1 files changed, 75 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html
new file mode 100644
index 0000000000..e46449117f
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/generic/invalid-characters-in-policy.html
@@ -0,0 +1,75 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+  <script>
+    var tests = [
+      // Make sure that csp works properly in normal situations
+      {
+        "csp": "",
+        "expected": true,
+        "name": "Should load image without any CSP",
+      },
+      {
+        "csp": "img-src 'none';",
+        "expected": false,
+        "name": "Should not load image with 'none' CSP",
+      },
+
+      // Now test with non-ASCII characters.
+      {
+        "csp": "img-src 'none' \u00A1invalid-source; style-src 'none'",
+        "expected": true,
+        "name": "Non-ASCII character in directive value should drop the whole directive.",
+      },
+      {
+        "csp": "img-src ‘none’;",
+        "expected": true,
+        "name": "Non-ASCII quote character in directive value should drop the whole directive.",
+      },
+      {
+        "csp": "img-src 'none'; style-src \u00A1invalid-source 'none'",
+        "expected": false,
+        "name": "Non-ASCII character in directive value should not affect other directives.",
+      },
+      {
+        "csp": "img-src 'none'; style\u00A1-src 'none'",
+        "expected": false,
+        "name": "Non-ASCII character in directive name should not affect other directives.",
+      },
+    ];
+
+    tests.forEach(test => {
+      async_test(t => {
+        var url = "support/load_img_and_post_result_meta.sub.html?csp="
+            + encodeURIComponent(test.csp);
+        test_image_loads_as_expected(test, t, url);
+      }, test.name + " - meta tag");
+
+      async_test(t => {
+        var url = "support/load_img_and_post_result_header.html?csp="
+            + encodeURIComponent(test.csp);
+        test_image_loads_as_expected(test, t, url);
+      }, test.name + " - HTTP header");
+    });
+
+    function test_image_loads_as_expected(test, t, url) {
+      var i = document.createElement('iframe');
+      i.src = url;
+      window.addEventListener('message', t.step_func(function(e) {
+        if (e.source != i.contentWindow) return;
+        if (test.expected) {
+          assert_equals(e.data, "img loaded");
+        } else {
+          assert_equals(e.data, "img not loaded");
+        }
+        t.done();
+      }));
+      document.body.appendChild(i);
+    }
+  </script>
+</body>
+</html>