diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html b/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html new file mode 100644 index 0000000000..696a27ba75 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html @@ -0,0 +1,45 @@ +<!DOCTYPE html> +<html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/content-security-policy/support/testharness-helper.js"></script> + <meta http-equiv="Content-Security-Policy" + content="require-trusted-types-for 'script'; trusted-types default"> +</head> +<body> + <script> + promise_test(t => { + let evil = false; + assert_throws_js(EvalError, _ => { + eval("evil = '1234567890123456789012345678901234567890';"); + }); + assert_false(evil); + return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => { + assert_equals(e.sample, "eval|evil = '12345678901234567890123456789012"); + })); + }, "Unsafe eval violation sample is clipped to 40 characters."); + + promise_test(t => { + assert_throws_js(EvalError, _ => { + new Function("a", "b", "return '1234567890123456789012345678901234567890';"); + }); + return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => { + assert_equals(e.sample.replace(/\n/g, ""), + "Function|(a,b) {return '12345678901234567890123"); + })); + }, "Function constructor - the other kind of eval - is clipped."); + + promise_test(t => { + const a = document.createElement("a"); + assert_throws_js(TypeError, _ => { + a.innerHTML = "1234567890123456789012345678901234567890xxxx"; + }); + assert_equals(a.innerHTML, ""); + return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => { + assert_equals(e.sample, "Element innerHTML|1234567890123456789012345678901234567890"); + })); + }, "Trusted Types violation sample is clipped to 40 characters excluded the sink name."); + </script> +</body> +</html> |