diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8')
12 files changed, 153 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html new file mode 100644 index 0000000000..0d0f46fda4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html @@ -0,0 +1,20 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc' 'sha256-c6TzhBw/snA+hlDMGOuKLWXIkb2sawA/S1wbSe6FeEM=';"> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script nonce="abc"> + var t1 = async_test("Should convert the script contents to UTF-8 before hashing"); + window.addEventListener("securitypolicyviolation", t1.unreached_func("Should not have fired a spv")); + </script> + + <!-- µ (micro sign) has the value of 0xB5 in latin-1 and of 0xC2B5 in utf-8 but the hash value should be the same as the utf-8 computed one --> + <script> + // µ - latin micro sign + t1.done(); + </script> +</body> +</html> + diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html.sub.headers new file mode 100644 index 0000000000..acc92f4e80 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=iso-8859-1 diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html new file mode 100644 index 0000000000..d4a0de41e2 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html @@ -0,0 +1,20 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc' 'sha256-hbNM6T3uO5pu4o5YfNnUmwtq5VHHMr7V5ospXtx9bqU=';"> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script nonce="abc"> + var t3 = async_test("Should convert the script contents to UTF-8 before hashing"); + window.addEventListener("securitypolicyviolation", t3.unreached_func("Should not have fired a spv")); + </script> + + <!-- « (latin capital letter g with breve) has the value of 0xAB in latin-3 and of 0xC49E in utf-8 but the hash value should be the same as the utf-8 computed one --> + <script> + // « - latin capital letter g with breve + t3.done(); + </script> +</body> +</html> + diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html.sub.headers new file mode 100644 index 0000000000..ae3e03dae1 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=iso-8859-3 diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html new file mode 100644 index 0000000000..62876f1e43 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html @@ -0,0 +1,20 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc' 'sha256-ST0rpskqtEC0Q0hqbIAZFeE1KBMJeGZGyYaTcTkieG8=';"> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script nonce="abc"> + var t2 = async_test("Should convert the script contents to UTF-8 before hashing"); + window.addEventListener("securitypolicyviolation", t2.unreached_func("Should not have fired a spv")); + </script> + + <!-- ì (greek small letter mu) has the value of 0xEC in latin-7 and of 0xCEBC in utf-8 but the hash value should be the same as the utf-8 computed one --> + <script> + // ì - greek small letter mu + t2.done(); + </script> +</body> +</html> + diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html.sub.headers new file mode 100644 index 0000000000..9550b0de30 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=iso-8859-7 diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html new file mode 100644 index 0000000000..8c1db6d203 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html @@ -0,0 +1,20 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc' 'sha256-hbNM6T3uO5pu4o5YfNnUmwtq5VHHMr7V5ospXtx9bqU=';"> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script nonce="abc"> + var t3 = async_test("Should convert the script contents to UTF-8 before hashing"); + window.addEventListener("securitypolicyviolation", t3.unreached_func("Should not have fired a spv")); + </script> + + <!-- Ð (latin capital letter g with breve) has the value of 0xD0 in latin-9 and of 0xC49E in utf-8 but the hash value should be the same as the utf-8 computed one --> + <script> + // Ð - latin capital letter g with breve + t3.done(); + </script> +</body> +</html> + diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html.sub.headers new file mode 100644 index 0000000000..6382ff86a7 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=iso-8859-9 diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html new file mode 100644 index 0000000000..58730a72cc --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html @@ -0,0 +1,31 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc' 'sha256-YJSaNEZFStZqU2Mp2EttwhcP2aT9lnDvexn+BM2HfKo=';"> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script nonce="abc"> + var t = async_test("Should convert the script contents to UTF-8 before hashing"); + var count = 0; + var script_ran = function() { + // if both blocks run the tests is succsssful + if (++count == 2) t.done(); + } + window.addEventListener("securitypolicyviolation", t.unreached_func("Should not have fired a spv")); + + // Insert a script element that contains the U+FFFD replacement character + var scr1 = document.createElement('script'); + scr1.text ="//\uFFFD\nscript_ran();"; + document.body.appendChild(scr1); + + // Insert a script element that contains a surrogate character but it otherwise + // entirely identical to the previously inserted one, the surrogate should be + // be converted to U+FFFD when converting to UTF-8 so it should have the + // same hash as the one inserted before + var scr2 = document.createElement('script'); + scr2.text ="//\uD801\nscript_ran();"; + document.body.appendChild(scr2); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html.sub.headers new file mode 100644 index 0000000000..2d1c08b9e8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=utf-8 diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html new file mode 100644 index 0000000000..b770cba246 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html @@ -0,0 +1,36 @@ +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-abc' + 'sha256-c6TzhBw/snA+hlDMGOuKLWXIkb2sawA/S1wbSe6FeEM=' + 'sha256-ST0rpskqtEC0Q0hqbIAZFeE1KBMJeGZGyYaTcTkieG8=' + 'sha256-hbNM6T3uO5pu4o5YfNnUmwtq5VHHMr7V5ospXtx9bqU=';"> + <!-- hashes matching the 3 script blocks below --> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <script nonce="abc"> + var t1 = async_test("Should convert the script contents to UTF-8 before hashing - latin micro sign"); + window.addEventListener("securitypolicyviolation", t1.unreached_func("Should not have fired a spv")); + var t2 = async_test("Should convert the script contents to UTF-8 before hashing - greek small letter mu"); + window.addEventListener("securitypolicyviolation", t2.unreached_func("Should not have fired a spv")); + var t3 = async_test("Should convert the script contents to UTF-8 before hashing - latin capital letter g with breve"); + window.addEventListener("securitypolicyviolation", t3.unreached_func("Should not have fired a spv")); + </script> + + <!-- the hash values of these script blocks should match the same values + of identical script blocks in documents with other encodings --> + <script> + // µ - latin micro sign + t1.done(); + </script> + <script> + // μ - greek small letter mu + t2.done(); + </script> + <script> + // Äž - latin capital letter g with breve + t3.done(); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.sub.headers new file mode 100644 index 0000000000..2d1c08b9e8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.sub.headers @@ -0,0 +1 @@ +Content-Type: text/html; charset=utf-8 |