mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1117650 - Part 3: Move all CSP tests into dom/security/test. r=sstamm
This commit is contained in:
parent
611619315b
commit
b18efc68c6
@ -1,5 +0,0 @@
|
||||
[DEFAULT]
|
||||
skip-if = buildapp == 'b2g'
|
||||
|
||||
[test_csp_bug768029.html]
|
||||
[test_csp_bug773891.html]
|
@ -1,4 +0,0 @@
|
||||
<!doctype html>
|
||||
<meta charset=utf-8>
|
||||
<link rel="manifest" href="https://example.com:443/tests/dom/base/test/csp/file_CSP_web_manifest_https.json">
|
||||
<h1>Support Page for Web Manifest Tests</h1>
|
@ -1,15 +0,0 @@
|
||||
<html>
|
||||
<head>
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='/tests/dom/base/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
|
||||
<img src="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
|
||||
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,15 +0,0 @@
|
||||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox="allow-same-origin" -->
|
||||
<!-- Content-Security-Policy: default-src 'self' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
|
||||
<!-- these should load ok -->
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
|
||||
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,12 +0,0 @@
|
||||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,12 +0,0 @@
|
||||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,14 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
|
||||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<!--
|
||||
We resue file_csp_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
|
||||
Note, that we are loading the file_csp_path_matchting.js using a scheme of 'https'.
|
||||
-->
|
||||
<script src="https://example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
|
||||
</body>
|
||||
</html>
|
@ -1,25 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_csp_bug768029.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_csp_bug768029.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_csp_bug768029.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,25 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for csp testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_csp_bug773891.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_csp_bug773891.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_csp_bug773891.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1 +0,0 @@
|
||||
content-security-policy-report-only: policy-uri /tests/dom/base/test/csp/file_CSP_policyuri_regression_from_multipolicy_policy
|
@ -10,7 +10,6 @@ XPCSHELL_TESTS_MANIFESTS += [
|
||||
]
|
||||
|
||||
GeckoCppUnitTests([
|
||||
'TestCSPParser',
|
||||
'TestGetURL',
|
||||
'TestNativeXMLHttpRequest',
|
||||
'TestPlainTextSerializer',
|
||||
@ -18,7 +17,6 @@ GeckoCppUnitTests([
|
||||
|
||||
MOCHITEST_MANIFESTS += [
|
||||
'chrome/mochitest.ini',
|
||||
'csp/mochitest.ini',
|
||||
'mochitest.ini',
|
||||
'websocket_hybi/mochitest.ini',
|
||||
]
|
||||
@ -33,10 +31,8 @@ if CONFIG['MOZ_CHILD_PERMISSIONS']:
|
||||
MOCHITEST_CHROME_MANIFESTS += [
|
||||
'chrome.ini',
|
||||
'chrome/chrome.ini',
|
||||
'csp/chrome.ini',
|
||||
]
|
||||
|
||||
BROWSER_CHROME_MANIFESTS += [
|
||||
'browser.ini',
|
||||
'csp/browser.ini',
|
||||
]
|
||||
|
@ -13,7 +13,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=713980
|
||||
<style>
|
||||
@font-face {
|
||||
font-family: "bad_cross_origin_webfont";
|
||||
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
}
|
||||
div#bad_webfont { font-family: "bad_cross_origin_webfont"; }
|
||||
</style>
|
||||
|
@ -23,8 +23,6 @@ support-files =
|
||||
|
||||
[test_bug553888.js]
|
||||
[test_bug737966.js]
|
||||
[test_cspreports.js]
|
||||
skip-if = buildapp == 'mulet'
|
||||
[test_error_codes.js]
|
||||
run-sequentially = Hardcoded 4444 port.
|
||||
# Bug 1018414: hardcoded localhost doesn't work properly on some OS X installs
|
||||
|
@ -11,12 +11,12 @@ requestLongerTimeout(10); // e10s tests take time.
|
||||
const {
|
||||
ManifestObtainer
|
||||
} = Components.utils.import('resource://gre/modules/WebManifest.jsm', {});
|
||||
const path = '/tests/dom/base/test/csp/';
|
||||
const testFile = `file=${path}file_CSP_web_manifest.html`;
|
||||
const remoteFile = `file=${path}file_CSP_web_manifest_remote.html`;
|
||||
const httpsManifest = `file=${path}file_CSP_web_manifest_https.html`;
|
||||
const mixedContent = `file=${path}file_CSP_web_manifest_mixed_content.html`;
|
||||
const server = 'file_csp_testserver.sjs';
|
||||
const path = '/tests/dom/security/test/csp/';
|
||||
const testFile = `file=${path}file_web_manifest.html`;
|
||||
const remoteFile = `file=${path}file_web_manifest_remote.html`;
|
||||
const httpsManifest = `file=${path}file_web_manifest_https.html`;
|
||||
const mixedContent = `file=${path}file_web_manifest_mixed_content.html`;
|
||||
const server = 'file_testserver.sjs';
|
||||
const defaultURL = `http://example.org${path}${server}`;
|
||||
const remoteURL = `http://mochi.test:8888`;
|
||||
const secureURL = `https://example.com${path}${server}`;
|
@ -7,12 +7,12 @@
|
||||
const {
|
||||
ManifestObtainer
|
||||
} = Components.utils.import('resource://gre/modules/WebManifest.jsm', {});
|
||||
const path = '/tests/dom/base/test/csp/';
|
||||
const mixedContent = `file=${path}file_CSP_web_manifest_mixed_content.html`;
|
||||
const server = 'file_csp_testserver.sjs';
|
||||
const path = '/tests/dom/security/test/csp/';
|
||||
const mixedContent = `file=${path}file_web_manifest_mixed_content.html`;
|
||||
const server = 'file_testserver.sjs';
|
||||
const secureURL = `https://example.com${path}${server}`;
|
||||
const tests = [
|
||||
// Trying to load mixed content in file_CSP_web_manifest_mixed_content.html
|
||||
// Trying to load mixed content in file_web_manifest_mixed_content.html
|
||||
// needs to result in an error.
|
||||
{
|
||||
expected: `Mixed Content Blocker prevents fetching manifest.`,
|
5
dom/security/test/csp/chrome.ini
Normal file
5
dom/security/test/csp/chrome.ini
Normal file
@ -0,0 +1,5 @@
|
||||
[DEFAULT]
|
||||
skip-if = buildapp == 'b2g'
|
||||
|
||||
[test_bug768029.html]
|
||||
[test_bug773891.html]
|
@ -12,7 +12,7 @@
|
||||
}
|
||||
@font-face {
|
||||
font-family: "arbitrary_bad";
|
||||
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
}
|
||||
|
||||
.div_arbitrary_good { font-family: "arbitrary_good"; }
|
14
dom/security/test/csp/file_allow_https_schemes.html
Normal file
14
dom/security/test/csp/file_allow_https_schemes.html
Normal file
@ -0,0 +1,14 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
|
||||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<!--
|
||||
We resue file_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
|
||||
Note, that we are loading the file_path_matchting.js using a scheme of 'https'.
|
||||
-->
|
||||
<script src="https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
|
||||
</body>
|
||||
</html>
|
@ -1,5 +1,5 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
|
||||
<catalog>
|
||||
<cd>
|
||||
<title>Empire Burlesque</title>
|
@ -1,5 +1,5 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
|
||||
<catalog>
|
||||
<cd>
|
||||
<title>Empire Burlesque</title>
|
25
dom/security/test/csp/file_bug768029.html
Normal file
25
dom/security/test/csp/file_bug768029.html
Normal file
@ -0,0 +1,25 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_bug768029.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_bug768029.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_bug768029.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
25
dom/security/test/csp/file_bug773891.html
Normal file
25
dom/security/test/csp/file_bug773891.html
Normal file
@ -0,0 +1,25 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>This is an app for csp testing</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="file_bug773891.sjs?type=style&origin=same_origin" />
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=style&origin=cross_origin" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<script src="file_bug773891.sjs?type=script&origin=same_origin"></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=script&origin=cross_origin"></script>
|
||||
<img src="file_bug773891.sjs?type=img&origin=same_origin" />
|
||||
<img src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=img&origin=cross_origin" />
|
||||
|
||||
Test for CSP applied to (simulated) app.
|
||||
|
||||
</body>
|
||||
</html>
|
@ -7,6 +7,6 @@
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<script src='file_CSP_bug802872.js'></script>
|
||||
<script src='file_bug802872.js'></script>
|
||||
</body>
|
||||
</html>
|
@ -8,7 +8,7 @@ function createAllowedEvent() {
|
||||
* Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
|
||||
* 'http://mochi.test', a default-src of 'self' allows this request.
|
||||
*/
|
||||
var src_event = new EventSource("http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
|
||||
var src_event = new EventSource("http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs");
|
||||
|
||||
src_event.onmessage = function(e) {
|
||||
src_event.close();
|
||||
@ -26,7 +26,7 @@ function createBlockedEvent() {
|
||||
* creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the
|
||||
* CSP of this page, therefore the CSP blocks this request.
|
||||
*/
|
||||
var src_event = new EventSource("http://example.com/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
|
||||
var src_event = new EventSource("http://example.com/tests/dom/security/test/csp/file_bug802872.sjs");
|
||||
|
||||
src_event.onmessage = function(e) {
|
||||
src_event.close();
|
15
dom/security/test/csp/file_bug836922_npolicies.html
Normal file
15
dom/security/test/csp/file_bug836922_npolicies.html
Normal file
@ -0,0 +1,15 @@
|
||||
<html>
|
||||
<head>
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='/tests/dom/security/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
|
||||
<img src="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
|
||||
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,2 +1,2 @@
|
||||
content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_violation.sjs
|
||||
content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
|
||||
content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_violation.sjs
|
||||
content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
|
15
dom/security/test/csp/file_bug886164.html
Normal file
15
dom/security/test/csp/file_bug886164.html
Normal file
@ -0,0 +1,15 @@
|
||||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox="allow-same-origin" -->
|
||||
<!-- Content-Security-Policy: default-src 'self' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
|
||||
<!-- these should load ok -->
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
|
||||
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -5,10 +5,10 @@
|
||||
<!-- Content-Security-Policy: default-src 'self' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
|
||||
<!-- these should load ok -->
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
12
dom/security/test/csp/file_bug886164_3.html
Normal file
12
dom/security/test/csp/file_bug886164_3.html
Normal file
@ -0,0 +1,12 @@
|
||||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
12
dom/security/test/csp/file_bug886164_4.html
Normal file
12
dom/security/test/csp/file_bug886164_4.html
Normal file
@ -0,0 +1,12 @@
|
||||
<html>
|
||||
<head> <meta charset="utf-8"> </head>
|
||||
<body>
|
||||
<!-- sandbox -->
|
||||
<!-- Content-Security-Policy: default-src 'none' -->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
|
||||
|
||||
</body>
|
||||
</html>
|
@ -18,9 +18,9 @@
|
||||
<!-- Content-Security-Policy: default-src 'none' 'unsafe-inline'-->
|
||||
|
||||
<!-- these should be stopped by CSP -->
|
||||
<img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
|
||||
<script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
|
||||
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
|
||||
<img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
|
||||
<script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
|
||||
</body>
|
||||
</html>
|
@ -21,8 +21,8 @@
|
||||
<script src='file_iframe_sandbox_pass.js'></script>
|
||||
<body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
|
||||
I am sandboxed but with "allow-scripts"
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
|
||||
|
||||
<form method="get" action="file_iframe_sandbox_form_fail.html" id="a_form">
|
||||
First name: <input type="text" name="firstname">
|
@ -39,5 +39,5 @@ function handleRequest(request, response)
|
||||
|
||||
// Send HTML to test allowed/blocked behaviors
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
response.write(loadHTMLFromFile("tests/dom/base/test/csp/file_CSP_bug888172.html"));
|
||||
response.write(loadHTMLFromFile("tests/dom/security/test/csp/file_bug888172.html"));
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
// Server side js file for bug 910139, see file test_CSP_bug910139.html for details.
|
||||
// Server side js file for bug 910139, see file test_bug910139.html for details.
|
||||
|
||||
Components.utils.import("resource://gre/modules/NetUtil.jsm");
|
||||
|
||||
@ -48,5 +48,5 @@ function handleRequest(request, response)
|
||||
response.setHeader("Content-Security-Policy", getPolicy(), false);
|
||||
|
||||
// return the requested XML file.
|
||||
response.write(loadResponseFromFile("tests/dom/base/test/csp/file_CSP_bug910139.xml"));
|
||||
response.write(loadResponseFromFile("tests/dom/security/test/csp/file_bug910139.xml"));
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
|
||||
<?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
|
||||
<catalog>
|
||||
<cd>
|
||||
<title>Empire Burlesque</title>
|
@ -3,7 +3,7 @@
|
||||
<body>
|
||||
|
||||
<!-- this should be allowed (no CSP)-->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
@ -12,13 +12,13 @@
|
||||
//this should be allowed (no CSP)
|
||||
try {
|
||||
var img = document.createElement("img");
|
||||
img.src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
|
||||
img.src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
|
||||
document.body.appendChild(img);
|
||||
} catch(e) {
|
||||
console.log("yo: "+e);
|
||||
}
|
||||
};
|
||||
req.open("get", "file_CSP_bug941404_xhr.html", true);
|
||||
req.open("get", "file_bug941404_xhr.html", true);
|
||||
req.responseType = "document";
|
||||
req.send();
|
||||
</script>
|
@ -6,10 +6,10 @@
|
||||
<body>
|
||||
<script type="text/javascript">
|
||||
|
||||
// Please note that file_csp_testserver.sjs?foo does not return a response.
|
||||
// Please note that file_testserver.sjs?foo does not return a response.
|
||||
// For testing purposes this is not necessary because we only want to check
|
||||
// whether CSP allows or blocks the load.
|
||||
fetch( "file_csp_testserver.sjs?foo");
|
||||
fetch( "file_testserver.sjs?foo");
|
||||
|
||||
</script>
|
||||
</body>
|
@ -7,11 +7,11 @@
|
||||
<script type="text/javascript">
|
||||
|
||||
try {
|
||||
// Please note that file_csp_testserver.sjs?foo does not return a response.
|
||||
// Please note that file_testserver.sjs?foo does not return a response.
|
||||
// For testing purposes this is not necessary because we only want to check
|
||||
// whether CSP allows or blocks the load.
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("GET", "file_csp_testserver.sjs?foo", false);
|
||||
xhr.open("GET", "file_testserver.sjs?foo", false);
|
||||
xhr.send(null);
|
||||
}
|
||||
catch (e) { }
|
@ -2,7 +2,7 @@
|
||||
<head>
|
||||
<title>CSP eval script tests</title>
|
||||
<script type="application/javascript"
|
||||
src="file_CSP_evalscript_main.js"></script>
|
||||
src="file_evalscript_main.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
@ -2,7 +2,7 @@
|
||||
<head>
|
||||
<title>CSP eval script tests</title>
|
||||
<script type="application/javascript"
|
||||
src="file_CSP_evalscript_main_allowed.js"></script>
|
||||
src="file_evalscript_main_allowed.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
@ -30,9 +30,9 @@ function handleRequest(request, response)
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
response.write('<html><head>');
|
||||
if (query['double'])
|
||||
response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
|
||||
response.write('<script src="file_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
|
||||
else
|
||||
response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
|
||||
response.write('<script src="file_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
|
||||
response.write('</head><body>');
|
||||
response.write(unescape(query['internalframe']));
|
||||
response.write('</body></html>');
|
@ -3,7 +3,7 @@
|
||||
<title>CSP frame ancestors tests</title>
|
||||
|
||||
<!-- this page shouldn't have a CSP, just the sub-pages. -->
|
||||
<script src='file_CSP_frameancestors_main.js'></script>
|
||||
<script src='file_frameancestors_main.js'></script>
|
||||
|
||||
</head>
|
||||
<body>
|
@ -4,9 +4,9 @@ function setupFrames() {
|
||||
|
||||
var $ = function(v) { return document.getElementById(v); }
|
||||
var base = {
|
||||
self: '/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
|
||||
a: 'http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
|
||||
b: 'http://example.com/tests/dom/base/test/csp/file_CSP_frameancestors.sjs'
|
||||
self: '/tests/dom/security/test/csp/file_frameancestors.sjs',
|
||||
a: 'http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs',
|
||||
b: 'http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs'
|
||||
};
|
||||
|
||||
var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };
|
@ -5,7 +5,7 @@
|
||||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
<!-- Note, we reuse file_csp_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
|
||||
<script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"></script>
|
||||
<!-- Note, we reuse file_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
|
||||
<script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js"></script>
|
||||
</body>
|
||||
</html>
|
@ -5,7 +5,7 @@
|
||||
</head>
|
||||
<body>
|
||||
<!-- Please note that both scripts do *not* exist in the file system -->
|
||||
<script src="http://test1.example.com/tests/dom/base/test/csp/leading_wildcard_allowed.js" ></script>
|
||||
<script src="http://example.com/tests/dom/base/test/csp/leading_wildcard_blocked.js" ></script>
|
||||
<script src="http://test1.example.com/tests/dom/security/test/csp/leading_wildcard_allowed.js" ></script>
|
||||
<script src="http://example.com/tests/dom/security/test/csp/leading_wildcard_blocked.js" ></script>
|
||||
</body>
|
||||
</html>
|
@ -1,7 +1,7 @@
|
||||
<html>
|
||||
<head>
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
|
||||
href='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
|
||||
<link rel='stylesheet' type='text/css'
|
||||
href='file_CSP.sjs?testid=style_good&type=text/css' />
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
}
|
||||
@font-face {
|
||||
font-family: "arbitrary_bad";
|
||||
src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
|
||||
}
|
||||
|
||||
.div_arbitrary_good { font-family: "arbitrary_good"; }
|
||||
@ -23,13 +23,13 @@
|
||||
</head>
|
||||
<body>
|
||||
<!-- these should be stopped by CSP. :) -->
|
||||
<img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<audio src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
|
||||
<script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
<iframe src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<audio src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
<iframe src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
|
||||
<object width="10" height="10">
|
||||
<param name="movie" value="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
|
||||
<embed src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
|
||||
<param name="movie" value="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
|
||||
<embed src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
|
||||
</object>
|
||||
|
||||
<!-- these should load ok. :) -->
|
||||
@ -46,7 +46,7 @@
|
||||
<!-- XHR tests... they're taken care of in this script,
|
||||
and since the URI doesn't have any 'testid' values,
|
||||
it will just be ignored by the test framework. -->
|
||||
<script src='file_CSP_main.js'></script>
|
||||
<script src='file_main.js'></script>
|
||||
|
||||
<!-- Support elements for the @font-face test -->
|
||||
<div class="div_arbitrary_good">arbitrary good</div>
|
@ -3,14 +3,14 @@
|
||||
|
||||
try {
|
||||
var xhr_good = new XMLHttpRequest();
|
||||
var xhr_good_uri ="http://mochi.test:8888/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_good";
|
||||
var xhr_good_uri ="http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_good";
|
||||
xhr_good.open("GET", xhr_good_uri, true);
|
||||
xhr_good.send(null);
|
||||
} catch(e) {}
|
||||
|
||||
try {
|
||||
var xhr_bad = new XMLHttpRequest();
|
||||
var xhr_bad_uri ="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_bad";
|
||||
var xhr_bad_uri ="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_bad";
|
||||
xhr_bad.open("GET", xhr_bad_uri, true);
|
||||
xhr_bad.send(null);
|
||||
} catch(e) {}
|
@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
|
||||
-->
|
||||
<body>
|
||||
<!-- these should be stopped by CSP after fixing bug 717511. :) -->
|
||||
<img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
|
||||
|
||||
<!-- these should load ok after fixing bug 717511. :) -->
|
||||
<img src="file_CSP.sjs?testid=img_good&type=img/png" />
|
@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
|
||||
-->
|
||||
<body>
|
||||
<!-- these should be stopped by CSP after fixing bug 717511. :) -->
|
||||
<img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
|
||||
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
|
||||
<script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
|
||||
|
||||
<!-- these should load ok after fixing bug 717511. :) -->
|
||||
<img src="file_CSP.sjs?testid=img2_good&type=img/png" />
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user