common/security-features/resources/common.sub.js"></script> + +<!-- This has to follow the <script> tags, or it will make the .js files +fail to load. --> +<base href="http://other-site.example" /> + +<script> + promise_test(function (css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + + ":" + location.port; + let css_url = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + id + + "&stylesheet-only"; + let check_url = url_prefix + + "/common/security-features/subresource/stylesheet.py" + + "?id=" + id + "&report-headers"; + + let style = document.createElement("style"); + style.type = 'text/css'; + style.appendChild(document.createTextNode("@import url('" + css_url + + "');")); + document.head.appendChild(style); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(check_url)) + .then(function (message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, + "A child stylesheet from inline style should use the document's URL, not " + + "the document's base URL, as its referrer." + ); +</script> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet.html new file mode 100644 index 0000000000..32adf5adca --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/child-css/internal-import-stylesheet.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Child css from internal stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that child css are loaded with the referrer and referrer policy + from the internal stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port; + let css_url = url_prefix + "/common/security-features/subresource/stylesheet.py?id=" + id + "&import-rule"; + let check_url = url_prefix + "/common/security-features/subresource/stylesheet.py" + + "?id=" + id + "&report-headers"; + + let style = document.createElement("style"); + style.type = 'text/css'; + style.appendChild(document.createTextNode("@import url('" + css_url + "');")); + document.head.appendChild(style); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(check_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_url); + }); + }, "Child css from internal stylesheet."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/child-css/processing-instruction.html b/testing/web-platform/tests/referrer-policy/css-integration/child-css/processing-instruction.html new file mode 100644 index 0000000000..56db82c1d3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/child-css/processing-instruction.html @@ -0,0 +1,44 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - child css via a ProcessingInstruction</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that child css are loaded with the referrer and referrer policy the + external stylesheet(referenced from a ProcessingInstruction).</p> + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + ":" + + location.port + + "/common/security-features/subresource/stylesheet.py?id=" + + id; + let css_url = url_prefix + "&import-rule"; + let expected = url_prefix + "&import-rule"; + let check_url = url_prefix + "&report-headers"; + + let processingInstruction = + document.createProcessingInstruction( + "xml-stylesheet", "href=\"" +css_url + "\" type=\"text/css\""); + document.insertBefore(processingInstruction, document.firstChild); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(check_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, expected); + }); + }, "Child css via a ProcessingInstruction."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/css-test-helper.js b/testing/web-platform/tests/referrer-policy/css-integration/css-test-helper.js new file mode 100644 index 0000000000..dc97ccc063 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/css-test-helper.js @@ -0,0 +1,55 @@ +var svg_ns = "http://www.w3.org/2000/svg"; +var url_prefix = location.protocol + "//" + location.hostname + ":" + + location.port + "/common/security-features/subresource/"; + +var svg_test_properties = [ + 'fill', + 'stroke', + 'filter', + 'clip-path', + 'marker-start', + 'marker-mid', + 'marker-end', + 'mask', + 'mask-image', +]; + +// Parameters: +// testProperties: An array of test properties. +// testDescription: A test description +// testFunction: A function call which sets up the expect result and runs +// the actual test +function runSvgTests(testProperties, testDescription, testFunction) { + for (const property of testProperties) { + let current = { + id: token(), + property: property, + }; + + promise_test(t => { + testFunction(current); + return timeoutPromise(t, 800) + .then(() => { + let check_url = url_prefix + "svg.py" + "?id=" + current.id + + "&report-headers"; + return requestViaFetch(check_url); + }) + .then(message => { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, current.expected); + }); + }, + testDescription + " " + property); + } +} + +function createSvg() { + let svg = document.createElementNS(svg_ns, 'svg'); + svg.setAttribute('width', '400'); + svg.setAttribute('height', '400'); + let path = document.createElementNS(svg_ns, 'path'); + path.setAttribute('d', 'M 50,5 95,100 5,100 z'); + svg.appendChild(path); + return svg; +} diff --git a/testing/web-platform/tests/referrer-policy/css-integration/font-face/external-import-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/font-face/external-import-stylesheet.html new file mode 100644 index 0000000000..ac26aa2828 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/font-face/external-import-stylesheet.html @@ -0,0 +1,51 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Font from imported stylesheet (external)</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from imported stylesheets (loaded from external + stylesheets) are loaded with the referrer and referrer policy from the + external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let css_url = location.protocol + "//www1." + location.hostname + ":" + + location.port + + "/common/security-features/subresource/stylesheet.py?id=" + id + + "&import-rule" + "&type=font"; + let url_prefix = location.protocol + "//" + location.hostname + ":" + location.port; + let css_referrer = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + id + "&type=font"; + let font_url = url_prefix + "/common/security-features/subresource/font.py" + + "?id=" + id + "&report-headers" + "&type=font"; + + return new Promise(resolve => { + let link = document.createElement("link"); + link.href = css_url; + link.rel = "stylesheet"; + link.onload = resolve; + document.head.appendChild(link); + }) + .then(() => timeoutPromise(css_test, 1000)) + .then(() => requestViaXhr(font_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_referrer); + }); + }, "Font from imported stylesheet (external)."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/font-face/external-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/font-face/external-stylesheet.html new file mode 100644 index 0000000000..fa21a1d53f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/font-face/external-stylesheet.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Font from external stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from external stylesheets are loaded with + the referrer and referrer policy from the external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port; + let css_url = url_prefix + "/common/security-features/subresource/stylesheet.py?id=" + id + "&type=font"; + let font_url = url_prefix + "/common/security-features/subresource/font.py" + + "?id=" + id + "&report-headers"; + + return new Promise(resolve => { + let link = document.createElement("link"); + link.href = css_url; + link.rel = "stylesheet"; + link.onload = resolve; + document.head.appendChild(link); + }) + .then(() => timeoutPromise(css_test, 1000)) + .then(() => requestViaXhr(font_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_url); + }); + }, "Font from external stylesheet."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/font-face/internal-import-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/font-face/internal-import-stylesheet.html new file mode 100644 index 0000000000..d2c8ae754f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/font-face/internal-import-stylesheet.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Font from imported stylesheet (internal)</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from stylesheets (imported from internal + stylesheets) are loaded with the referrer and referrer policy from from the + imported style sheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + ":" + + location.port + "/common/security-features/subresource/"; + let css_url = url_prefix + "stylesheet.py?id=" + id + "&type=font"; + let font_url = url_prefix + "font.py?report-headers&id=" + id; + + let style = document.createElement("style"); + style.textContent = "@import url('" + css_url + "');"; + document.head.appendChild(style); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(font_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_url); + }); + }, "Font from imported stylesheet (internal)."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/font-face/internal-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/font-face/internal-stylesheet.html new file mode 100644 index 0000000000..43aa37151b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/font-face/internal-stylesheet.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Font from internal stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from internal stylesheets are loaded with + the referrer and referrer policy from the document.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let css_url = location.protocol + "//www1." + location.hostname + ":" + + location.port + + "/common/security-features/subresource/font.py" + "?id=" + + id + "&type=font"; + let font_url = css_url + "&report-headers"; + + let style = document.createElement("style"); + style.textContent = "@font-face { font-family: 'wpt'; font-style: normal; font-weight: normal; src: url(" + css_url + "); format('truetype'); } body { font-family: 'wpt';}"; + document.head.appendChild(style); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(font_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, "Font from internal stylesheet."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/font-face/processing-instruction.html b/testing/web-platform/tests/referrer-policy/css-integration/font-face/processing-instruction.html new file mode 100644 index 0000000000..6c864afd9a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/font-face/processing-instruction.html @@ -0,0 +1,48 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - Font from external stylesheet inserted via a ProcessingInstruction</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from external stylesheets (referenced from a + ProcessingInstruction) are loaded with the referrer and referrer policy + from the external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + let id = token(); + let url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port; + let css_url = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + + id + "&type=font"; + let expected = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + + id + "&type=font"; + let font_url = url_prefix + "/common/security-features/subresource/font.py" + + "?id=" + id + "&report-headers"; + + let processingInstruction = + document.createProcessingInstruction( + "xml-stylesheet", "href=\"" + css_url + "\" type=\"text/css\""); + document.insertBefore(processingInstruction, document.firstChild); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(font_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, expected); + }); + }, "Font from external stylesheet (from ProcessingInstruction)."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/external-import-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/image/external-import-stylesheet.html new file mode 100644 index 0000000000..15aae6f824 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/external-import-stylesheet.html @@ -0,0 +1,51 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from imported stylesheet (external)</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from imported stylesheets (loaded from external + stylesheets) are loaded with the referrer and referrer policy from the + external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + var id = token(); + var css_url = location.protocol + "//www1." + location.hostname + ":" + location.port + + "/common/security-features/subresource/stylesheet.py?id=" + id + + "&import-rule" + "&type=image"; + var url_prefix = location.protocol + "//" + location.hostname + ":" + location.port; + var css_referrer = url_prefix + + "/common/security-features/subresource/stylesheet.py?id=" + id + + "&type=image"; + var img_url = url_prefix + "/common/security-features/subresource/image.py" + + "?id=" + id + "&report-headers"; + + return new Promise(resolve => { + var link = document.createElement("link"); + link.href = css_url; + link.rel = "stylesheet"; + link.onload = resolve; + document.head.appendChild(link); + }) + .then(() => timeoutPromise(css_test, 1000)) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_referrer); + }); + }, "Image from imported stylesheet (external)."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/external-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/image/external-stylesheet.html new file mode 100644 index 0000000000..eed146dac0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/external-stylesheet.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from external stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from external stylesheets are loaded with + the referrer and referrer policy from the external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + var id = token(); + var url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port; + var css_url = url_prefix + "/common/security-features/subresource/stylesheet.py?id=" + id; + var img_url = url_prefix + "/common/security-features/subresource/image.py" + + "?id=" + id + "&report-headers"; + + return new Promise(resolve => { + var link = document.createElement("link"); + link.href = css_url; + link.rel = "stylesheet"; + link.onload = resolve; + document.head.appendChild(link); + }) + .then(() => timeoutPromise(css_test, 1000)) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_url); + }); + }, "Image from external stylesheet."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/inline-style-with-differentorigin-base-tag.tentative.html b/testing/web-platform/tests/referrer-policy/css-integration/image/inline-style-with-differentorigin-base-tag.tentative.html new file mode 100644 index 0000000000..091afd832a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/inline-style-with-differentorigin-base-tag.tentative.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<title>CSS integration - image from inline style from document with base tag</title> +<link rel="help" href="https://crbug.com/1158645" /> + +<head> + <meta name="referrer" content="origin"> +</head> + +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> +<!-- Common global functions for referrer-policy tests. --> +<script src="/common/security-features/resources/common.sub.js"></script> + +<!-- This has to follow the <script> tags, or it will make the js files fail to load. --> +<base href="http://other-site.example" /> + +<p>Check that resources from inline styles are loaded with + the referrer and referrer policy from the document and, in + particular, not with the different base URL set in the base tag.</p> + +<div class="styled"></div> + +<script> + 'use strict'; + promise_test(function(css_test) { + var id = token(); + var css_url = location.protocol + "//www1." + location.hostname + ":" + location.port + "/common/security-features/subresource/image.py" + "?id=" + id; + var img_url = css_url + "&report-headers"; + + var div = document.querySelector("div.styled"); + div.style = "content:url(" + css_url + ")"; + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, "Image from inline styles."); +</script> + +<div id="log"></div> + +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/inline-style.html b/testing/web-platform/tests/referrer-policy/css-integration/image/inline-style.html new file mode 100644 index 0000000000..1e94b3df2c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/inline-style.html @@ -0,0 +1,38 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from inline style</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from inline styles are loaded with + the referrer and referrer policy from the document.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + var id = token(); + var css_url = location.protocol + "//www1." + location.hostname + ":" + location.port + "/common/security-features/subresource/image.py" + "?id=" + id; + var img_url = css_url + "&report-headers"; + + var div = document.querySelector("div.styled"); + div.style = "content:url(" + css_url + ")"; + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, "Image from inline styles."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/internal-import-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/image/internal-import-stylesheet.html new file mode 100644 index 0000000000..75ca554381 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/internal-import-stylesheet.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from imported stylesheet (internal)</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from stylesheets (imported from internal + stylesheets) are loaded with the referrer and referrer policy from the + document.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + var id = token(); + var url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port + "/common/security-features/subresource/"; + var css_url = url_prefix + "stylesheet.py?id=" + id; + var img_url = url_prefix + "image.py?report-headers&id=" + id; + + var style = document.createElement("style"); + style.type = 'text/css'; + style.appendChild(document.createTextNode("@import url('" + css_url + "');")); + document.head.appendChild(style); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_url); + }); + }, "Image from imported stylesheet (internal)."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/internal-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/image/internal-stylesheet.html new file mode 100644 index 0000000000..caef85329f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/internal-stylesheet.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from internal stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from internal stylesheets are loaded with + the referrer and referrer policy from the document.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + var id = token(); + var css_url = location.protocol + "//www1." + location.hostname + ":" + location.port + "/common/security-features/subresource/image.py" + "?id=" + id; + var img_url = css_url + "&report-headers"; + + var style = document.createElement("style"); + style.type = 'text/css'; + style.appendChild(document.createTextNode("div.styled::before { content:url(" + css_url + ")}")); + document.head.appendChild(style); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, "Image from internal stylesheet."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/presentation-attribute.html b/testing/web-platform/tests/referrer-policy/css-integration/image/presentation-attribute.html new file mode 100644 index 0000000000..df5593b218 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/presentation-attribute.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from presentation attribute</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from presentation attributes are loaded with + the referrer and referrer policy from the document.</p> + + <script> + promise_test(function(css_test) { + var id = token(); + var css_url = location.protocol + "//www1." + location.hostname + ":" + location.port + "/common/security-features/subresource/image.py" + "?id=" + id; + var img_url = css_url + "&report-headers"; + + document.body.background = css_url; + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, location.origin + "/"); + }); + }, "Image from presentation attributes."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/image/processing-instruction.html b/testing/web-platform/tests/referrer-policy/css-integration/image/processing-instruction.html new file mode 100644 index 0000000000..5d88fcbb6d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/image/processing-instruction.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - image from external stylesheet inserted via a ProcessingInstruction</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from external stylesheets (referenced from a + ProcessingInstruction) are loaded with the referrer and referrer policy + from the external stylesheet.</p> + + <div class="styled"></div> + + <script> + promise_test(function(css_test) { + var id = token(); + var url_prefix = location.protocol + "//www1." + location.hostname + ":" + location.port; + var css_url = url_prefix + "/common/security-features/subresource/stylesheet.py?id=" + id; + var img_url = url_prefix + "/common/security-features/subresource/image.py" + + "?id=" + id + "&report-headers"; + + var processingInstruction = document.createProcessingInstruction("xml-stylesheet", "href=\"" + css_url + "\" type=\"text/css\""); + document.insertBefore(processingInstruction, document.firstChild); + return timeoutPromise(css_test, 1000) + .then(() => requestViaXhr(img_url)) + .then(function(message) { + assert_own_property(message, "headers"); + assert_own_property(message, "referrer"); + assert_equals(message.referrer, css_url); + }); + }, "Image from external stylesheet (from ProcessingInstruction)."); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/svg/external-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/svg/external-stylesheet.html new file mode 100644 index 0000000000..12bc9eeba6 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/svg/external-stylesheet.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - styling SVG from external stylesheet</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <!-- Helper functions for referrer-policy css tests. --> + <script src="/referrer-policy/css-integration/css-test-helper.js"></script> + <meta name="referrer" content="never"> + </head> + <body> + <p>Check that resources from external stylesheets are loaded with + the referrer and referrer policy from the external stylesheet.</p> + + <script> + function addLinkStyleSheet(test) { + let css_url = url_prefix + "stylesheet.py?id=" + test.id + + "&type=svg" + "&property=" + test.property; + test.expected = css_url; + + let stylesheet = + document.createElementNS("http://www.w3.org/1999/xhtml", "link"); + stylesheet.setAttribute("type", "text/css"); + stylesheet.setAttribute("rel", "stylesheet"); + stylesheet.setAttribute("href", css_url); + let svg = createSvg(); + document.body.appendChild(svg); + svg.appendChild(stylesheet); + } + + runSvgTests(svg_test_properties, + "Test styling SVG from external style", + addLinkStyleSheet); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/svg/inline-style-with-differentorigin-base-tag.tentative.html b/testing/web-platform/tests/referrer-policy/css-integration/svg/inline-style-with-differentorigin-base-tag.tentative.html new file mode 100644 index 0000000000..9a8bc6da41 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/svg/inline-style-with-differentorigin-base-tag.tentative.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> + +<head> + <title>CSS integration - styling SVG from inline style on page with different-origin base tag</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <!-- Helper functions for referrer-policy css tests. --> + <script src="/referrer-policy/css-integration/css-test-helper.js"></script> + <meta name="referrer" content="origin"> +</head> + +<base href="http://other-page.example/" /> + +<body> + <p>Check that resources from inline styles are loaded with + the referrer and referrer policy from the document and, in + particular, not from the document's overridden base URL.</p> + <script> + function setInlineStyle(test) { + test.expected = location.origin + "/"; + let svg = createSvg(); + document.body.appendChild(svg); + let element = svg.getElementsByTagName('path')[0]; + element.style = test.property + ": url(" + url_prefix + "svg.py?id=" + + test.id + "#invalidFragment);"; + } + + runSvgTests(svg_test_properties, + "Styling SVG from inline styles", + setInlineStyle); + </script> + + <div id="log"></div> +</body> + +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/svg/inline-style.html b/testing/web-platform/tests/referrer-policy/css-integration/svg/inline-style.html new file mode 100644 index 0000000000..2d4725e0bb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/svg/inline-style.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - styling SVG from inline style</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <!-- Helper functions for referrer-policy css tests. --> + <script src="/referrer-policy/css-integration/css-test-helper.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from inline styles are loaded with + the referrer and referrer policy from the document.</p> + <script> + function setInlineStyle(test) + { + test.expected = location.origin + "/"; + let svg = createSvg(); + document.body.appendChild(svg); + let element = svg.getElementsByTagName('path')[0]; + element.style = test.property + ": url(" + url_prefix + "svg.py?id=" + + test.id + "#invalidFragment);"; + } + + runSvgTests(svg_test_properties, + "Styling SVG from inline styles", + setInlineStyle); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/svg/internal-stylesheet.html b/testing/web-platform/tests/referrer-policy/css-integration/svg/internal-stylesheet.html new file mode 100644 index 0000000000..38f4cf8b56 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/svg/internal-stylesheet.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - styling SVG from internal style</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <!-- Helper functions for referrer-policy css tests. --> + <script src="/referrer-policy/css-integration/css-test-helper.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from internal styles are loaded with + the referrer and referrer policy from the document.</p> + <script> + function setInternalStyle(test) { + test.expected = location.origin + "/"; + let style = document.createElementNS(svg_ns, "style"); + style.textContent = "path { " + test.property + ": url(" + url_prefix + + "svg.py?id=" + test.id + "#invalidFragment);"; + let svg = createSvg(); + svg.appendChild(style); + document.body.appendChild(svg); + } + + runSvgTests(svg_test_properties, + "Styling SVG from internal styles", + setInternalStyle); + </script> + + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/css-integration/svg/presentation-attribute.html b/testing/web-platform/tests/referrer-policy/css-integration/svg/presentation-attribute.html new file mode 100644 index 0000000000..e2104a6a6c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/svg/presentation-attribute.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - styling SVG from external stylesheet from + presentation attribute</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <!-- Helper functions for referrer-policy css tests. --> + <script src="/referrer-policy/css-integration/css-test-helper.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from presentation attributes are loaded with + the referrer and referrer policy from the document.</p> + <script> + function setPresentationAttribute(test) + { + test.expected = location.origin + "/"; + let svg = createSvg(); + document.body.appendChild(svg); + let element = svg.getElementsByTagName("path")[0]; + // The test property should have map 1:1 with presentation attribute. + let attr = test.property; + element.setAttribute(attr, "url(" + url_prefix + "svg.py?id=" + + test.id + "#invalidFragment)"); + } + + // mask-image is not the presentation attribute. + runSvgTests(svg_test_properties.filter(p => p != 'mask-image'), + "Styling SVG from presentation attributes", + setPresentationAttribute); + </script> + + <div id="log"></div> + </body> +</html> + diff --git a/testing/web-platform/tests/referrer-policy/css-integration/svg/processing-instruction.html b/testing/web-platform/tests/referrer-policy/css-integration/svg/processing-instruction.html new file mode 100644 index 0000000000..4ff9a51890 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/css-integration/svg/processing-instruction.html @@ -0,0 +1,38 @@ +<!DOCTYPE html> +<html> + <head> + <title>CSS integration - styling SVG from external stylesheet via + ProcessingInstruction</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/utils.js"></script> + <!-- Common global functions for referrer-policy tests. --> + <script src="/common/security-features/resources/common.sub.js"></script> + <!-- Helper functions for referrer-policy css tests. --> + <script src="/referrer-policy/css-integration/css-test-helper.js"></script> + <meta name="referrer" content="origin"> + </head> + <body> + <p>Check that resources from external stylesheets (referenced from a + ProcessingInstruction) are loaded with the referrer and referrer policy + from the external stylesheet.</p> + <script> + function addProcessingInstruction(test) { + let svg_url = url_prefix + "svg.py?id=" + test.id + "&type=svg" + + "&property=" + test.property + "&embedded-svg"; + let iframe = document.createElement("iframe"); + test.expected = url_prefix + "stylesheet.py?id=" + test.id + + "&type=svg" + "&property=" + test.property; + iframe.src = svg_url; + document.body.appendChild(iframe); + } + + runSvgTests(svg_test_properties, + "Styling SVG from ProcessingInstruction", + addProcessingInstruction); + </script> + + <div id="log"></div> + </body> +</html> + |