From 43a97878ce14b72f0981164f87f2e35e14151312 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:22:09 +0200 Subject: Adding upstream version 110.0.1. Signed-off-by: Daniel Baumann --- ...ame-src-about-blank-allowed-by-default.sub.html | 32 ++++++++++ ...rame-src-about-blank-allowed-by-scheme.sub.html | 28 +++++++++ .../frame-src/frame-src-allowed.sub.html | 64 ++++++++++++++++++++ .../frame-src/frame-src-blocked.sub.html | 62 ++++++++++++++++++++ .../frame-src/frame-src-cross-origin-load.sub.html | 68 ++++++++++++++++++++++ ...cross-origin-same-document-navigation.window.js | 45 ++++++++++++++ .../frame-src/frame-src-redirect.html | 35 +++++++++++ .../frame-src/frame-src-redirect.html.headers | 2 + .../frame-src-same-document-meta.sub.html | 52 +++++++++++++++++ .../frame-src/frame-src-same-document.sub.html | 22 +++++++ .../frame-src-same-document.sub.html.headers | 1 + .../frame-src/frame-src-sandboxed-allowed.html | 29 +++++++++ .../frame-src-sandboxed-allowed.html.headers | 4 ++ .../frame-src/frame-src-self-unique-origin.html | 49 ++++++++++++++++ .../frame-src/support/frame.html | 2 + .../frame-src/support/testharness-helper.sub.js | 5 ++ 16 files changed, 500 insertions(+) create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/support/frame.html create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js (limited to 'testing/web-platform/tests/content-security-policy/frame-src') diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html new file mode 100644 index 0000000000..a9d40adee0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-default.sub.html @@ -0,0 +1,32 @@ + + + + + + + frame-src-about-blank-allowed-by-default + + + + + +

These frames should not be blocked by Content-Security-Policy. + It's pointless to block about:blank iframes because + blocking a frame just results in displaying about:blank anyway! +

+ + + + + +
+ + + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html new file mode 100644 index 0000000000..f5b62aaa2f --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-about-blank-allowed-by-scheme.sub.html @@ -0,0 +1,28 @@ + + + + + + + frame-src-about-blank-allowed-by-scheme + + + + + +

This frame should not be blocked by Content-Security-Policy. +

+ + + +
+ + + + \ No newline at end of file diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html new file mode 100644 index 0000000000..8421a9cbfb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-allowed.sub.html @@ -0,0 +1,64 @@ + + + + + frame-src-allowed + + + + + +

+ This iframe should be allowed. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html new file mode 100644 index 0000000000..a4957f8715 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-blocked.sub.html @@ -0,0 +1,62 @@ + + + + + + + frame-src-blocked + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html new file mode 100644 index 0000000000..956c79fbf0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html @@ -0,0 +1,68 @@ + + + + + + + frame-src-cross-origin-load + + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + + + +
+ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js new file mode 100644 index 0000000000..4c77193541 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js @@ -0,0 +1,45 @@ +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js + +// Regression test for https://crbug.com/1262203 +// +// A cross-origin document initiates a same-document navigation. This navigation +// is subject to CSP:frame-src 'none', but this doesn't apply, since it's a +// same-document navigation. This test checks this doesn't lead to a crash. + +promise_test(async test => { + const child_token = token(); + const child = new RemoteContext(child_token); + const iframe = document.createElement("iframe"); + iframe.src = remoteExecutorUrl(child_token, { + host: get_host_info().REMOTE_HOST + }); + document.body.appendChild(iframe); + + // Install a promise waiting for a same-document navigation to happen in the + // child. + await child.execute_script(() => { + window.sameDocumentNavigation = new Promise(resolve => { + window.addEventListener("popstate", resolve); + }); + }); + + // Append a new CSP, disallowing new iframe navigations. + const meta = document.createElement("meta"); + meta.httpEquiv = "Content-Security-Policy"; + meta.content = "frame-src 'none'"; + document.head.appendChild(meta); + + document.addEventListener( + "securitypolicyviolation", + test.unreached_func("same-document navigations aren't subject to CSP")); + + // Create a same-document navigation, inititated cross-origin in the iframe. + // It must not be blocked by the CSP above. + iframe.src += "#foo"; + + // Make sure the navigation succeeded and was indeed a same-document one: + await child.execute_script(() => sameDocumentNavigation); + assert_equals(await child.execute_script(() => location.href), iframe.src); +}) diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html new file mode 100644 index 0000000000..f5ac88b052 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html @@ -0,0 +1,35 @@ + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers new file mode 100644 index 0000000000..338bea13b8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-redirect.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: frame-src 'self' +Content-Security-Policy-Report-Only: frame-src http://foo.test diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html new file mode 100644 index 0000000000..f4122f3d35 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html @@ -0,0 +1,52 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html new file mode 100644 index 0000000000..9868f92955 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html @@ -0,0 +1,22 @@ + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers new file mode 100644 index 0000000000..6502444407 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document.sub.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: frame-src 'none' diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html new file mode 100644 index 0000000000..419a14458b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html @@ -0,0 +1,29 @@ + + + + Frame-src: 'self' matches even if the parent's origin is unique. + + + + + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers new file mode 100644 index 0000000000..ec9e8deb59 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html.headers @@ -0,0 +1,4 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Pragma: no-cache +Content-Security-Policy: frame-src 'self'; sandbox allow-scripts diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html new file mode 100644 index 0000000000..3d04a08ad7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-self-unique-origin.html @@ -0,0 +1,49 @@ + + + + + frame-src-self-unique-origin + + + + + +

+ The origin of an URL is called "unique" when it is considered to be + different from every origin, including itself. The origin of a + data-url is unique. When the current origin is unique, the CSP source + 'self' must not match any URL. +

+ + + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/support/frame.html b/testing/web-platform/tests/content-security-policy/frame-src/support/frame.html new file mode 100644 index 0000000000..50be429587 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/support/frame.html @@ -0,0 +1,2 @@ + + diff --git a/testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js b/testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js new file mode 100644 index 0000000000..b9e9a6c856 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/support/testharness-helper.sub.js @@ -0,0 +1,5 @@ +function generateCrossOriginRedirectFrame() { + var target = "http://{{domains[天気の良い日]}}:" + document.location.port + "/content-security-policy/frame-src/support/frame.html"; + var url = "/common/redirect.py?location=" + encodeURIComponent(target); + return { url: url, target: target }; +} -- cgit v1.2.3