summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html')
-rw-r--r--testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html45
1 files changed, 45 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html b/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html
new file mode 100644
index 0000000000..696a27ba75
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/reporting/report-clips-sample.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/content-security-policy/support/testharness-helper.js"></script>
+ <meta http-equiv="Content-Security-Policy"
+ content="require-trusted-types-for 'script'; trusted-types default">
+</head>
+<body>
+ <script>
+ promise_test(t => {
+ let evil = false;
+ assert_throws_js(EvalError, _ => {
+ eval("evil = '1234567890123456789012345678901234567890';");
+ });
+ assert_false(evil);
+ return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => {
+ assert_equals(e.sample, "eval|evil = '12345678901234567890123456789012");
+ }));
+ }, "Unsafe eval violation sample is clipped to 40 characters.");
+
+ promise_test(t => {
+ assert_throws_js(EvalError, _ => {
+ new Function("a", "b", "return '1234567890123456789012345678901234567890';");
+ });
+ return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => {
+ assert_equals(e.sample.replace(/\n/g, ""),
+ "Function|(a,b) {return '12345678901234567890123");
+ }));
+ }, "Function constructor - the other kind of eval - is clipped.");
+
+ promise_test(t => {
+ const a = document.createElement("a");
+ assert_throws_js(TypeError, _ => {
+ a.innerHTML = "1234567890123456789012345678901234567890xxxx";
+ });
+ assert_equals(a.innerHTML, "");
+ return waitUntilCSPEventForTrustedTypes(t).then(t.step_func_done(e => {
+ assert_equals(e.sample, "Element innerHTML|1234567890123456789012345678901234567890");
+ }));
+ }, "Trusted Types violation sample is clipped to 40 characters excluded the sink name.");
+ </script>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 01:11:35 +0000