Bug 1117650 - Part 3: Move all CSP tests into dom/security/test. r=sstamm

dom/base/test/csp/chrome.ini

@@ -1,5 +0,0 @@
-[DEFAULT]
-skip-if = buildapp == 'b2g'
-
-[test_csp_bug768029.html]
-[test_csp_bug773891.html]

dom/base/test/csp/file_CSP_web_manifest_https.html

@@ -1,4 +0,0 @@
-<!doctype html>
-<meta charset=utf-8>
-<link rel="manifest" href="https://example.com:443/tests/dom/base/test/csp/file_CSP_web_manifest_https.json">
-<h1>Support Page for Web Manifest Tests</h1>

dom/base/test/csp/file_bug836922_npolicies.html

@@ -1,15 +0,0 @@
-<html>
-  <head>
-    <link rel='stylesheet' type='text/css'
-          href='/tests/dom/base/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
-    <link rel='stylesheet' type='text/css'
-          href='http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
-
-  </head>
-  <body>
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
-    <img src="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
-    <script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
-
-  </body>
-</html>

dom/base/test/csp/file_bug886164.html

@@ -1,15 +0,0 @@
-<html>
-<head> <meta charset="utf-8"> </head>
-  <body>
-    <!-- sandbox="allow-same-origin" -->
-    <!-- Content-Security-Policy: default-src 'self' -->
-
-    <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
-
-    <!-- these should load ok -->
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
-    <script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
-
-  </body>
-</html>

dom/base/test/csp/file_bug886164_3.html

@@ -1,12 +0,0 @@
-<html>
-<head> <meta charset="utf-8"> </head>
-  <body>
-    <!-- sandbox -->
-    <!-- Content-Security-Policy: default-src 'none' -->
-
-    <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
-
-  </body>
-</html>

dom/base/test/csp/file_bug886164_4.html

@@ -1,12 +0,0 @@
-<html>
-<head> <meta charset="utf-8"> </head>
-  <body>
-    <!-- sandbox -->
-    <!-- Content-Security-Policy: default-src 'none' -->
-
-    <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
-
-  </body>
-</html>

dom/base/test/csp/file_csp_allow_https_schemes.html

@@ -1,14 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
-  </head>
-  <body>
-  <div id="testdiv">blocked</div>
-  <!--
-    We resue file_csp_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
-    Note, that we are loading the file_csp_path_matchting.js using a scheme of 'https'.
-   -->
-  <script src="https://example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
-</body>
-</html>

dom/base/test/csp/file_csp_bug768029.html

@@ -1,25 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  https://bugzilla.mozilla.org/show_bug.cgi?id=768029
--->
-<head>
-  <meta charset="utf-8">
-    <title>This is an app for testing</title>
-
-    <link rel="stylesheet" type="text/css"
-          href="file_csp_bug768029.sjs?type=style&origin=same_origin" />
-    <link rel="stylesheet" type="text/css"
-          href="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=style&origin=cross_origin" />
-  </head>
-  <body>
-
-    <script src="file_csp_bug768029.sjs?type=script&origin=same_origin"></script>
-    <script src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=script&origin=cross_origin"></script>
-    <img src="file_csp_bug768029.sjs?type=img&origin=same_origin" />
-    <img src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=img&origin=cross_origin" />
-
-    Test for CSP applied to (simulated) app.
-
-  </body>
-</html>

dom/base/test/csp/file_csp_bug773891.html

@@ -1,25 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  https://bugzilla.mozilla.org/show_bug.cgi?id=773891
--->
-<head>
-  <meta charset="utf-8">
-    <title>This is an app for csp testing</title>
-
-    <link rel="stylesheet" type="text/css"
-          href="file_csp_bug773891.sjs?type=style&origin=same_origin" />
-    <link rel="stylesheet" type="text/css"
-          href="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=style&origin=cross_origin" />
-  </head>
-  <body>
-
-    <script src="file_csp_bug773891.sjs?type=script&origin=same_origin"></script>
-    <script src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=script&origin=cross_origin"></script>
-    <img src="file_csp_bug773891.sjs?type=img&origin=same_origin" />
-    <img src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=img&origin=cross_origin" />
-
-    Test for CSP applied to (simulated) app.
-
-  </body>
-</html>

dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^

@@ -1 +0,0 @@
-content-security-policy-report-only: policy-uri /tests/dom/base/test/csp/file_CSP_policyuri_regression_from_multipolicy_policy

dom/base/test/moz.build

@@ -10,7 +10,6 @@ XPCSHELL_TESTS_MANIFESTS += [
 ]
 
 GeckoCppUnitTests([
-    'TestCSPParser',
     'TestGetURL',
     'TestNativeXMLHttpRequest',
     'TestPlainTextSerializer',
@@ -18,7 +17,6 @@ GeckoCppUnitTests([
 
 MOCHITEST_MANIFESTS += [
     'chrome/mochitest.ini',
-    'csp/mochitest.ini',
     'mochitest.ini',
     'websocket_hybi/mochitest.ini',
 ]
@@ -33,10 +31,8 @@ if CONFIG['MOZ_CHILD_PERMISSIONS']:
 MOCHITEST_CHROME_MANIFESTS += [
     'chrome.ini',
     'chrome/chrome.ini',
-    'csp/chrome.ini',
 ]
 
 BROWSER_CHROME_MANIFESTS += [
     'browser.ini',
-    'csp/browser.ini',
 ]

dom/base/test/test_warning_for_blocked_cross_site_request.html

@@ -13,7 +13,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=713980
   <style>
     @font-face {
       font-family: "bad_cross_origin_webfont";
-      src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
+      src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
     }
     div#bad_webfont { font-family: "bad_cross_origin_webfont"; }
   </style>

dom/base/test/unit/xpcshell.ini

@@ -23,8 +23,6 @@ support-files =
 
 [test_bug553888.js]
 [test_bug737966.js]
-[test_cspreports.js]
-skip-if = buildapp == 'mulet'
 [test_error_codes.js]
 run-sequentially = Hardcoded 4444 port.
 # Bug 1018414: hardcoded localhost doesn't work properly on some OS X installs

dom/security/test/csp/browser_test_web_manifest.js

@@ -11,12 +11,12 @@ requestLongerTimeout(10); // e10s tests take time.
 const {
   ManifestObtainer
 } = Components.utils.import('resource://gre/modules/WebManifest.jsm', {});
-const path = '/tests/dom/base/test/csp/';
-const testFile = `file=${path}file_CSP_web_manifest.html`;
-const remoteFile = `file=${path}file_CSP_web_manifest_remote.html`;
-const httpsManifest = `file=${path}file_CSP_web_manifest_https.html`;
-const mixedContent = `file=${path}file_CSP_web_manifest_mixed_content.html`;
-const server = 'file_csp_testserver.sjs';
+const path = '/tests/dom/security/test/csp/';
+const testFile = `file=${path}file_web_manifest.html`;
+const remoteFile = `file=${path}file_web_manifest_remote.html`;
+const httpsManifest = `file=${path}file_web_manifest_https.html`;
+const mixedContent = `file=${path}file_web_manifest_mixed_content.html`;
+const server = 'file_testserver.sjs';
 const defaultURL = `http://example.org${path}${server}`;
 const remoteURL = `http://mochi.test:8888`;
 const secureURL = `https://example.com${path}${server}`;

dom/security/test/csp/browser_test_web_manifest_mixed_content.js

@@ -7,12 +7,12 @@
 const {
   ManifestObtainer
 } = Components.utils.import('resource://gre/modules/WebManifest.jsm', {});
-const path = '/tests/dom/base/test/csp/';
-const mixedContent = `file=${path}file_CSP_web_manifest_mixed_content.html`;
-const server = 'file_csp_testserver.sjs';
+const path = '/tests/dom/security/test/csp/';
+const mixedContent = `file=${path}file_web_manifest_mixed_content.html`;
+const server = 'file_testserver.sjs';
 const secureURL = `https://example.com${path}${server}`;
 const tests = [
-  // Trying to load mixed content in file_CSP_web_manifest_mixed_content.html
+  // Trying to load mixed content in file_web_manifest_mixed_content.html
   // needs to result in an error.
   {
     expected: `Mixed Content Blocker prevents fetching manifest.`,

dom/security/test/csp/chrome.ini

@@ -0,0 +1,5 @@
+[DEFAULT]
+skip-if = buildapp == 'b2g'
+
+[test_bug768029.html]
+[test_bug773891.html]

dom/security/test/csp/file_CSP.css

@@ -12,7 +12,7 @@
 }
 @font-face {
   font-family: "arbitrary_bad";
-  src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
+  src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
 }
 
 .div_arbitrary_good { font-family: "arbitrary_good"; }

dom/security/test/csp/file_allow_https_schemes.html

@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
+  </head>
+  <body>
+  <div id="testdiv">blocked</div>
+  <!--
+    We resue file_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
+    Note, that we are loading the file_path_matchting.js using a scheme of 'https'.
+   -->
+  <script src="https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
+</body>
+</html>

dom/security/test/csp/file_bug663567_allows.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>

dom/security/test/csp/file_bug663567_blocks.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>

dom/security/test/csp/file_bug768029.html

@@ -0,0 +1,25 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+  https://bugzilla.mozilla.org/show_bug.cgi?id=768029
+-->
+<head>
+  <meta charset="utf-8">
+    <title>This is an app for testing</title>
+
+    <link rel="stylesheet" type="text/css"
+          href="file_bug768029.sjs?type=style&origin=same_origin" />
+    <link rel="stylesheet" type="text/css"
+          href="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=style&origin=cross_origin" />
+  </head>
+  <body>
+
+    <script src="file_bug768029.sjs?type=script&origin=same_origin"></script>
+    <script src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=script&origin=cross_origin"></script>
+    <img src="file_bug768029.sjs?type=img&origin=same_origin" />
+    <img src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=img&origin=cross_origin" />
+
+    Test for CSP applied to (simulated) app.
+
+  </body>
+</html>

dom/security/test/csp/file_bug773891.html

@@ -0,0 +1,25 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+  https://bugzilla.mozilla.org/show_bug.cgi?id=773891
+-->
+<head>
+  <meta charset="utf-8">
+    <title>This is an app for csp testing</title>
+
+    <link rel="stylesheet" type="text/css"
+          href="file_bug773891.sjs?type=style&origin=same_origin" />
+    <link rel="stylesheet" type="text/css"
+          href="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=style&origin=cross_origin" />
+  </head>
+  <body>
+
+    <script src="file_bug773891.sjs?type=script&origin=same_origin"></script>
+    <script src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=script&origin=cross_origin"></script>
+    <img src="file_bug773891.sjs?type=img&origin=same_origin" />
+    <img src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=img&origin=cross_origin" />
+
+    Test for CSP applied to (simulated) app.
+
+  </body>
+</html>

dom/security/test/csp/file_bug802872.html

@@ -7,6 +7,6 @@
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
-  <script src='file_CSP_bug802872.js'></script>
+  <script src='file_bug802872.js'></script>
 </body>
 </html>

dom/security/test/csp/file_bug802872.js

@@ -8,7 +8,7 @@ function createAllowedEvent() {
    * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
    * 'http://mochi.test', a default-src of 'self' allows this request.
    */
-  var src_event = new EventSource("http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
+  var src_event = new EventSource("http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs");
 
   src_event.onmessage = function(e) {
     src_event.close();
@@ -26,7 +26,7 @@ function createBlockedEvent() {
    * creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the 
    * CSP of this page, therefore the CSP blocks this request.
    */
-  var src_event = new EventSource("http://example.com/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
+  var src_event = new EventSource("http://example.com/tests/dom/security/test/csp/file_bug802872.sjs");
 
   src_event.onmessage = function(e) {
     src_event.close();

dom/security/test/csp/file_bug836922_npolicies.html

@@ -0,0 +1,15 @@
+<html>
+  <head>
+    <link rel='stylesheet' type='text/css'
+          href='/tests/dom/security/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
+    <link rel='stylesheet' type='text/css'
+          href='http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
+
+  </head>
+  <body>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
+    <img src="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
+    <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
+
+  </body>
+</html>

dom/security/test/csp/file_bug836922_npolicies.html^headers^

@@ -1,2 +1,2 @@
-content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_violation.sjs
-content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
+content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_violation.sjs
+content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs

dom/security/test/csp/file_bug886164.html

@@ -0,0 +1,15 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+  <body>
+    <!-- sandbox="allow-same-origin" -->
+    <!-- Content-Security-Policy: default-src 'self' -->
+
+    <!-- these should be stopped by CSP -->
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
+
+    <!-- these should load ok -->
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
+    <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
+
+  </body>
+</html>

dom/security/test/csp/file_bug886164_2.html

@@ -5,10 +5,10 @@
     <!-- Content-Security-Policy: default-src 'self' -->
 
     <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
 
     <!-- these should load ok -->
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
 
   </body>
 </html>

dom/security/test/csp/file_bug886164_3.html

@@ -0,0 +1,12 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+  <body>
+    <!-- sandbox -->
+    <!-- Content-Security-Policy: default-src 'none' -->
+
+    <!-- these should be stopped by CSP -->
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
+
+  </body>
+</html>

dom/security/test/csp/file_bug886164_4.html

@@ -0,0 +1,12 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+  <body>
+    <!-- sandbox -->
+    <!-- Content-Security-Policy: default-src 'none' -->
+
+    <!-- these should be stopped by CSP -->
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
+
+  </body>
+</html>

dom/security/test/csp/file_bug886164_5.html

@@ -18,9 +18,9 @@
  <!-- Content-Security-Policy: default-src 'none' 'unsafe-inline'-->
 
  <!-- these should be stopped by CSP -->
- <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
- <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
- <script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
- <script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
+ <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
+ <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
+ <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
+ <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
 </body>
 </html>

dom/security/test/csp/file_bug886164_6.html

@@ -21,8 +21,8 @@
 <script src='file_iframe_sandbox_pass.js'></script>
 <body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
   I am sandboxed but with "allow-scripts"
-  <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
-  <script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
+  <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
+  <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
 
   <form method="get" action="file_iframe_sandbox_form_fail.html" id="a_form">
     First name: <input type="text" name="firstname">

dom/security/test/csp/file_bug888172.sjs

@@ -39,5 +39,5 @@ function handleRequest(request, response)
 
   // Send HTML to test allowed/blocked behaviors
   response.setHeader("Content-Type", "text/html", false);
-  response.write(loadHTMLFromFile("tests/dom/base/test/csp/file_CSP_bug888172.html"));
+  response.write(loadHTMLFromFile("tests/dom/security/test/csp/file_bug888172.html"));
 }

dom/security/test/csp/file_bug910139.sjs

@@ -1,4 +1,4 @@
-// Server side js file for bug 910139, see file test_CSP_bug910139.html for details.
+// Server side js file for bug 910139, see file test_bug910139.html for details.
 
 Components.utils.import("resource://gre/modules/NetUtil.jsm");
 
@@ -48,5 +48,5 @@ function handleRequest(request, response)
   response.setHeader("Content-Security-Policy", getPolicy(), false);
 
   // return the requested XML file.
-  response.write(loadResponseFromFile("tests/dom/base/test/csp/file_CSP_bug910139.xml"));
+  response.write(loadResponseFromFile("tests/dom/security/test/csp/file_bug910139.xml"));
 }

dom/security/test/csp/file_bug910139.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>

dom/security/test/csp/file_bug941404.html

@@ -3,7 +3,7 @@
   <body>
 
     <!-- this should be allowed (no CSP)-->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
 
 
     <script type="text/javascript">
@@ -12,13 +12,13 @@
         //this should be allowed (no CSP)
         try {
         var img = document.createElement("img");
-        img.src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
+        img.src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
         document.body.appendChild(img);
         } catch(e) {
           console.log("yo: "+e);
         }
       };
-      req.open("get", "file_CSP_bug941404_xhr.html", true);
+      req.open("get", "file_bug941404_xhr.html", true);
       req.responseType = "document";
       req.send();
     </script>

dom/security/test/csp/file_connect-src-fetch.html

@@ -6,10 +6,10 @@
   <body>
   <script type="text/javascript">
 
-    // Please note that file_csp_testserver.sjs?foo does not return a response.
+    // Please note that file_testserver.sjs?foo does not return a response.
     // For testing purposes this is not necessary because we only want to check
     // whether CSP allows or blocks the load.
-    fetch( "file_csp_testserver.sjs?foo");
+    fetch( "file_testserver.sjs?foo");
 
   </script>
 </body>

dom/security/test/csp/file_connect-src.html

@@ -7,11 +7,11 @@
   <script type="text/javascript">
 
     try {
-      // Please note that file_csp_testserver.sjs?foo does not return a response.
+      // Please note that file_testserver.sjs?foo does not return a response.
       // For testing purposes this is not necessary because we only want to check
       // whether CSP allows or blocks the load.
       var xhr = new XMLHttpRequest();
-      xhr.open("GET", "file_csp_testserver.sjs?foo", false);
+      xhr.open("GET", "file_testserver.sjs?foo", false);
       xhr.send(null);
     }
     catch (e) { }

dom/security/test/csp/file_evalscript_main.html

@@ -2,7 +2,7 @@
   <head>
     <title>CSP eval script tests</title>
     <script type="application/javascript"
-             src="file_CSP_evalscript_main.js"></script>
+             src="file_evalscript_main.js"></script>
   </head>
   <body>
 

dom/security/test/csp/file_evalscript_main_allowed.html

@@ -2,7 +2,7 @@
   <head>
     <title>CSP eval script tests</title>
     <script type="application/javascript"
-             src="file_CSP_evalscript_main_allowed.js"></script>
+             src="file_evalscript_main_allowed.js"></script>
   </head>
   <body>
 

dom/security/test/csp/file_frameancestors.sjs

@@ -30,9 +30,9 @@ function handleRequest(request, response)
     response.setHeader("Content-Type", "text/html", false);
     response.write('<html><head>');
     if (query['double'])
-      response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
+      response.write('<script src="file_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
     else
-      response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
+      response.write('<script src="file_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
     response.write('</head><body>');
     response.write(unescape(query['internalframe']));
     response.write('</body></html>');

dom/security/test/csp/file_frameancestors_main.html

@@ -3,7 +3,7 @@
     <title>CSP frame ancestors tests</title>
 
     <!-- this page shouldn't have a CSP, just the sub-pages. -->
-    <script src='file_CSP_frameancestors_main.js'></script>
+    <script src='file_frameancestors_main.js'></script>
 
   </head>
   <body>

dom/security/test/csp/file_frameancestors_main.js

@@ -4,9 +4,9 @@ function setupFrames() {
 
   var $ = function(v) { return document.getElementById(v); }
   var base = {
-        self: '/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
-        a: 'http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
-        b: 'http://example.com/tests/dom/base/test/csp/file_CSP_frameancestors.sjs'
+        self: '/tests/dom/security/test/csp/file_frameancestors.sjs',
+        a: 'http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs',
+        b: 'http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs'
   };
 
   var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };

dom/security/test/csp/file_invalid_source_expression.html

@@ -5,7 +5,7 @@
   </head>
   <body>
   <div id="testdiv">blocked</div>
-  <!-- Note, we reuse file_csp_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
-  <script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"></script>
+  <!-- Note, we reuse file_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
+  <script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js"></script>
 </body>
 </html>

dom/security/test/csp/file_leading_wildcard.html

@@ -5,7 +5,7 @@
   </head>
   <body>
   <!-- Please note that both scripts do *not* exist in the file system -->
-  <script src="http://test1.example.com/tests/dom/base/test/csp/leading_wildcard_allowed.js" ></script>
-  <script src="http://example.com/tests/dom/base/test/csp/leading_wildcard_blocked.js" ></script>
+  <script src="http://test1.example.com/tests/dom/security/test/csp/leading_wildcard_allowed.js" ></script>
+  <script src="http://example.com/tests/dom/security/test/csp/leading_wildcard_blocked.js" ></script>
 </body>
 </html>

dom/security/test/csp/file_main.html

@@ -1,7 +1,7 @@
 <html>
   <head>
     <link rel='stylesheet' type='text/css'
-          href='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
+          href='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
     <link rel='stylesheet' type='text/css'
           href='file_CSP.sjs?testid=style_good&type=text/css' />
 
@@ -14,7 +14,7 @@
       }
       @font-face {
         font-family: "arbitrary_bad";
-        src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
+        src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
       }
 
       .div_arbitrary_good { font-family: "arbitrary_good"; }
@@ -23,13 +23,13 @@
   </head>
   <body>
     <!-- these should be stopped by CSP.  :) -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
-    <audio src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
-    <script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
-    <iframe src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
+    <audio src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
+    <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
+    <iframe src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
     <object width="10" height="10">
-      <param name="movie" value="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
-      <embed src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
+      <param name="movie" value="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
+      <embed src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
     </object>
 
     <!-- these should load ok.  :) -->
@@ -46,7 +46,7 @@
     <!-- XHR tests... they're taken care of in this script,
          and since the URI doesn't have any 'testid' values,
          it will just be ignored by the test framework.  -->
-    <script src='file_CSP_main.js'></script>
+    <script src='file_main.js'></script>
 
     <!-- Support elements for the @font-face test -->
     <div class="div_arbitrary_good">arbitrary good</div>

dom/security/test/csp/file_main.js

@@ -3,14 +3,14 @@
 
 try {
   var xhr_good = new XMLHttpRequest();
-  var xhr_good_uri ="http://mochi.test:8888/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_good";
+  var xhr_good_uri ="http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_good";
   xhr_good.open("GET", xhr_good_uri, true);
   xhr_good.send(null);
 } catch(e) {}
 
 try {
   var xhr_bad = new XMLHttpRequest();
-  var xhr_bad_uri ="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_bad";
+  var xhr_bad_uri ="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_bad";
   xhr_bad.open("GET", xhr_bad_uri, true);
   xhr_bad.send(null);
 } catch(e) {}

dom/security/test/csp/file_multi_policy_injection_bypass.html

@@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
 -->
   <body>
     <!-- these should be stopped by CSP after fixing bug 717511.  :) -->
-    <img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
-    <script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
+    <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
 
     <!-- these should load ok after fixing bug 717511.  :) -->
     <img src="file_CSP.sjs?testid=img_good&type=img/png" />

dom/security/test/csp/file_multi_policy_injection_bypass_2.html

@@ -4,8 +4,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=717511
 -->
   <body>
     <!-- these should be stopped by CSP after fixing bug 717511.  :) -->
-    <img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
-    <script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
+    <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
 
     <!-- these should load ok after fixing bug 717511.  :) -->
     <img src="file_CSP.sjs?testid=img2_good&type=img/png" />