Bug 1509857 [wpt PR 14233] - Added srcdoc iframe inheritance test, a=testonly
authorAndy Paicu <andypaicu@chromium.org>
Fri, 30 Nov 2018 18:05:14 +0000
changeset 450035 f3893f5aedbba43201bdcd4e54971add7bf6c261
parent 450034 a60945f649386c3119755ae78dbd6bb8248684b2
child 450036 011406a72554d1154955602fbf2592866dbfc59e
push id110435
push userjames@hoppipolla.co.uk
push dateTue, 11 Dec 2018 15:53:47 +0000
treeherdermozilla-inbound@add833a587f5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1509857, 14233, 694525, 1350889, 611638
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1509857 [wpt PR 14233] - Added srcdoc iframe inheritance test, a=testonly Automatic update from web-platform-tests Added srcdoc iframe inheritance test Added a test for behavior around srcdoc iframes CSP inheritance. This tests the current specified behavior of always inheriting the parent CSP for srcdoc iframes. Bug: 694525 Change-Id: I049ef8c5a9e75c052dc2767ea2d523f54cca497f Reviewed-on: https://chromium-review.googlesource.com/c/1350889 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611638} -- wpt-commits: ea0386308c52ade6f0c3f0ee6192cb201386e6d8 wpt-pr: 14233
testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html
testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<head>
+  <meta http-equiv="Content-Security-Policy" content="img-src 'self'">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+  <script>
+    var t1 = async_test("First image should be blocked");
+    var t2 = async_test("Second image should be blocked");
+    window.onmessage = t1.step_func_done(function(e) {
+      if (e.data == "img blocked") {
+        frames[0].frames[0].frameElement.srcdoc =
+        `<script>
+           window.addEventListener('securitypolicyviolation', function(e) {
+             if (e.violatedDirective == 'img-src') {
+               top.postMessage('img blocked', '*');
+             }
+           })
+         </scr` + `ipt>
+         <img src='/content-security-policy/support/fail.png'
+              onload='top.postMessage("img loaded", "*")'/>`;
+        window.onmessage = t2.step_func_done(function(e) {
+          if (e.data != "img blocked")
+            assert_true(false, "The second image should have been blocked");
+        });
+      } else {
+        assert_true(false, "The first image should have been blocked");
+      }
+    });
+  </script>
+  <iframe src="support/srcdoc-child-frame.html"></iframe>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html
@@ -0,0 +1,19 @@
+<head>
+  <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+</head>
+<body>
+  <script>
+    var i = document.createElement('iframe');
+    i.srcdoc=`<script>
+                window.addEventListener('securitypolicyviolation', function(e) {
+                  if (e.violatedDirective == 'img-src') {
+                    top.postMessage('img blocked', '*');
+                  }
+                })
+              </scr` + `ipt>
+              <img src='/content-security-policy/support/fail.png'
+                onload='top.postMessage("img loaded", "*")'/>`;
+    i.id = "srcdoc-frame";
+    document.body.appendChild(i);
+  </script>
+</body>