mozilla-inbound: changeset 450035:f3893f5aedbba43201bdcd4e54971add7bf6c261

author	Andy Paicu <andypaicu@chromium.org>
	Fri, 30 Nov 2018 18:05:14 +0000
changeset 450035	f3893f5aedbba43201bdcd4e54971add7bf6c261
parent 450034	a60945f649386c3119755ae78dbd6bb8248684b2
child 450036	011406a72554d1154955602fbf2592866dbfc59e
push id	110435
push user	james@hoppipolla.co.uk
push date	Tue, 11 Dec 2018 15:53:47 +0000
treeherder	mozilla-inbound@add833a587f5 [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	testonly
bugs	1509857, 14233, 694525, 1350889, 611638
milestone	66.0a1
first release with	nightly linux32 ac7f3beb6333 / 66.0a1 / 20181211213305 / files nightly linux64 ac7f3beb6333 / 66.0a1 / 20181211213305 / files nightly mac ac7f3beb6333 / 66.0a1 / 20181211213305 / files nightly win32 ac7f3beb6333 / 66.0a1 / 20181211213305 / files nightly win64 ac7f3beb6333 / 66.0a1 / 20181211213305 / files
last release without	nightly linux32 0132b59bb093 / 66.0a1 / 20181211093801 / files nightly linux64 0132b59bb093 / 66.0a1 / 20181211093801 / files nightly mac 0132b59bb093 / 66.0a1 / 20181211093801 / files nightly win32 0132b59bb093 / 66.0a1 / 20181211093801 / files nightly win64 0132b59bb093 / 66.0a1 / 20181211093801 / files

Bug 1509857 [wpt PR 14233] - Added srcdoc iframe inheritance test, a=testonly Automatic update from web-platform-tests Added srcdoc iframe inheritance test Added a test for behavior around srcdoc iframes CSP inheritance. This tests the current specified behavior of always inheriting the parent CSP for srcdoc iframes. Bug: 694525 Change-Id: I049ef8c5a9e75c052dc2767ea2d523f54cca497f Reviewed-on: https://chromium-review.googlesource.com/c/1350889 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611638} -- wpt-commits: ea0386308c52ade6f0c3f0ee6192cb201386e6d8 wpt-pr: 14233

new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<head>
+  <meta http-equiv="Content-Security-Policy" content="img-src 'self'">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+  <script>
+    var t1 = async_test("First image should be blocked");
+    var t2 = async_test("Second image should be blocked");
+    window.onmessage = t1.step_func_done(function(e) {
+      if (e.data == "img blocked") {
+        frames[0].frames[0].frameElement.srcdoc =
+        `<script>
+           window.addEventListener('securitypolicyviolation', function(e) {
+             if (e.violatedDirective == 'img-src') {
+               top.postMessage('img blocked', '*');
+             }
+           })
+         </scr` + `ipt>
+         <img src='/content-security-policy/support/fail.png'
+              onload='top.postMessage("img loaded", "*")'/>`;
+        window.onmessage = t2.step_func_done(function(e) {
+          if (e.data != "img blocked")
+            assert_true(false, "The second image should have been blocked");
+        });
+      } else {
+        assert_true(false, "The first image should have been blocked");
+      }
+    });
+  </script>
+  <iframe src="support/srcdoc-child-frame.html"></iframe>
+</body>
+</html>

new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html
@@ -0,0 +1,19 @@
+<head>
+  <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+</head>
+<body>
+  <script>
+    var i = document.createElement('iframe');
+    i.srcdoc=`<script>
+                window.addEventListener('securitypolicyviolation', function(e) {
+                  if (e.violatedDirective == 'img-src') {
+                    top.postMessage('img blocked', '*');
+                  }
+                })
+              </scr` + `ipt>
+              <img src='/content-security-policy/support/fail.png'
+                onload='top.postMessage("img loaded", "*")'/>`;
+    i.id = "srcdoc-frame";
+    document.body.appendChild(i);
+  </script>
+</body>

testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html		file \| annotate \| diff \| comparison \| revisions
testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html		file \| annotate \| diff \| comparison \| revisions