From 43a97878ce14b72f0981164f87f2e35e14151312 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:22:09 +0200 Subject: Adding upstream version 110.0.1. Signed-off-by: Daniel Baumann --- .../meta/combine-header-and-meta-policies.sub.html | 54 ++++++++++++++++++++++ ...e-header-and-meta-policies.sub.html.sub.headers | 5 ++ .../content-security-policy/meta/meta-img-src.html | 33 +++++++++++++ .../meta/meta-modified.html | 35 ++++++++++++++ .../meta/meta-outside-head.sub.html | 32 +++++++++++++ .../meta/meta-outside-head.sub.html.sub.headers | 1 + .../meta/sandbox-iframe.html | 54 ++++++++++++++++++++++ .../meta/support/metaHelper.js | 5 ++ 8 files changed, 219 insertions(+) create mode 100644 testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-img-src.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-modified.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html.sub.headers create mode 100644 testing/web-platform/tests/content-security-policy/meta/sandbox-iframe.html create mode 100644 testing/web-platform/tests/content-security-policy/meta/support/metaHelper.js (limited to 'testing/web-platform/tests/content-security-policy/meta') diff --git a/testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html b/testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html new file mode 100644 index 0000000000..70bfeb6b3b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html @@ -0,0 +1,54 @@ + + + + + + + combine-header-and-meta-policies + + + + + + + + +

Test passes if both style and image are blocked and a report is generated for the + style block from the header-supplied policy.

+ + + + +

+ + + diff --git a/testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html.sub.headers new file mode 100644 index 0000000000..062d823228 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/combine-header-and-meta-policies.sub.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; diff --git a/testing/web-platform/tests/content-security-policy/meta/meta-img-src.html b/testing/web-platform/tests/content-security-policy/meta/meta-img-src.html new file mode 100644 index 0000000000..bc7ffd66a7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/meta-img-src.html @@ -0,0 +1,33 @@ + + + + + + meta-img-src + + + + + + +

Test passes if the image is blocked.

+ + +

+ + + diff --git a/testing/web-platform/tests/content-security-policy/meta/meta-modified.html b/testing/web-platform/tests/content-security-policy/meta/meta-modified.html new file mode 100644 index 0000000000..d03115f31b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/meta-modified.html @@ -0,0 +1,35 @@ + + + + + + meta-modified + + + + + + +

Test passes if the image is blocked both before and after policy modification.

+ + +

+ + + diff --git a/testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html b/testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html new file mode 100644 index 0000000000..7a706c2fc5 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html @@ -0,0 +1,32 @@ + + + + + + meta-outside-head + + + + + + + + + + + +

This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document's head.

+ + +

+ + + diff --git a/testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html.sub.headers new file mode 100644 index 0000000000..8e90073147 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/meta-outside-head.sub.html.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-abc'; connect-src 'self'; diff --git a/testing/web-platform/tests/content-security-policy/meta/sandbox-iframe.html b/testing/web-platform/tests/content-security-policy/meta/sandbox-iframe.html new file mode 100644 index 0000000000..d353cafae1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/sandbox-iframe.html @@ -0,0 +1,54 @@ + + + + + + + base-uri works correctly inside a sandboxed iframe. + + + + + +

self is derived correctly inside inside a sandboxed iframe.

+ + + + + + diff --git a/testing/web-platform/tests/content-security-policy/meta/support/metaHelper.js b/testing/web-platform/tests/content-security-policy/meta/support/metaHelper.js new file mode 100644 index 0000000000..9191a39c73 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/meta/support/metaHelper.js @@ -0,0 +1,5 @@ +if (typeof aa != 'undefined') { + alert_assert(aa); +} else { + alert_assert("Failed - allowed inline script blocked by meta policy outside head."); +} -- cgit v1.2.3