Bug 1117650 - Part 1 - Move all CSP tests into dom/security/test (r=sstamm)
☠☠ backed out by 218c8f17c77f ☠ ☠
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Sun, 04 Jan 2015 22:01:02 -0800
changeset 224847 1b25392be437881bb429db0328232db3f63e5557
parent 224846 7da2cd7a1125f225d4246bdff67d76557c40a7d0
child 224848 eef01ed4d40606a4e196f624c0f8b481673ed647
push id28146
push usercbook@mozilla.com
push dateWed, 21 Jan 2015 13:22:59 +0000
treeherdermozilla-central@0f2b4a7a9daf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm
bugs1117650
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1117650 - Part 1 - Move all CSP tests into dom/security/test (r=sstamm)
dom/base/test/TestCSPParser.cpp
dom/base/test/csp/chrome.ini
dom/base/test/csp/file_CSP.css
dom/base/test/csp/file_CSP.sjs
dom/base/test/csp/file_CSP_bug663567.xsl
dom/base/test/csp/file_CSP_bug663567_allows.xml
dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^
dom/base/test/csp/file_CSP_bug663567_blocks.xml
dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^
dom/base/test/csp/file_CSP_bug802872.html
dom/base/test/csp/file_CSP_bug802872.html^headers^
dom/base/test/csp/file_CSP_bug802872.js
dom/base/test/csp/file_CSP_bug802872.sjs
dom/base/test/csp/file_CSP_bug885433_allows.html
dom/base/test/csp/file_CSP_bug885433_allows.html^headers^
dom/base/test/csp/file_CSP_bug885433_blocks.html
dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^
dom/base/test/csp/file_CSP_bug888172.html
dom/base/test/csp/file_CSP_bug888172.sjs
dom/base/test/csp/file_CSP_bug909029_none.html
dom/base/test/csp/file_CSP_bug909029_none.html^headers^
dom/base/test/csp/file_CSP_bug909029_star.html
dom/base/test/csp/file_CSP_bug909029_star.html^headers^
dom/base/test/csp/file_CSP_bug910139.sjs
dom/base/test/csp/file_CSP_bug910139.xml
dom/base/test/csp/file_CSP_bug910139.xsl
dom/base/test/csp/file_CSP_bug941404.html
dom/base/test/csp/file_CSP_bug941404_xhr.html
dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^
dom/base/test/csp/file_CSP_evalscript_main.html
dom/base/test/csp/file_CSP_evalscript_main.html^headers^
dom/base/test/csp/file_CSP_evalscript_main.js
dom/base/test/csp/file_CSP_evalscript_main_allowed.html
dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^
dom/base/test/csp/file_CSP_evalscript_main_allowed.js
dom/base/test/csp/file_CSP_frameancestors.sjs
dom/base/test/csp/file_CSP_frameancestors_main.html
dom/base/test/csp/file_CSP_frameancestors_main.js
dom/base/test/csp/file_CSP_inlinescript_main.html
dom/base/test/csp/file_CSP_inlinescript_main.html^headers^
dom/base/test/csp/file_CSP_inlinescript_main_allowed.html
dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^
dom/base/test/csp/file_CSP_inlinestyle_main.html
dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^
dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html
dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^
dom/base/test/csp/file_CSP_main.html
dom/base/test/csp/file_CSP_main.html^headers^
dom/base/test/csp/file_CSP_main.js
dom/base/test/csp/file_base-uri.html
dom/base/test/csp/file_bug836922_npolicies.html
dom/base/test/csp/file_bug836922_npolicies.html^headers^
dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
dom/base/test/csp/file_bug836922_npolicies_violation.sjs
dom/base/test/csp/file_bug886164.html
dom/base/test/csp/file_bug886164.html^headers^
dom/base/test/csp/file_bug886164_2.html
dom/base/test/csp/file_bug886164_2.html^headers^
dom/base/test/csp/file_bug886164_3.html
dom/base/test/csp/file_bug886164_3.html^headers^
dom/base/test/csp/file_bug886164_4.html
dom/base/test/csp/file_bug886164_4.html^headers^
dom/base/test/csp/file_bug886164_5.html
dom/base/test/csp/file_bug886164_5.html^headers^
dom/base/test/csp/file_bug886164_6.html
dom/base/test/csp/file_bug886164_6.html^headers^
dom/base/test/csp/file_connect-src.html
dom/base/test/csp/file_csp_allow_https_schemes.html
dom/base/test/csp/file_csp_bug768029.html
dom/base/test/csp/file_csp_bug768029.sjs
dom/base/test/csp/file_csp_bug773891.html
dom/base/test/csp/file_csp_bug773891.sjs
dom/base/test/csp/file_csp_invalid_source_expression.html
dom/base/test/csp/file_csp_path_matching.html
dom/base/test/csp/file_csp_path_matching.js
dom/base/test/csp/file_csp_path_matching_redirect.html
dom/base/test/csp/file_csp_path_matching_redirect_server.sjs
dom/base/test/csp/file_csp_redirects_main.html
dom/base/test/csp/file_csp_redirects_page.sjs
dom/base/test/csp/file_csp_redirects_resource.sjs
dom/base/test/csp/file_csp_referrerdirective.html
dom/base/test/csp/file_csp_report.html
dom/base/test/csp/file_csp_testserver.sjs
dom/base/test/csp/file_form-action.html
dom/base/test/csp/file_hash_source.html
dom/base/test/csp/file_hash_source.html^headers^
dom/base/test/csp/file_leading_wildcard.html
dom/base/test/csp/file_multi_policy_injection_bypass.html
dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^
dom/base/test/csp/file_multi_policy_injection_bypass_2.html
dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^
dom/base/test/csp/file_nonce_source.html
dom/base/test/csp/file_nonce_source.html^headers^
dom/base/test/csp/file_policyuri_regression_from_multipolicy.html
dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy
dom/base/test/csp/file_redirect_content.sjs
dom/base/test/csp/file_redirect_report.sjs
dom/base/test/csp/file_report_uri_missing_in_report_only_header.html
dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^
dom/base/test/csp/file_self_none_as_hostname_confusion.html
dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^
dom/base/test/csp/file_subframe_run_js_if_allowed.html
dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^
dom/base/test/csp/file_worker_redirect.html
dom/base/test/csp/file_worker_redirect.sjs
dom/base/test/csp/mochitest.ini
dom/base/test/csp/referrerdirective.sjs
dom/base/test/csp/test_301_redirect.html
dom/base/test/csp/test_302_redirect.html
dom/base/test/csp/test_303_redirect.html
dom/base/test/csp/test_307_redirect.html
dom/base/test/csp/test_CSP.html
dom/base/test/csp/test_CSP_bug663567.html
dom/base/test/csp/test_CSP_bug802872.html
dom/base/test/csp/test_CSP_bug885433.html
dom/base/test/csp/test_CSP_bug888172.html
dom/base/test/csp/test_CSP_bug909029.html
dom/base/test/csp/test_CSP_bug910139.html
dom/base/test/csp/test_CSP_bug941404.html
dom/base/test/csp/test_CSP_evalscript.html
dom/base/test/csp/test_CSP_frameancestors.html
dom/base/test/csp/test_CSP_inlinescript.html
dom/base/test/csp/test_CSP_inlinestyle.html
dom/base/test/csp/test_CSP_referrerdirective.html
dom/base/test/csp/test_base-uri.html
dom/base/test/csp/test_bug836922_npolicies.html
dom/base/test/csp/test_bug886164.html
dom/base/test/csp/test_bug949549.html
dom/base/test/csp/test_connect-src.html
dom/base/test/csp/test_csp_allow_https_schemes.html
dom/base/test/csp/test_csp_bug768029.html
dom/base/test/csp/test_csp_bug773891.html
dom/base/test/csp/test_csp_invalid_source_expression.html
dom/base/test/csp/test_csp_path_matching.html
dom/base/test/csp/test_csp_path_matching_redirect.html
dom/base/test/csp/test_csp_redirects.html
dom/base/test/csp/test_csp_report.html
dom/base/test/csp/test_form-action.html
dom/base/test/csp/test_hash_source.html
dom/base/test/csp/test_leading_wildcard.html
dom/base/test/csp/test_multi_policy_injection_bypass.html
dom/base/test/csp/test_nonce_source.html
dom/base/test/csp/test_policyuri_regression_from_multipolicy.html
dom/base/test/csp/test_report_uri_missing_in_report_only_header.html
dom/base/test/csp/test_self_none_as_hostname_confusion.html
dom/base/test/csp/test_subframe_run_js_if_allowed.html
dom/base/test/csp/test_worker_redirect.html
dom/base/test/moz.build
dom/base/test/test_warning_for_blocked_cross_site_request.html
dom/base/test/unit/test_cspreports.js
dom/base/test/unit/xpcshell.ini
dom/security/moz.build
dom/security/test/TestCSPParser.cpp
dom/security/test/csp/chrome.ini
dom/security/test/csp/file_CSP.css
dom/security/test/csp/file_CSP.sjs
dom/security/test/csp/file_allow_https_schemes.html
dom/security/test/csp/file_base-uri.html
dom/security/test/csp/file_bug663567.xsl
dom/security/test/csp/file_bug663567_allows.xml
dom/security/test/csp/file_bug663567_allows.xml^headers^
dom/security/test/csp/file_bug663567_blocks.xml
dom/security/test/csp/file_bug663567_blocks.xml^headers^
dom/security/test/csp/file_bug768029.html
dom/security/test/csp/file_bug768029.sjs
dom/security/test/csp/file_bug773891.html
dom/security/test/csp/file_bug773891.sjs
dom/security/test/csp/file_bug802872.html
dom/security/test/csp/file_bug802872.html^headers^
dom/security/test/csp/file_bug802872.js
dom/security/test/csp/file_bug802872.sjs
dom/security/test/csp/file_bug836922_npolicies.html
dom/security/test/csp/file_bug836922_npolicies.html^headers^
dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
dom/security/test/csp/file_bug836922_npolicies_violation.sjs
dom/security/test/csp/file_bug885433_allows.html
dom/security/test/csp/file_bug885433_allows.html^headers^
dom/security/test/csp/file_bug885433_blocks.html
dom/security/test/csp/file_bug885433_blocks.html^headers^
dom/security/test/csp/file_bug886164.html
dom/security/test/csp/file_bug886164.html^headers^
dom/security/test/csp/file_bug886164_2.html
dom/security/test/csp/file_bug886164_2.html^headers^
dom/security/test/csp/file_bug886164_3.html
dom/security/test/csp/file_bug886164_3.html^headers^
dom/security/test/csp/file_bug886164_4.html
dom/security/test/csp/file_bug886164_4.html^headers^
dom/security/test/csp/file_bug886164_5.html
dom/security/test/csp/file_bug886164_5.html^headers^
dom/security/test/csp/file_bug886164_6.html
dom/security/test/csp/file_bug886164_6.html^headers^
dom/security/test/csp/file_bug888172.html
dom/security/test/csp/file_bug888172.sjs
dom/security/test/csp/file_bug909029_none.html
dom/security/test/csp/file_bug909029_none.html^headers^
dom/security/test/csp/file_bug909029_star.html
dom/security/test/csp/file_bug909029_star.html^headers^
dom/security/test/csp/file_bug910139.sjs
dom/security/test/csp/file_bug910139.xml
dom/security/test/csp/file_bug910139.xsl
dom/security/test/csp/file_bug941404.html
dom/security/test/csp/file_bug941404_xhr.html
dom/security/test/csp/file_bug941404_xhr.html^headers^
dom/security/test/csp/file_connect-src.html
dom/security/test/csp/file_evalscript_main.html
dom/security/test/csp/file_evalscript_main.html^headers^
dom/security/test/csp/file_evalscript_main.js
dom/security/test/csp/file_evalscript_main_allowed.html
dom/security/test/csp/file_evalscript_main_allowed.html^headers^
dom/security/test/csp/file_evalscript_main_allowed.js
dom/security/test/csp/file_form-action.html
dom/security/test/csp/file_frameancestors.sjs
dom/security/test/csp/file_frameancestors_main.html
dom/security/test/csp/file_frameancestors_main.js
dom/security/test/csp/file_hash_source.html
dom/security/test/csp/file_hash_source.html^headers^
dom/security/test/csp/file_inlinescript_main.html
dom/security/test/csp/file_inlinescript_main.html^headers^
dom/security/test/csp/file_inlinescript_main_allowed.html
dom/security/test/csp/file_inlinescript_main_allowed.html^headers^
dom/security/test/csp/file_inlinestyle_main.html
dom/security/test/csp/file_inlinestyle_main.html^headers^
dom/security/test/csp/file_inlinestyle_main_allowed.html
dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^
dom/security/test/csp/file_invalid_source_expression.html
dom/security/test/csp/file_leading_wildcard.html
dom/security/test/csp/file_main.html
dom/security/test/csp/file_main.html^headers^
dom/security/test/csp/file_main.js
dom/security/test/csp/file_multi_policy_injection_bypass.html
dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^
dom/security/test/csp/file_multi_policy_injection_bypass_2.html
dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^
dom/security/test/csp/file_nonce_source.html
dom/security/test/csp/file_nonce_source.html^headers^
dom/security/test/csp/file_path_matching.html
dom/security/test/csp/file_path_matching.js
dom/security/test/csp/file_path_matching_redirect.html
dom/security/test/csp/file_path_matching_redirect_server.sjs
dom/security/test/csp/file_policyuri_regression_from_multipolicy.html
dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy
dom/security/test/csp/file_redirect_content.sjs
dom/security/test/csp/file_redirect_report.sjs
dom/security/test/csp/file_redirects_main.html
dom/security/test/csp/file_redirects_page.sjs
dom/security/test/csp/file_redirects_resource.sjs
dom/security/test/csp/file_referrerdirective.html
dom/security/test/csp/file_report.html
dom/security/test/csp/file_report_uri_missing_in_report_only_header.html
dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^
dom/security/test/csp/file_self_none_as_hostname_confusion.html
dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^
dom/security/test/csp/file_subframe_run_js_if_allowed.html
dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^
dom/security/test/csp/file_testserver.sjs
dom/security/test/csp/file_worker_redirect.html
dom/security/test/csp/file_worker_redirect.sjs
dom/security/test/csp/mochitest.ini
dom/security/test/csp/referrerdirective.sjs
dom/security/test/csp/test_301_redirect.html
dom/security/test/csp/test_302_redirect.html
dom/security/test/csp/test_303_redirect.html
dom/security/test/csp/test_307_redirect.html
dom/security/test/csp/test_CSP.html
dom/security/test/csp/test_allow_https_schemes.html
dom/security/test/csp/test_base-uri.html
dom/security/test/csp/test_bug663567.html
dom/security/test/csp/test_bug768029.html
dom/security/test/csp/test_bug773891.html
dom/security/test/csp/test_bug802872.html
dom/security/test/csp/test_bug836922_npolicies.html
dom/security/test/csp/test_bug885433.html
dom/security/test/csp/test_bug886164.html
dom/security/test/csp/test_bug888172.html
dom/security/test/csp/test_bug909029.html
dom/security/test/csp/test_bug910139.html
dom/security/test/csp/test_bug941404.html
dom/security/test/csp/test_bug949549.html
dom/security/test/csp/test_connect-src.html
dom/security/test/csp/test_evalscript.html
dom/security/test/csp/test_form-action.html
dom/security/test/csp/test_frameancestors.html
dom/security/test/csp/test_hash_source.html
dom/security/test/csp/test_inlinescript.html
dom/security/test/csp/test_inlinestyle.html
dom/security/test/csp/test_invalid_source_expression.html
dom/security/test/csp/test_leading_wildcard.html
dom/security/test/csp/test_multi_policy_injection_bypass.html
dom/security/test/csp/test_nonce_source.html
dom/security/test/csp/test_path_matching.html
dom/security/test/csp/test_path_matching_redirect.html
dom/security/test/csp/test_policyuri_regression_from_multipolicy.html
dom/security/test/csp/test_redirects.html
dom/security/test/csp/test_referrerdirective.html
dom/security/test/csp/test_report.html
dom/security/test/csp/test_report_uri_missing_in_report_only_header.html
dom/security/test/csp/test_self_none_as_hostname_confusion.html
dom/security/test/csp/test_subframe_run_js_if_allowed.html
dom/security/test/csp/test_worker_redirect.html
dom/security/test/moz.build
dom/security/test/unit/test_cspreports.js
dom/security/test/unit/xpcshell.ini
--- a/dom/base/test/moz.build
+++ b/dom/base/test/moz.build
@@ -5,36 +5,33 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 XPCSHELL_TESTS_MANIFESTS += [
     'unit/xpcshell.ini',
     'unit_ipc/xpcshell.ini',
 ]
 
 GeckoCppUnitTests([
-    'TestCSPParser',
     'TestGetURL',
     'TestNativeXMLHttpRequest',
     'TestPlainTextSerializer',
 ])
 
 MOCHITEST_MANIFESTS += [
     'chrome/mochitest.ini',
-    'csp/mochitest.ini',
     'mixedcontentblocker/mochitest.ini',
     'mochitest.ini',
     'websocket_hybi/mochitest.ini',
 ]
 # OOP tests don't work on Windows (bug 763081) or native-fennec
 # (see Bug 774939). App permission checks are also disabled on
 # anything but B2G (Bug 900707).
 if CONFIG['MOZ_CHILD_PERMISSIONS']:
     MOCHITEST_MANIFESTS += [
         'mochitest-child-permissions.ini',
     ]
 
 MOCHITEST_CHROME_MANIFESTS += [
     'chrome.ini',
     'chrome/chrome.ini',
-    'csp/chrome.ini',
 ]
 
 BROWSER_CHROME_MANIFESTS += ['browser.ini']
--- a/dom/base/test/test_warning_for_blocked_cross_site_request.html
+++ b/dom/base/test/test_warning_for_blocked_cross_site_request.html
@@ -8,17 +8,17 @@ https://bugzilla.mozilla.org/show_bug.cg
   <title>Test for Bug 713980</title>
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 
   <!-- Load a cross-origin webfont without CORS (common pain point -->
   <style>
     @font-face {
       font-family: "bad_cross_origin_webfont";
-      src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
+      src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
     }
     div#bad_webfont { font-family: "bad_cross_origin_webfont"; }
   </style>
 </head>
 <body>
 <pre id="test">
 
 <script class="testbody" type="text/javascript">
--- a/dom/base/test/unit/xpcshell.ini
+++ b/dom/base/test/unit/xpcshell.ini
@@ -18,18 +18,16 @@ support-files =
   4_result_2.xml
   4_result_3.xml
   4_result_4.xml
   4_result_5.xml
   4_result_6.xml
 
 [test_bug553888.js]
 [test_bug737966.js]
-[test_cspreports.js]
-skip-if = buildapp == 'mulet'
 [test_error_codes.js]
 run-sequentially = Hardcoded 4444 port.
 # Bug 1018414: hardcoded localhost doesn't work properly on some OS X installs
 skip-if = os == 'mac'
 [test_thirdpartyutil.js]
 [test_xhr_document.js]
 [test_xhr_standalone.js]
 [test_xmlserializer.js]
--- a/dom/security/moz.build
+++ b/dom/security/moz.build
@@ -1,14 +1,16 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+TEST_DIRS += ['test']
+
 EXPORTS.mozilla.dom += [
     'nsCSPContext.h',
     'nsCSPService.h',
     'nsCSPUtils.h',
     'nsMixedContentBlocker.h',
 ]
 
 EXPORTS += [
rename from dom/base/test/TestCSPParser.cpp
rename to dom/security/test/TestCSPParser.cpp
rename from dom/base/test/csp/chrome.ini
rename to dom/security/test/csp/chrome.ini
--- a/dom/base/test/csp/chrome.ini
+++ b/dom/security/test/csp/chrome.ini
@@ -1,4 +1,4 @@
 [DEFAULT]
 
-[test_csp_bug768029.html]
-[test_csp_bug773891.html]
+[test_bug768029.html]
+[test_bug773891.html]
rename from dom/base/test/csp/file_CSP.css
rename to dom/security/test/csp/file_CSP.css
--- a/dom/base/test/csp/file_CSP.css
+++ b/dom/security/test/csp/file_CSP.css
@@ -7,14 +7,14 @@
 
 /* CSS font embedding tests */
 @font-face {
   font-family: "arbitrary_good";
   src: url('file_CSP.sjs?testid=font_good&type=application/octet-stream');
 }
 @font-face {
   font-family: "arbitrary_bad";
-  src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
+  src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
 }
 
 .div_arbitrary_good { font-family: "arbitrary_good"; }
 .div_arbitrary_bad { font-family: "arbitrary_bad"; }
 
rename from dom/base/test/csp/file_CSP.sjs
rename to dom/security/test/csp/file_CSP.sjs
rename from dom/base/test/csp/file_csp_allow_https_schemes.html
rename to dom/security/test/csp/file_allow_https_schemes.html
--- a/dom/base/test/csp/file_csp_allow_https_schemes.html
+++ b/dom/security/test/csp/file_allow_https_schemes.html
@@ -1,14 +1,14 @@
 <!DOCTYPE HTML>
 <html>
   <head>
     <title>Bug 826805 - CSP: Allow http and https for scheme-less sources</title>
   </head>
   <body>
   <div id="testdiv">blocked</div>
   <!--
-    We resue file_csp_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
-    Note, that we are loading the file_csp_path_matchting.js using a scheme of 'https'.
+    We resue file_path_matching.js which just updates the contents of 'testdiv' to contain allowed.
+    Note, that we are loading the file_path_matchting.js using a scheme of 'https'.
    -->
-  <script src="https://example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
+  <script src="https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
 </body>
 </html>
rename from dom/base/test/csp/file_base-uri.html
rename to dom/security/test/csp/file_base-uri.html
rename from dom/base/test/csp/file_CSP_bug663567.xsl
rename to dom/security/test/csp/file_bug663567.xsl
rename from dom/base/test/csp/file_CSP_bug663567_allows.xml
rename to dom/security/test/csp/file_bug663567_allows.xml
--- a/dom/base/test/csp/file_CSP_bug663567_allows.xml
+++ b/dom/security/test/csp/file_bug663567_allows.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>
 		<artist>Bob Dylan</artist>
 		<country>USA</country>
 		<company>Columbia</company>
 		<price>10.90</price>
 		<year>1985</year>
rename from dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^
rename to dom/security/test/csp/file_bug663567_allows.xml^headers^
rename from dom/base/test/csp/file_CSP_bug663567_blocks.xml
rename to dom/security/test/csp/file_bug663567_blocks.xml
--- a/dom/base/test/csp/file_CSP_bug663567_blocks.xml
+++ b/dom/security/test/csp/file_bug663567_blocks.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_bug663567.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>
 		<artist>Bob Dylan</artist>
 		<country>USA</country>
 		<company>Columbia</company>
 		<price>10.90</price>
 		<year>1985</year>
rename from dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^
rename to dom/security/test/csp/file_bug663567_blocks.xml^headers^
rename from dom/base/test/csp/file_csp_bug768029.html
rename to dom/security/test/csp/file_bug768029.html
--- a/dom/base/test/csp/file_csp_bug768029.html
+++ b/dom/security/test/csp/file_bug768029.html
@@ -3,23 +3,23 @@
 <!--
   https://bugzilla.mozilla.org/show_bug.cgi?id=768029
 -->
 <head>
   <meta charset="utf-8">
     <title>This is an app for testing</title>
 
     <link rel="stylesheet" type="text/css"
-          href="file_csp_bug768029.sjs?type=style&origin=same_origin" />
+          href="file_bug768029.sjs?type=style&origin=same_origin" />
     <link rel="stylesheet" type="text/css"
-          href="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=style&origin=cross_origin" />
+          href="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=style&origin=cross_origin" />
   </head>
   <body>
 
-    <script src="file_csp_bug768029.sjs?type=script&origin=same_origin"></script>
-    <script src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=script&origin=cross_origin"></script>
-    <img src="file_csp_bug768029.sjs?type=img&origin=same_origin" />
-    <img src="http://example.com/tests/dom/base/test/csp/file_csp_bug768029.sjs?type=img&origin=cross_origin" />
+    <script src="file_bug768029.sjs?type=script&origin=same_origin"></script>
+    <script src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=script&origin=cross_origin"></script>
+    <img src="file_bug768029.sjs?type=img&origin=same_origin" />
+    <img src="http://example.com/tests/dom/security/test/csp/file_bug768029.sjs?type=img&origin=cross_origin" />
 
     Test for CSP applied to (simulated) app.
 
   </body>
 </html>
rename from dom/base/test/csp/file_csp_bug768029.sjs
rename to dom/security/test/csp/file_bug768029.sjs
rename from dom/base/test/csp/file_csp_bug773891.html
rename to dom/security/test/csp/file_bug773891.html
--- a/dom/base/test/csp/file_csp_bug773891.html
+++ b/dom/security/test/csp/file_bug773891.html
@@ -3,23 +3,23 @@
 <!--
   https://bugzilla.mozilla.org/show_bug.cgi?id=773891
 -->
 <head>
   <meta charset="utf-8">
     <title>This is an app for csp testing</title>
 
     <link rel="stylesheet" type="text/css"
-          href="file_csp_bug773891.sjs?type=style&origin=same_origin" />
+          href="file_bug773891.sjs?type=style&origin=same_origin" />
     <link rel="stylesheet" type="text/css"
-          href="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=style&origin=cross_origin" />
+          href="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=style&origin=cross_origin" />
   </head>
   <body>
 
-    <script src="file_csp_bug773891.sjs?type=script&origin=same_origin"></script>
-    <script src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=script&origin=cross_origin"></script>
-    <img src="file_csp_bug773891.sjs?type=img&origin=same_origin" />
-    <img src="http://example.com/tests/dom/base/test/csp/file_csp_bug773891.sjs?type=img&origin=cross_origin" />
+    <script src="file_bug773891.sjs?type=script&origin=same_origin"></script>
+    <script src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=script&origin=cross_origin"></script>
+    <img src="file_bug773891.sjs?type=img&origin=same_origin" />
+    <img src="http://example.com/tests/dom/security/test/csp/file_bug773891.sjs?type=img&origin=cross_origin" />
 
     Test for CSP applied to (simulated) app.
 
   </body>
 </html>
rename from dom/base/test/csp/file_csp_bug773891.sjs
rename to dom/security/test/csp/file_bug773891.sjs
rename from dom/base/test/csp/file_CSP_bug802872.html
rename to dom/security/test/csp/file_bug802872.html
--- a/dom/base/test/csp/file_CSP_bug802872.html
+++ b/dom/security/test/csp/file_bug802872.html
@@ -2,11 +2,11 @@
 <html>
 <head>
   <title>Bug 802872</title>
   <!-- Including SimpleTest.js so we can use AddLoadEvent !-->
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
-  <script src='file_CSP_bug802872.js'></script>
+  <script src='file_bug802872.js'></script>
 </body>
 </html>
rename from dom/base/test/csp/file_CSP_bug802872.html^headers^
rename to dom/security/test/csp/file_bug802872.html^headers^
rename from dom/base/test/csp/file_CSP_bug802872.js
rename to dom/security/test/csp/file_bug802872.js
--- a/dom/base/test/csp/file_CSP_bug802872.js
+++ b/dom/security/test/csp/file_bug802872.js
@@ -3,17 +3,17 @@
  *   Content-Security-Policy: default-src 'self'
  */
 
 function createAllowedEvent() {
   /*
    * Creates a new EventSource using 'http://mochi.test:8888'. Since all mochitests run on
    * 'http://mochi.test', a default-src of 'self' allows this request.
    */
-  var src_event = new EventSource("http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
+  var src_event = new EventSource("http://mochi.test:8888/tests/dom/security/test/csp/file_bug802872.sjs");
 
   src_event.onmessage = function(e) {
     src_event.close();
     parent.dispatchEvent(new Event('allowedEventSrcCallbackOK'));
   }
 
   src_event.onerror = function(e) {
     src_event.close();
@@ -21,17 +21,17 @@ function createAllowedEvent() {
   }
 }
 
 function createBlockedEvent() {
   /*
    * creates a new EventSource using 'http://example.com'. This domain is not whitelisted by the 
    * CSP of this page, therefore the CSP blocks this request.
    */
-  var src_event = new EventSource("http://example.com/tests/dom/base/test/csp/file_CSP_bug802872.sjs");
+  var src_event = new EventSource("http://example.com/tests/dom/security/test/csp/file_bug802872.sjs");
 
   src_event.onmessage = function(e) {
     src_event.close();
     parent.dispatchEvent(new Event('blockedEventSrcCallbackOK'));
   }
 
   src_event.onerror = function(e) {
     src_event.close();
rename from dom/base/test/csp/file_CSP_bug802872.sjs
rename to dom/security/test/csp/file_bug802872.sjs
rename from dom/base/test/csp/file_bug836922_npolicies.html
rename to dom/security/test/csp/file_bug836922_npolicies.html
--- a/dom/base/test/csp/file_bug836922_npolicies.html
+++ b/dom/security/test/csp/file_bug836922_npolicies.html
@@ -1,15 +1,15 @@
 <html>
   <head>
     <link rel='stylesheet' type='text/css'
-          href='/tests/dom/base/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
+          href='/tests/dom/security/test/csp/file_CSP.sjs?testid=css_self&type=text/css' />
     <link rel='stylesheet' type='text/css'
-          href='http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
+          href='http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=css_examplecom&type=text/css' />
 
   </head>
   <body>
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
-    <img src="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
-    <script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_self&type=img/png"> </img>
+    <img src="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=img_examplecom&type=img/png"> </img>
+    <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script_self&type=text/javascript'></script>
 
   </body>
 </html>
rename from dom/base/test/csp/file_bug836922_npolicies.html^headers^
rename to dom/security/test/csp/file_bug836922_npolicies.html^headers^
--- a/dom/base/test/csp/file_bug836922_npolicies.html^headers^
+++ b/dom/security/test/csp/file_bug836922_npolicies.html^headers^
@@ -1,2 +1,2 @@
-content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_violation.sjs
-content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
+content-security-policy: default-src 'self'; img-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_violation.sjs
+content-security-policy-report-only: default-src *; img-src 'self'; script-src 'none'; report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
rename from dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs
rename to dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
rename from dom/base/test/csp/file_bug836922_npolicies_violation.sjs
rename to dom/security/test/csp/file_bug836922_npolicies_violation.sjs
rename from dom/base/test/csp/file_CSP_bug885433_allows.html
rename to dom/security/test/csp/file_bug885433_allows.html
rename from dom/base/test/csp/file_CSP_bug885433_allows.html^headers^
rename to dom/security/test/csp/file_bug885433_allows.html^headers^
rename from dom/base/test/csp/file_CSP_bug885433_blocks.html
rename to dom/security/test/csp/file_bug885433_blocks.html
rename from dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^
rename to dom/security/test/csp/file_bug885433_blocks.html^headers^
rename from dom/base/test/csp/file_bug886164.html
rename to dom/security/test/csp/file_bug886164.html
--- a/dom/base/test/csp/file_bug886164.html
+++ b/dom/security/test/csp/file_bug886164.html
@@ -1,15 +1,15 @@
 <html>
 <head> <meta charset="utf-8"> </head>
   <body>
     <!-- sandbox="allow-same-origin" -->
     <!-- Content-Security-Policy: default-src 'self' -->
 
     <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
 
     <!-- these should load ok -->
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
-    <script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png" />
+    <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=scripta_bad&type=text/javascript'></script>
 
   </body>
 </html>
rename from dom/base/test/csp/file_bug886164.html^headers^
rename to dom/security/test/csp/file_bug886164.html^headers^
rename from dom/base/test/csp/file_bug886164_2.html
rename to dom/security/test/csp/file_bug886164_2.html
--- a/dom/base/test/csp/file_bug886164_2.html
+++ b/dom/security/test/csp/file_bug886164_2.html
@@ -1,14 +1,14 @@
 <html>
 <head> <meta charset="utf-8"> </head>
   <body>
     <!-- sandbox -->
     <!-- Content-Security-Policy: default-src 'self' -->
 
     <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
 
     <!-- these should load ok -->
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img2a_good&type=img/png" />
 
   </body>
 </html>
rename from dom/base/test/csp/file_bug886164_2.html^headers^
rename to dom/security/test/csp/file_bug886164_2.html^headers^
rename from dom/base/test/csp/file_bug886164_3.html
rename to dom/security/test/csp/file_bug886164_3.html
--- a/dom/base/test/csp/file_bug886164_3.html
+++ b/dom/security/test/csp/file_bug886164_3.html
@@ -1,12 +1,12 @@
 <html>
 <head> <meta charset="utf-8"> </head>
   <body>
     <!-- sandbox -->
     <!-- Content-Security-Policy: default-src 'none' -->
 
     <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img3_bad&type=img/png"> </img>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img3a_bad&type=img/png" />
 
   </body>
 </html>
rename from dom/base/test/csp/file_bug886164_3.html^headers^
rename to dom/security/test/csp/file_bug886164_3.html^headers^
rename from dom/base/test/csp/file_bug886164_4.html
rename to dom/security/test/csp/file_bug886164_4.html
--- a/dom/base/test/csp/file_bug886164_4.html
+++ b/dom/security/test/csp/file_bug886164_4.html
@@ -1,12 +1,12 @@
 <html>
 <head> <meta charset="utf-8"> </head>
   <body>
     <!-- sandbox -->
     <!-- Content-Security-Policy: default-src 'none' -->
 
     <!-- these should be stopped by CSP -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
-    <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img4_bad&type=img/png"> </img>
+    <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img4a_bad&type=img/png" />
 
   </body>
 </html>
rename from dom/base/test/csp/file_bug886164_4.html^headers^
rename to dom/security/test/csp/file_bug886164_4.html^headers^
rename from dom/base/test/csp/file_bug886164_5.html
rename to dom/security/test/csp/file_bug886164_5.html
--- a/dom/base/test/csp/file_bug886164_5.html
+++ b/dom/security/test/csp/file_bug886164_5.html
@@ -13,14 +13,14 @@
 <script src='file_iframe_sandbox_pass.js'></script>
 <body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
   I am sandboxed but with only inline "allow-scripts"
 
  <!-- sandbox="allow-scripts" -->
  <!-- Content-Security-Policy: default-src 'none' 'unsafe-inline'-->
 
  <!-- these should be stopped by CSP -->
- <img src="/tests/dom/base/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
- <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
- <script src='/tests/dom/base/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
- <script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
+ <img src="/tests/dom/security/test/csp/file_CSP.sjs?testid=img5_bad&type=img/png" />
+ <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img5a_bad&type=img/png"> </img>
+ <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script5_bad&type=text/javascript'></script>
+ <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script5a_bad&type=text/javascript'></script>
 </body>
 </html>
rename from dom/base/test/csp/file_bug886164_5.html^headers^
rename to dom/security/test/csp/file_bug886164_5.html^headers^
rename from dom/base/test/csp/file_bug886164_6.html
rename to dom/security/test/csp/file_bug886164_6.html
--- a/dom/base/test/csp/file_bug886164_6.html
+++ b/dom/security/test/csp/file_bug886164_6.html
@@ -16,18 +16,18 @@
 
     // trigger the javascript: url test
     sendMouseEvent({type:'click'}, 'a_link');
   }
 </script>
 <script src='file_iframe_sandbox_pass.js'></script>
 <body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
   I am sandboxed but with "allow-scripts"
-  <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
-  <script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
+  <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
+  <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
 
   <form method="get" action="file_iframe_sandbox_form_fail.html" id="a_form">
     First name: <input type="text" name="firstname">
     Last name: <input type="text" name="lastname">
     <input type="submit" onclick="doSubmit()" id="a_button">
   </form>
 
   <a href = 'javascript:ok(true, "documents sandboxed with allow-scripts should be able to run script from javascript: URLs");' id='a_link'>click me</a>
rename from dom/base/test/csp/file_bug886164_6.html^headers^
rename to dom/security/test/csp/file_bug886164_6.html^headers^
rename from dom/base/test/csp/file_CSP_bug888172.html
rename to dom/security/test/csp/file_bug888172.html
rename from dom/base/test/csp/file_CSP_bug888172.sjs
rename to dom/security/test/csp/file_bug888172.sjs
--- a/dom/base/test/csp/file_CSP_bug888172.sjs
+++ b/dom/security/test/csp/file_bug888172.sjs
@@ -34,10 +34,10 @@ function handleRequest(request, response
   response.setHeader("Cache-Control", "no-cache", false);
 
   // Deliver the CSP policy encoded in the URI
   if (query['csp'])
     response.setHeader("Content-Security-Policy", unescape(query['csp']), false);
 
   // Send HTML to test allowed/blocked behaviors
   response.setHeader("Content-Type", "text/html", false);
-  response.write(loadHTMLFromFile("tests/dom/base/test/csp/file_CSP_bug888172.html"));
+  response.write(loadHTMLFromFile("tests/dom/security/test/csp/file_bug888172.html"));
 }
rename from dom/base/test/csp/file_CSP_bug909029_none.html
rename to dom/security/test/csp/file_bug909029_none.html
rename from dom/base/test/csp/file_CSP_bug909029_none.html^headers^
rename to dom/security/test/csp/file_bug909029_none.html^headers^
rename from dom/base/test/csp/file_CSP_bug909029_star.html
rename to dom/security/test/csp/file_bug909029_star.html
rename from dom/base/test/csp/file_CSP_bug909029_star.html^headers^
rename to dom/security/test/csp/file_bug909029_star.html^headers^
rename from dom/base/test/csp/file_CSP_bug910139.sjs
rename to dom/security/test/csp/file_bug910139.sjs
--- a/dom/base/test/csp/file_CSP_bug910139.sjs
+++ b/dom/security/test/csp/file_bug910139.sjs
@@ -43,10 +43,10 @@ function handleRequest(request, response
 {
   // avoid confusing cache behaviors
   response.setHeader("Cache-Control", "no-cache", false);
 
   // set the required CSP
   response.setHeader("Content-Security-Policy", getPolicy(), false);
 
   // return the requested XML file.
-  response.write(loadResponseFromFile("tests/dom/base/test/csp/file_CSP_bug910139.xml"));
+  response.write(loadResponseFromFile("tests/dom/security/test/csp/file_bug910139.xml"));
 }
rename from dom/base/test/csp/file_CSP_bug910139.xml
rename to dom/security/test/csp/file_bug910139.xml
--- a/dom/base/test/csp/file_CSP_bug910139.xml
+++ b/dom/security/test/csp/file_bug910139.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>
 		<artist>Bob Dylan</artist>
 		<country>USA</country>
 		<company>Columbia</company>
 		<price>10.90</price>
 		<year>1985</year>
rename from dom/base/test/csp/file_CSP_bug910139.xsl
rename to dom/security/test/csp/file_bug910139.xsl
rename from dom/base/test/csp/file_CSP_bug941404.html
rename to dom/security/test/csp/file_bug941404.html
--- a/dom/base/test/csp/file_CSP_bug941404.html
+++ b/dom/security/test/csp/file_bug941404.html
@@ -1,27 +1,27 @@
 <html>
 <head> <meta charset="utf-8"> </head>
   <body>
 
     <!-- this should be allowed (no CSP)-->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
 
 
     <script type="text/javascript">
       var req = new XMLHttpRequest();
       req.onload = function() {
         //this should be allowed (no CSP)
         try {
         var img = document.createElement("img");
-        img.src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
+        img.src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
         document.body.appendChild(img);
         } catch(e) {
           console.log("yo: "+e);
         }
       };
-      req.open("get", "file_CSP_bug941404_xhr.html", true);
+      req.open("get", "file_bug941404_xhr.html", true);
       req.responseType = "document";
       req.send();
     </script>
 
   </body>
 </html>
rename from dom/base/test/csp/file_CSP_bug941404_xhr.html
rename to dom/security/test/csp/file_bug941404_xhr.html
rename from dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^
rename to dom/security/test/csp/file_bug941404_xhr.html^headers^
rename from dom/base/test/csp/file_connect-src.html
rename to dom/security/test/csp/file_connect-src.html
--- a/dom/base/test/csp/file_connect-src.html
+++ b/dom/security/test/csp/file_connect-src.html
@@ -2,20 +2,20 @@
 <html>
   <head>
     <title>Bug 1031530 - Test mapping of XMLHttpRequest to connect-src</title>
   </head>
   <body>
   <script type="text/javascript">
 
     try {
-      // Please note that file_csp_testserver.sjs?foo does not return a response.
+      // Please note that file_testserver.sjs?foo does not return a response.
       // For testing purposes this is not necessary because we only want to check
       // whether CSP allows or blocks the load.
       var xhr = new XMLHttpRequest();
-      xhr.open("GET", "file_csp_testserver.sjs?foo", false);
+      xhr.open("GET", "file_testserver.sjs?foo", false);
       xhr.send(null);
     }
     catch (e) { }
 
   </script>
 </body>
 </html>
rename from dom/base/test/csp/file_CSP_evalscript_main.html
rename to dom/security/test/csp/file_evalscript_main.html
--- a/dom/base/test/csp/file_CSP_evalscript_main.html
+++ b/dom/security/test/csp/file_evalscript_main.html
@@ -1,12 +1,12 @@
 <html>
   <head>
     <title>CSP eval script tests</title>
     <script type="application/javascript"
-             src="file_CSP_evalscript_main.js"></script>
+             src="file_evalscript_main.js"></script>
   </head>
   <body>
 
     Foo.
 
   </body>
 </html>
rename from dom/base/test/csp/file_CSP_evalscript_main.html^headers^
rename to dom/security/test/csp/file_evalscript_main.html^headers^
rename from dom/base/test/csp/file_CSP_evalscript_main.js
rename to dom/security/test/csp/file_evalscript_main.js
rename from dom/base/test/csp/file_CSP_evalscript_main_allowed.html
rename to dom/security/test/csp/file_evalscript_main_allowed.html
--- a/dom/base/test/csp/file_CSP_evalscript_main_allowed.html
+++ b/dom/security/test/csp/file_evalscript_main_allowed.html
@@ -1,12 +1,12 @@
 <html>
   <head>
     <title>CSP eval script tests</title>
     <script type="application/javascript"
-             src="file_CSP_evalscript_main_allowed.js"></script>
+             src="file_evalscript_main_allowed.js"></script>
   </head>
   <body>
 
     Foo.
 
   </body>
 </html>
rename from dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^
rename to dom/security/test/csp/file_evalscript_main_allowed.html^headers^
rename from dom/base/test/csp/file_CSP_evalscript_main_allowed.js
rename to dom/security/test/csp/file_evalscript_main_allowed.js
rename from dom/base/test/csp/file_form-action.html
rename to dom/security/test/csp/file_form-action.html
rename from dom/base/test/csp/file_CSP_frameancestors.sjs
rename to dom/security/test/csp/file_frameancestors.sjs
--- a/dom/base/test/csp/file_CSP_frameancestors.sjs
+++ b/dom/security/test/csp/file_frameancestors.sjs
@@ -25,19 +25,19 @@ function handleRequest(request, response
       response.write('window.parent.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");');
     else
       response.write('window.parent.parent.postMessage({call: "frameLoaded", testname: "' + query['scriptedreport'] + '", uri: "window.location.toString()"}, "*");');
   } else if (query['internalframe']) {
     // spit back an internal iframe (one that might be blocked)
     response.setHeader("Content-Type", "text/html", false);
     response.write('<html><head>');
     if (query['double'])
-      response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
+      response.write('<script src="file_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
     else
-      response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
+      response.write('<script src="file_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
     response.write('</head><body>');
     response.write(unescape(query['internalframe']));
     response.write('</body></html>');
   } else if (query['externalframe']) {
     // spit back an internal iframe (one that won't be blocked, and probably
     // has no CSP)
     response.setHeader("Content-Type", "text/html", false);
     response.write('<html><head>');
rename from dom/base/test/csp/file_CSP_frameancestors_main.html
rename to dom/security/test/csp/file_frameancestors_main.html
--- a/dom/base/test/csp/file_CSP_frameancestors_main.html
+++ b/dom/security/test/csp/file_frameancestors_main.html
@@ -1,14 +1,14 @@
 <html>
   <head>
     <title>CSP frame ancestors tests</title>
 
     <!-- this page shouldn't have a CSP, just the sub-pages. -->
-    <script src='file_CSP_frameancestors_main.js'></script>
+    <script src='file_frameancestors_main.js'></script>
 
   </head>
   <body>
 
 <!-- These iframes will get populated by the attached javascript. -->
 <tt>  aa_allow:   /* innermost frame allows a */</tt><br/>
 <iframe id='aa_allow'></iframe><br/>
 
rename from dom/base/test/csp/file_CSP_frameancestors_main.js
rename to dom/security/test/csp/file_frameancestors_main.js
--- a/dom/base/test/csp/file_CSP_frameancestors_main.js
+++ b/dom/security/test/csp/file_frameancestors_main.js
@@ -1,17 +1,17 @@
 // Script to populate the test frames in the frame ancestors mochitest.
 //
 function setupFrames() {
 
   var $ = function(v) { return document.getElementById(v); }
   var base = {
-        self: '/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
-        a: 'http://mochi.test:8888/tests/dom/base/test/csp/file_CSP_frameancestors.sjs',
-        b: 'http://example.com/tests/dom/base/test/csp/file_CSP_frameancestors.sjs'
+        self: '/tests/dom/security/test/csp/file_frameancestors.sjs',
+        a: 'http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs',
+        b: 'http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs'
   };
 
   var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };
 
   var innerframeuri = null;
   var elt = null;
 
   elt = $('aa_allow');
rename from dom/base/test/csp/file_hash_source.html
rename to dom/security/test/csp/file_hash_source.html
rename from dom/base/test/csp/file_hash_source.html^headers^
rename to dom/security/test/csp/file_hash_source.html^headers^
rename from dom/base/test/csp/file_CSP_inlinescript_main.html
rename to dom/security/test/csp/file_inlinescript_main.html
rename from dom/base/test/csp/file_CSP_inlinescript_main.html^headers^
rename to dom/security/test/csp/file_inlinescript_main.html^headers^
rename from dom/base/test/csp/file_CSP_inlinescript_main_allowed.html
rename to dom/security/test/csp/file_inlinescript_main_allowed.html
rename from dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^
rename to dom/security/test/csp/file_inlinescript_main_allowed.html^headers^
rename from dom/base/test/csp/file_CSP_inlinestyle_main.html
rename to dom/security/test/csp/file_inlinestyle_main.html
rename from dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^
rename to dom/security/test/csp/file_inlinestyle_main.html^headers^
rename from dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html
rename to dom/security/test/csp/file_inlinestyle_main_allowed.html
rename from dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^
rename to dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^
rename from dom/base/test/csp/file_csp_invalid_source_expression.html
rename to dom/security/test/csp/file_invalid_source_expression.html
--- a/dom/base/test/csp/file_csp_invalid_source_expression.html
+++ b/dom/security/test/csp/file_invalid_source_expression.html
@@ -1,11 +1,11 @@
 <!DOCTYPE HTML>
 <html>
   <head>
     <title>Bug 1086612 - CSP: Let source expression be the empty set in case no valid source can be parsed</title>
   </head>
   <body>
   <div id="testdiv">blocked</div>
-  <!-- Note, we reuse file_csp_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
-  <script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"></script>
+  <!-- Note, we reuse file_path_matching.js which only updates the testdiv to 'allowed' if loaded !-->
+  <script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js"></script>
 </body>
 </html>
rename from dom/base/test/csp/file_leading_wildcard.html
rename to dom/security/test/csp/file_leading_wildcard.html
--- a/dom/base/test/csp/file_leading_wildcard.html
+++ b/dom/security/test/csp/file_leading_wildcard.html
@@ -1,11 +1,11 @@
 <!DOCTYPE HTML>
 <html>
   <head>
     <title>Bug 1032303 - CSP - Keep FULL STOP when matching *.foo.com to disallow loads from foo.com</title>
   </head>
   <body>
   <!-- Please note that both scripts do *not* exist in the file system -->
-  <script src="http://test1.example.com/tests/dom/base/test/csp/leading_wildcard_allowed.js" ></script>
-  <script src="http://example.com/tests/dom/base/test/csp/leading_wildcard_blocked.js" ></script>
+  <script src="http://test1.example.com/tests/dom/security/test/csp/leading_wildcard_allowed.js" ></script>
+  <script src="http://example.com/tests/dom/security/test/csp/leading_wildcard_blocked.js" ></script>
 </body>
 </html>
rename from dom/base/test/csp/file_CSP_main.html
rename to dom/security/test/csp/file_main.html
--- a/dom/base/test/csp/file_CSP_main.html
+++ b/dom/security/test/csp/file_main.html
@@ -1,55 +1,55 @@
 <html>
   <head>
     <link rel='stylesheet' type='text/css'
-          href='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
+          href='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
     <link rel='stylesheet' type='text/css'
           href='file_CSP.sjs?testid=style_good&type=text/css' />
 
 
     <style>
       /* CSS font embedding tests */
       @font-face {
         font-family: "arbitrary_good";
         src: url('file_CSP.sjs?testid=font_good&type=application/octet-stream');
       }
       @font-face {
         font-family: "arbitrary_bad";
-        src: url('http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
+        src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
       }
 
       .div_arbitrary_good { font-family: "arbitrary_good"; }
       .div_arbitrary_bad { font-family: "arbitrary_bad"; }
     </style>
   </head>
   <body>
     <!-- these should be stopped by CSP.  :) -->
-    <img src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
-    <audio src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
-    <script src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
-    <iframe src='http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
+    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
+    <audio src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
+    <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
+    <iframe src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
     <object width="10" height="10">
-      <param name="movie" value="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
-      <embed src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
+      <param name="movie" value="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
+      <embed src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
     </object>
 
     <!-- these should load ok.  :) -->
     <img src="file_CSP.sjs?testid=img_good&type=img/png" />
     <audio src="file_CSP.sjs?testid=media_good&type=audio/vorbis"></audio>
     <script src='file_CSP.sjs?testid=script_good&type=text/javascript'></script>
     <iframe src='file_CSP.sjs?testid=frame_good&content=PASS'></iframe>
 
     <object width="10" height="10">
       <param name="movie" value="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash">
       <embed src="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash"></embed>
     </object>
 
     <!-- XHR tests... they're taken care of in this script,
          and since the URI doesn't have any 'testid' values,
          it will just be ignored by the test framework.  -->
-    <script src='file_CSP_main.js'></script>
+    <script src='file_main.js'></script>
 
     <!-- Support elements for the @font-face test -->
     <div class="div_arbitrary_good">arbitrary good</div>
     <div class="div_arbitrary_bad">arbitrary_bad</div>
   </body>
 </html>
rename from dom/base/test/csp/file_CSP_main.html^headers^
rename to dom/security/test/csp/file_main.html^headers^
rename from dom/base/test/csp/file_CSP_main.js
rename to dom/security/test/csp/file_main.js
--- a/dom/base/test/csp/file_CSP_main.js
+++ b/dom/security/test/csp/file_main.js
@@ -1,16 +1,16 @@
 // some javascript for the CSP XHR tests
 //
 
 try {
   var xhr_good = new XMLHttpRequest();
-  var xhr_good_uri ="http://mochi.test:8888/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_good";
+  var xhr_good_uri ="http://mochi.test:8888/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_good";
   xhr_good.open("GET", xhr_good_uri, true);
   xhr_good.send(null);
 } catch(e) {}
 
 try {
   var xhr_bad = new XMLHttpRequest();
-  var xhr_bad_uri ="http://example.com/tests/dom/base/test/csp/file_CSP.sjs?testid=xhr_bad";
+  var xhr_bad_uri ="http://example.com/tests/dom/security/test/csp/file_CSP.sjs?testid=xhr_bad";
   xhr_bad.open("GET", xhr_bad_uri, true);
   xhr_bad.send(null);
 } catch(e) {}
rename from dom/base/test/csp/file_multi_policy_injection_bypass.html
rename to dom/security/test/csp/file_multi_policy_injection_bypass.html
--- a/dom/base/test/csp/file_multi_policy_injection_bypass.html
+++ b/dom/security/test/csp/file_multi_policy_injection_bypass.html
@@ -1,15 +1,15 @@
 <html>
 <!--
 https://bugzilla.mozilla.org/show_bug.cgi?id=717511
 -->
   <body>
     <!-- these should be stopped by CSP after fixing bug 717511.  :) -->
-    <img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
-    <script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
+    <img src="http://example.org/tests/dom/security/test/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
+    <script src='http://example.org/tests/dom/security/test/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
 
     <!-- these should load ok after fixing bug 717511.  :) -->
     <img src="file_CSP.sjs?testid=img_good&type=img/png" />
     <script src='file_CSP.sjs?testid=script_good&type=text/javascript'></script>
 
   </body>
 </html>
rename from dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^
rename to dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^
rename from dom/base/test/csp/file_multi_policy_injection_bypass_2.html
rename to dom/security/test/csp/file_multi_policy_injection_bypass_2.html
--- a/dom/base/test/csp/file_multi_policy_injection_bypass_2.html
+++ b/dom/security/test/csp/file_multi_policy_injection_bypass_2.html
@@ -1,15 +1,15 @@
 <html>
 <!--
 https://bugzilla.mozilla.org/show_bug.cgi?id=717511
 -->
   <body>
     <!-- these should be stopped by CSP after fixing bug 717511.  :) -->
-    <img src="http://example.org/tests/dom/base/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
-    <script src='http://example.org/tests/dom/base/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
+    <img src="http://example.org/tests/dom/security/test/file_CSP.sjs?testid=img2_bad&type=img/png"> </img>
+    <script src='http://example.org/tests/dom/security/test/file_CSP.sjs?testid=script2_bad&type=text/javascript'></script>
 
     <!-- these should load ok after fixing bug 717511.  :) -->
     <img src="file_CSP.sjs?testid=img2_good&type=img/png" />
     <script src='file_CSP.sjs?testid=script2_good&type=text/javascript'></script>
 
   </body>
 </html>
rename from dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^
rename to dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^
rename from dom/base/test/csp/file_nonce_source.html
rename to dom/security/test/csp/file_nonce_source.html
--- a/dom/base/test/csp/file_nonce_source.html
+++ b/dom/security/test/csp/file_nonce_source.html
@@ -24,21 +24,21 @@
     <script nonce="correctstylenonce">
       document.getElementById("inline-script-correct-style-nonce").style.color = "rgb(255, 0, 0)";
     </script>
     <script>
       document.getElementById("inline-script-no-nonce").style.color = "rgb(255, 0, 0)";
     </script>
 
     <!-- external scripts -->
-    <script nonce="correctscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
-    <script nonce="anothercorrectscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
-    <script nonce="incorrectscriptnonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
-    <script nonce="correctstylenonce" src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
-    <script src="http://example.org/tests/dom/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
+    <script nonce="correctscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
+    <script nonce="anothercorrectscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
+    <script nonce="incorrectscriptnonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
+    <script nonce="correctstylenonce" src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
+    <script src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
 
     <!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. -->
     <script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script>
     <!-- This external script has an incorrect nonce, but comes from a whitelisted URI. It should be allowed. -->
     <script nonce="incorrectscriptnonce" src="file_CSP.sjs?testid=external_script_incorrect_nonce_correct_uri_good&type=text/javascript"></script>
     <!-- This external script has no nonce and comes from a whitelisted URI. It should be allowed. -->
     <script src="file_CSP.sjs?testid=external_script_no_nonce_correct_uri_good&type=text/javascript"></script>
 
rename from dom/base/test/csp/file_nonce_source.html^headers^
rename to dom/security/test/csp/file_nonce_source.html^headers^
rename from dom/base/test/csp/file_csp_path_matching.html
rename to dom/security/test/csp/file_path_matching.html
--- a/dom/base/test/csp/file_csp_path_matching.html
+++ b/dom/security/test/csp/file_path_matching.html
@@ -1,10 +1,10 @@
 <!DOCTYPE HTML>
 <html>
   <head>
     <title>Bug 808292 - Implement path-level host-source matching to CSP</title>
   </head>
   <body>
   <div id="testdiv">blocked</div>
-  <script src="http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"></script>
+  <script src="http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo"></script>
 </body>
 </html>
rename from dom/base/test/csp/file_csp_path_matching.js
rename to dom/security/test/csp/file_path_matching.js
rename from dom/base/test/csp/file_csp_path_matching_redirect.html
rename to dom/security/test/csp/file_path_matching_redirect.html
--- a/dom/base/test/csp/file_csp_path_matching_redirect.html
+++ b/dom/security/test/csp/file_path_matching_redirect.html
@@ -1,10 +1,10 @@
 <!DOCTYPE HTML>
 <html>
   <head>
     <title>Bug 808292 - Implement path-level host-source matching to CSP</title>
   </head>
   <body>
   <div id="testdiv">blocked</div>
-  <script src="http://example.com/tests/dom/base/test/csp/file_csp_path_matching_redirect_server.sjs"></script>
+  <script src="http://example.com/tests/dom/security/test/csp/file_path_matching_redirect_server.sjs"></script>
 </body>
 </html>
rename from dom/base/test/csp/file_csp_path_matching_redirect_server.sjs
rename to dom/security/test/csp/file_path_matching_redirect_server.sjs
--- a/dom/base/test/csp/file_csp_path_matching_redirect_server.sjs
+++ b/dom/security/test/csp/file_path_matching_redirect_server.sjs
@@ -1,13 +1,13 @@
 // Redirect server specifically to handle redirects
 // for path-level host-source matching
 // see https://bugzilla.mozilla.org/show_bug.cgi?id=808292
 
 function handleRequest(request, response)
 {
 
-  var newLocation = "http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js";
+  var newLocation = "http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js";
 
   response.setStatusLine("1.1", 302, "Found");
   response.setHeader("Cache-Control", "no-cache", false);
   response.setHeader("Location", newLocation, false);
 }
rename from dom/base/test/csp/file_policyuri_regression_from_multipolicy.html
rename to dom/security/test/csp/file_policyuri_regression_from_multipolicy.html
rename from dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
rename to dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
--- a/dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
+++ b/dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
@@ -1,1 +1,1 @@
-content-security-policy-report-only: policy-uri /tests/dom/base/test/csp/file_CSP_policyuri_regression_from_multipolicy_policy
+content-security-policy-report-only: policy-uri /tests/dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy
rename from dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy
rename to dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy
rename from dom/base/test/csp/file_redirect_content.sjs
rename to dom/security/test/csp/file_redirect_content.sjs
--- a/dom/base/test/csp/file_redirect_content.sjs
+++ b/dom/security/test/csp/file_redirect_content.sjs
@@ -18,17 +18,17 @@ function handleRequest(request, response
     // do a 302 redirect to the same URL as the report URI
     // redirects to - this will fail the test.
     var loc = "http://example.com/some/fake/path";
     response.setStatusLine("1.1", 302, "Found");
     response.setHeader("Location", loc, false);
     return;
   }
 
-  var csp = "default-src \'self\';report-uri http://mochi.test:8888/tests/dom/base/test/csp/file_redirect_report.sjs?" + redirect;
+  var csp = "default-src \'self\';report-uri http://mochi.test:8888/tests/dom/security/test/csp/file_redirect_report.sjs?" + redirect;
 
   response.setHeader("Content-Security-Policy", csp, false);
 
   // the actual file content.
   // this image load will (intentionally) fail due to the CSP policy of default-src: 'self'
   // specified by the CSP string above.
   var content = "<!DOCTYPE HTML><html><body><img src = \"http://some.other.domain.example.com\"></body></html>";
 
rename from dom/base/test/csp/file_redirect_report.sjs
rename to dom/security/test/csp/file_redirect_report.sjs
rename from dom/base/test/csp/file_csp_redirects_main.html
rename to dom/security/test/csp/file_redirects_main.html
--- a/dom/base/test/csp/file_csp_redirects_main.html
+++ b/dom/security/test/csp/file_redirects_main.html
@@ -4,17 +4,17 @@
 </head>
 <body>
 <div id="container"></div>
 </body>
 
 <script>
 var thisSite = "http://mochi.test:8888";
 var otherSite = "http://example.com";
-var page = "/tests/dom/base/test/csp/file_csp_redirects_page.sjs";
+var page = "/tests/dom/security/test/csp/file_redirects_page.sjs";
 
 var tests = { "font-src": thisSite+page+"?testid=font-src&csp=1",
               "frame-src": thisSite+page+"?testid=frame-src&csp=1",
               "img-src":  thisSite+page+"?testid=img-src&csp=1",
               "media-src":  thisSite+page+"?testid=media-src&csp=1",
               "object-src":  thisSite+page+"?testid=object-src&csp=1",
               "script-src":  thisSite+page+"?testid=script-src&csp=1",
               "style-src":  thisSite+page+"?testid=style-src&csp=1",
rename from dom/base/test/csp/file_csp_redirects_page.sjs
rename to dom/security/test/csp/file_redirects_page.sjs
--- a/dom/base/test/csp/file_csp_redirects_page.sjs
+++ b/dom/security/test/csp/file_redirects_page.sjs
@@ -6,17 +6,17 @@ function handleRequest(request, response
   request.queryString.split('&').forEach(function (val) {
     var [name, value] = val.split('=');
     query[name] = unescape(value);
   });
 
   response.setHeader("Cache-Control", "no-cache", false);
   response.setHeader("Content-Type", "text/html", false);
 
-  var resource = "/tests/dom/base/test/csp/file_csp_redirects_resource.sjs";
+  var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
 
   // CSP header value
   if (query["csp"] == 1) {
     response.setHeader("Content-Security-Policy", "default-src 'self' ; style-src 'self' 'unsafe-inline'", false);
   }
 
   // downloadable font that redirects to another site
   if (query["testid"] == "font-src") {
rename from dom/base/test/csp/file_csp_redirects_resource.sjs
rename to dom/security/test/csp/file_redirects_resource.sjs
--- a/dom/base/test/csp/file_csp_redirects_resource.sjs
+++ b/dom/security/test/csp/file_redirects_resource.sjs
@@ -6,17 +6,17 @@ function handleRequest(request, response
   var query = {};
   request.queryString.split('&').forEach(function (val) {
     var [name, value] = val.split('=');
     query[name] = unescape(value);
   });
 
   var thisSite = "http://mochi.test:8888";
   var otherSite = "http://example.com";
-  var resource = "/tests/dom/base/test/csp/file_csp_redirects_resource.sjs";
+  var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
 
   response.setHeader("Cache-Control", "no-cache", false);
 
   // redirect to a resource on this site
   if (query["redir"] == "same") {
     var loc = thisSite+resource+"?res="+query["res"]+"&testid="+query["id"];
     response.setStatusLine("1.1", 302, "Found");
     response.setHeader("Location", loc, false);
rename from dom/base/test/csp/file_csp_referrerdirective.html
rename to dom/security/test/csp/file_referrerdirective.html
--- a/dom/base/test/csp/file_csp_referrerdirective.html
+++ b/dom/security/test/csp/file_referrerdirective.html
@@ -39,17 +39,17 @@ var postResult = function(loadType, refe
   console.log(JSON.stringify(results));
 }
 
 </script>
 </head>
 <body>
 Testing ...
 
-<script src="https://example.com/tests/dom/base/test/csp/referrerdirective.sjs?type=sameorigin&"
+<script src="https://example.com/tests/dom/security/test/csp/referrerdirective.sjs?type=sameorigin&"
         onerror="postResult('sameorigin', 'error');"></script>
-<script src="https://test2.example.com/tests/dom/base/test/csp/referrerdirective.sjs?type=crossorigin&"
+<script src="https://test2.example.com/tests/dom/security/test/csp/referrerdirective.sjs?type=crossorigin&"
         onerror="postResult('crossorigin', 'error');"></script>
-<script src="http://example.com/tests/dom/base/test/csp/referrerdirective.sjs?type=downgrade&"
+<script src="http://example.com/tests/dom/security/test/csp/referrerdirective.sjs?type=downgrade&"
         onerror="postResult('downgrade', 'error');"></script>
 
 </body>
 </html>
rename from dom/base/test/csp/file_csp_report.html
rename to dom/security/test/csp/file_report.html
rename from dom/base/test/csp/file_report_uri_missing_in_report_only_header.html
rename to dom/security/test/csp/file_report_uri_missing_in_report_only_header.html
rename from dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^
rename to dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^
rename from dom/base/test/csp/file_self_none_as_hostname_confusion.html
rename to dom/security/test/csp/file_self_none_as_hostname_confusion.html
rename from dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^
rename to dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^
rename from dom/base/test/csp/file_subframe_run_js_if_allowed.html
rename to dom/security/test/csp/file_subframe_run_js_if_allowed.html
rename from dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^
rename to dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^
rename from dom/base/test/csp/file_csp_testserver.sjs
rename to dom/security/test/csp/file_testserver.sjs
rename from dom/base/test/csp/file_worker_redirect.html
rename to dom/security/test/csp/file_worker_redirect.html
rename from dom/base/test/csp/file_worker_redirect.sjs
rename to dom/security/test/csp/file_worker_redirect.sjs
--- a/dom/base/test/csp/file_worker_redirect.sjs
+++ b/dom/security/test/csp/file_worker_redirect.sjs
@@ -19,17 +19,17 @@ function handleRequest(request, response
 
   if (query === "stage_1_worker_import_scripts") {
     response.write("importScripts(\"file_worker_redirect.sjs?stage_2_redirect_imported_script\");");
     return;
   }
 
   if (query === "stage_2_redirect_imported_script") {
     var newLocation =
-      "http://test1.example.com/tests/dom/base/test/csp/file_worker_redirect.sjs?stage_3_target_script";
+      "http://test1.example.com/tests/dom/security/test/csp/file_worker_redirect.sjs?stage_3_target_script";
     response.setStatusLine("1.1", 302, "Found");
     response.setHeader("Location", newLocation, false);
     return;
   }
 
   if (query === "stage_3_target_script") {
     response.write("postMessage(\"imported script loaded\");");
     return;
rename from dom/base/test/csp/mochitest.ini
rename to dom/security/test/csp/mochitest.ini
--- a/dom/base/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -1,156 +1,156 @@
 [DEFAULT]
 support-files =
   file_base-uri.html
   file_connect-src.html
   file_CSP.css
   file_CSP.sjs
-  file_csp_allow_https_schemes.html
-  file_CSP_bug663567.xsl
-  file_CSP_bug663567_allows.xml
-  file_CSP_bug663567_allows.xml^headers^
-  file_CSP_bug663567_blocks.xml
-  file_CSP_bug663567_blocks.xml^headers^
-  file_CSP_bug802872.html
-  file_CSP_bug802872.html^headers^
-  file_CSP_bug802872.js
-  file_CSP_bug802872.sjs
-  file_CSP_bug885433_allows.html
-  file_CSP_bug885433_allows.html^headers^
-  file_CSP_bug885433_blocks.html
-  file_CSP_bug885433_blocks.html^headers^
-  file_CSP_bug888172.html
-  file_CSP_bug888172.sjs
-  file_CSP_evalscript_main.js
-  file_CSP_evalscript_main_allowed.js
-  file_CSP_evalscript_main.html
-  file_CSP_evalscript_main.html^headers^
-  file_CSP_evalscript_main_allowed.html
-  file_CSP_evalscript_main_allowed.html^headers^
-  file_CSP_frameancestors_main.html
-  file_CSP_frameancestors_main.js
-  file_CSP_frameancestors.sjs
-  file_CSP_inlinescript_main.html
-  file_CSP_inlinescript_main.html^headers^
-  file_CSP_inlinescript_main_allowed.html
-  file_CSP_inlinescript_main_allowed.html^headers^
-  file_CSP_inlinestyle_main.html
-  file_CSP_inlinestyle_main.html^headers^
-  file_CSP_inlinestyle_main_allowed.html
-  file_CSP_inlinestyle_main_allowed.html^headers^
-  file_csp_invalid_source_expression.html
-  file_CSP_main.html
-  file_CSP_main.html^headers^
-  file_CSP_main.js
+  file_allow_https_schemes.html
+  file_bug663567.xsl
+  file_bug663567_allows.xml
+  file_bug663567_allows.xml^headers^
+  file_bug663567_blocks.xml
+  file_bug663567_blocks.xml^headers^
+  file_bug802872.html
+  file_bug802872.html^headers^
+  file_bug802872.js
+  file_bug802872.sjs
+  file_bug885433_allows.html
+  file_bug885433_allows.html^headers^
+  file_bug885433_blocks.html
+  file_bug885433_blocks.html^headers^
+  file_bug888172.html
+  file_bug888172.sjs
+  file_evalscript_main.js
+  file_evalscript_main_allowed.js
+  file_evalscript_main.html
+  file_evalscript_main.html^headers^
+  file_evalscript_main_allowed.html
+  file_evalscript_main_allowed.html^headers^
+  file_frameancestors_main.html
+  file_frameancestors_main.js
+  file_frameancestors.sjs
+  file_inlinescript_main.html
+  file_inlinescript_main.html^headers^
+  file_inlinescript_main_allowed.html
+  file_inlinescript_main_allowed.html^headers^
+  file_inlinestyle_main.html
+  file_inlinestyle_main.html^headers^
+  file_inlinestyle_main_allowed.html
+  file_inlinestyle_main_allowed.html^headers^
+  file_invalid_source_expression.html
+  file_main.html
+  file_main.html^headers^
+  file_main.js
   file_bug836922_npolicies.html
   file_bug836922_npolicies.html^headers^
   file_bug836922_npolicies_ro_violation.sjs
   file_bug836922_npolicies_violation.sjs
   file_bug886164.html
   file_bug886164.html^headers^
   file_bug886164_2.html
   file_bug886164_2.html^headers^
   file_bug886164_3.html
   file_bug886164_3.html^headers^
   file_bug886164_4.html
   file_bug886164_4.html^headers^
   file_bug886164_5.html
   file_bug886164_5.html^headers^
   file_bug886164_6.html
   file_bug886164_6.html^headers^
-  file_csp_bug768029.html
-  file_csp_bug768029.sjs
-  file_csp_bug773891.html
-  file_csp_bug773891.sjs
-  file_csp_redirects_main.html
-  file_csp_redirects_page.sjs
-  file_csp_redirects_resource.sjs
-  file_CSP_bug910139.sjs
-  file_CSP_bug910139.xml
-  file_CSP_bug910139.xsl
-  file_CSP_bug909029_star.html
-  file_CSP_bug909029_star.html^headers^
-  file_CSP_bug909029_none.html
-  file_CSP_bug909029_none.html^headers^
+  file_bug768029.html
+  file_bug768029.sjs
+  file_bug773891.html
+  file_bug773891.sjs
+  file_redirects_main.html
+  file_redirects_page.sjs
+  file_redirects_resource.sjs
+  file_bug910139.sjs
+  file_bug910139.xml
+  file_bug910139.xsl
+  file_bug909029_star.html
+  file_bug909029_star.html^headers^
+  file_bug909029_none.html
+  file_bug909029_none.html^headers^
   file_policyuri_regression_from_multipolicy.html
   file_policyuri_regression_from_multipolicy.html^headers^
   file_policyuri_regression_from_multipolicy_policy
   file_nonce_source.html
   file_nonce_source.html^headers^
-  file_CSP_bug941404.html
-  file_CSP_bug941404_xhr.html
-  file_CSP_bug941404_xhr.html^headers^
+  file_bug941404.html
+  file_bug941404_xhr.html
+  file_bug941404_xhr.html^headers^
   file_hash_source.html
   file_hash_source.html^headers^
   file_self_none_as_hostname_confusion.html
   file_self_none_as_hostname_confusion.html^headers^
-  file_csp_path_matching.html
-  file_csp_path_matching.js
-  file_csp_path_matching_redirect.html
-  file_csp_path_matching_redirect_server.sjs
-  file_csp_testserver.sjs
+  file_path_matching.html
+  file_path_matching.js
+  file_path_matching_redirect.html
+  file_path_matching_redirect_server.sjs
+  file_testserver.sjs
   file_report_uri_missing_in_report_only_header.html
   file_report_uri_missing_in_report_only_header.html^headers^
-  file_csp_report.html
+  file_report.html
   file_redirect_content.sjs
   file_redirect_report.sjs
   file_subframe_run_js_if_allowed.html
   file_subframe_run_js_if_allowed.html^headers^
   file_leading_wildcard.html
   file_multi_policy_injection_bypass.html
   file_multi_policy_injection_bypass.html^headers^
   file_multi_policy_injection_bypass_2.html
   file_multi_policy_injection_bypass_2.html^headers^
   file_form-action.html
   file_worker_redirect.html
   file_worker_redirect.sjs
-  file_csp_referrerdirective.html
+  file_referrerdirective.html
   referrerdirective.sjs
 
 [test_base-uri.html]
 [test_connect-src.html]
 [test_CSP.html]
-[test_csp_allow_https_schemes.html]
+[test_allow_https_schemes.html]
 skip-if = buildapp == 'b2g' #no ssl support
-[test_CSP_bug663567.html]
-[test_CSP_bug802872.html]
-[test_CSP_bug885433.html]
-[test_CSP_bug888172.html]
-[test_CSP_evalscript.html]
-[test_CSP_frameancestors.html]
+[test_bug663567.html]
+[test_bug802872.html]
+[test_bug885433.html]
+[test_bug888172.html]
+[test_evalscript.html]
+[test_frameancestors.html]
 skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug)) || toolkit == 'android' # Times out, not sure why (bug 1008445)
-[test_CSP_inlinescript.html]
-[test_CSP_inlinestyle.html]
-[test_csp_invalid_source_expression.html]
+[test_inlinescript.html]
+[test_inlinestyle.html]
+[test_invalid_source_expression.html]
 [test_bug836922_npolicies.html]
 [test_bug886164.html]
-[test_csp_redirects.html]
-[test_CSP_bug910139.html]
-[test_CSP_bug909029.html]
+[test_redirects.html]
+[test_bug910139.html]
+[test_bug909029.html]
 [test_policyuri_regression_from_multipolicy.html]
 [test_nonce_source.html]
-[test_CSP_bug941404.html]
+[test_bug941404.html]
 [test_form-action.html]
 skip-if = e10s || buildapp == 'b2g' # http-on-opening-request observers are not available in child processes
 [test_hash_source.html]
 skip-if = e10s || buildapp == 'b2g' # can't compute hashes in child process (bug 958702)
 [test_self_none_as_hostname_confusion.html]
 [test_bug949549.html]
-[test_csp_path_matching.html]
-[test_csp_path_matching_redirect.html]
+[test_path_matching.html]
+[test_path_matching_redirect.html]
 [test_report_uri_missing_in_report_only_header.html]
-[test_csp_report.html]
+[test_report.html]
 skip-if = e10s || buildapp == 'b2g' # http-on-opening-request observer not supported in child process (bug 1009632)
 [test_301_redirect.html]
 skip-if = buildapp == 'b2g' # intermittent orange (bug 1028490)
 [test_302_redirect.html]
 skip-if = buildapp == 'b2g' # intermittent orange (bug 1028490)
 [test_303_redirect.html]
 skip-if = buildapp == 'b2g' # intermittent orange (bug 1028490)
 [test_307_redirect.html]
 skip-if = buildapp == 'b2g' # intermittent orange (bug 1028490)
 [test_subframe_run_js_if_allowed.html]
 [test_leading_wildcard.html]
 [test_multi_policy_injection_bypass.html]
-[test_CSP_referrerdirective.html]
+[test_referrerdirective.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_worker_redirect.html]
rename from dom/base/test/csp/referrerdirective.sjs
rename to dom/security/test/csp/referrerdirective.sjs
--- a/dom/base/test/csp/referrerdirective.sjs
+++ b/dom/security/test/csp/referrerdirective.sjs
@@ -12,17 +12,17 @@ function handleRequest(request, response
     params[parts[0]] = unescape(parts[1]);
   });
 
   var loadType = params['type'];
   var referrerLevel = 'error';
 
   if (request.hasHeader('Referer')) {
     var referrer = request.getHeader('Referer');
-    if (referrer.indexOf("file_csp_testserver.sjs") > -1) {
+    if (referrer.indexOf("file_testserver.sjs") > -1) {
       referrerLevel = "full";
     } else {
       referrerLevel = "origin";
     }
   } else {
     referrerLevel = 'none';
   }
 
rename from dom/base/test/csp/test_301_redirect.html
rename to dom/security/test/csp/test_301_redirect.html
rename from dom/base/test/csp/test_302_redirect.html
rename to dom/security/test/csp/test_302_redirect.html
rename from dom/base/test/csp/test_303_redirect.html
rename to dom/security/test/csp/test_303_redirect.html
rename from dom/base/test/csp/test_307_redirect.html
rename to dom/security/test/csp/test_307_redirect.html
rename from dom/base/test/csp/test_CSP.html
rename to dom/security/test/csp/test_CSP.html
--- a/dom/base/test/csp/test_CSP.html
+++ b/dom/security/test/csp/test_CSP.html
@@ -105,14 +105,14 @@ SpecialPowers.pushPrefEnv(
           // blocks loading the resource until the user interacts with a
           // corresponding widget, which breaks the media_* tests. We set it
           // back to the default used by desktop Firefox to get consistent
           // behavior.
           ["media.preload.default", 2]]},
     function() {
       // save this for last so that our listeners are registered.
       // ... this loads the testbed of good and bad requests.
-      document.getElementById('cspframe').src = 'file_CSP_main.html';
+      document.getElementById('cspframe').src = 'file_main.html';
     });
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_csp_allow_https_schemes.html
rename to dom/security/test/csp/test_allow_https_schemes.html
--- a/dom/base/test/csp/test_csp_allow_https_schemes.html
+++ b/dom/security/test/csp/test_allow_https_schemes.html
@@ -13,17 +13,17 @@
   </div>
 
 <script class="testbody" type="text/javascript">
 
 SimpleTest.waitForExplicitFinish();
 
 /* Description of the test:
  * We are loading the following url (including a fragment portion):
- *   https://example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo
+ *   https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo
  * using different policies that lack specification of a scheme.
  *
  * Since the file is served over http:, the upgrade to https should be
  * permitted by CSP in case no port is specified.
  */
 
 var policies = [
   ["allowed", "example.com"],
@@ -35,19 +35,19 @@ var counter = 0;
 var policy;
 
 function loadNextTest() {
   if (counter == policies.length) {
     SimpleTest.finish();
   }
   else {
     policy = policies[counter++];
-    var src = "file_csp_testserver.sjs";
+    var src = "file_testserver.sjs";
     // append the file that should be served
-    src += "?file=" + escape("tests/dom/base/test/csp/file_csp_allow_https_schemes.html");
+    src += "?file=" + escape("tests/dom/security/test/csp/file_allow_https_schemes.html");
     // append the CSP that should be used to serve the file
     src += "&csp=" + escape("default-src 'none'; script-src " + policy[1]);
 
     document.getElementById("testframe").addEventListener("load", test, false);
     document.getElementById("testframe").src = src;
   }
 }
 
rename from dom/base/test/csp/test_base-uri.html
rename to dom/security/test/csp/test_base-uri.html
--- a/dom/base/test/csp/test_base-uri.html
+++ b/dom/security/test/csp/test_base-uri.html
@@ -55,19 +55,19 @@ examiner.prototype  = {
 window.BaseURIExaminer = new examiner();
 
 function loadNextTest() {
   counter++;
   if (counter == testPolicies.length) {
     window.BaseURIExaminer.remove();
     SimpleTest.finish();
   }
-  var src = "http://example.com/tests/dom/base/test/csp/file_csp_testserver.sjs";
+  var src = "http://example.com/tests/dom/security/test/csp/file_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_base-uri.html");
+  src += "?file=" + escape("tests/dom/security/test/csp/file_base-uri.html");
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(testPolicies[counter]);
   document.getElementById("testframe").src = src;
 }
 
 // start running the tests
 loadNextTest();
 
rename from dom/base/test/csp/test_CSP_bug663567.html
rename to dom/security/test/csp/test_bug663567.html
--- a/dom/base/test/csp/test_CSP_bug663567.html
+++ b/dom/security/test/csp/test_bug663567.html
@@ -29,17 +29,17 @@ var checkExplicitFinish = function() {
   }
 }
 
 function checkAllowed () {
   /*   The policy for this test is:
    *   Content-Security-Policy: default-src 'self'
    *
    *   we load the xsl file using:
-   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?>
+   *   <?xml-stylesheet type="text/xsl" href="file_bug663467.xsl"?>
    */
   try {
     var cspframe = document.getElementById('xsltframe');
     var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
     is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
   }
   catch (e) {
     ok(false, "Error: could not access content in xsltframe!")
@@ -47,30 +47,30 @@ function checkAllowed () {
   checkExplicitFinish();
 }
 
 function checkBlocked () {
   /*   The policy for this test is:
    *   Content-Security-Policy: default-src *.example.com
    *
    *   we load the xsl file using:
-   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?>
+   *   <?xml-stylesheet type="text/xsl" href="file_bug663467.xsl"?>
    */
   try {
     var cspframe = document.getElementById('xsltframe2');
     var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
     is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
   }
   catch (e) {
     ok(false, "Error: could not access content in xsltframe2!")
   }
   checkExplicitFinish();
 }
 
 document.getElementById('xsltframe').addEventListener('load', checkAllowed, false);
-document.getElementById('xsltframe').src = 'file_CSP_bug663567_allows.xml';
+document.getElementById('xsltframe').src = 'file_bug663567_allows.xml';
 
 document.getElementById('xsltframe2').addEventListener('load', checkBlocked, false);
-document.getElementById('xsltframe2').src = 'file_CSP_bug663567_blocks.xml';
+document.getElementById('xsltframe2').src = 'file_bug663567_blocks.xml';
 
 </script>
 </body>
 </html>
rename from dom/base/test/csp/test_csp_bug768029.html
rename to dom/security/test/csp/test_bug768029.html
--- a/dom/base/test/csp/test_csp_bug768029.html
+++ b/dom/security/test/csp/test_bug768029.html
@@ -30,43 +30,43 @@ const DEFAULT_CSP_CERT = "default-src *;
 
 SimpleTest.waitForExplicitFinish();
 
 var gData = [
   {
     app: "https://example.com/manifest.webapp",
     appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_INSTALLED,
     origin: "https://example.com",
-    uri: "https://example.com/tests/dom/base/test/csp/file_csp_bug768029.html",
+    uri: "https://example.com/tests/dom/security/test/csp/file_bug768029.html",
     statusString: "installed app",
     expectedTestResults: {
       max_tests: 7, /* number of bools below plus one for the status check */
       cross_origin: { img: true,  script: true,  style: true },
       same_origin:  { img: true,  script: true,  style: true  },
     },
   },
 
   {
     app: "https://example.com/manifest_priv.webapp",
     appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_PRIVILEGED,
     origin: "https://example.com",
-    uri: "https://example.com/tests/dom/base/test/csp/file_csp_bug768029.html",
+    uri: "https://example.com/tests/dom/security/test/csp/file_bug768029.html",
     statusString: "privileged app",
     expectedTestResults: {
       max_tests: 7, /* number of bools below plus one for the status check */
       cross_origin: { img: true,  script: false, style: false },
       same_origin:  { img: true,  script: true,  style: true  },
     },
   },
 
   {
     app: "https://example.com/manifest_cert.webapp",
     appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_CERTIFIED,
     origin: "https://example.com",
-    uri: "https://example.com/tests/dom/base/test/csp/file_csp_bug768029.html",
+    uri: "https://example.com/tests/dom/security/test/csp/file_bug768029.html",
     statusString: "certified app",
     expectedTestResults: {
       max_tests: 7, /* number of bools below plus one for the status check */
       cross_origin: { img: true,  script: false, style: false },
       same_origin:  { img: true,  script: true,  style: true  },
     },
   },
 ];
@@ -82,17 +82,17 @@ function ThingyListener(app, iframe) {
   this._resultsRecorded = { cross_origin: {}, same_origin: {}};
   this._iframe = iframe;
   this._countedTests = 0;
 }
 ThingyListener.prototype = {
 
   observe: function(subject, topic, data) {
     // make sure to only observe app-generated calls to the helper for this test.
-    var testpat = new RegExp("file_csp_bug768029\\.sjs");
+    var testpat = new RegExp("file_bug768029\\.sjs");
 
     // used to extract which kind of load this is (img, script, etc).
     var typepat = new RegExp("type=([\\_a-z0-9]+)");
 
     // used to identify whether it's cross-origin or same-origin loads
     // (the applied CSP allows same-origin loads).
     var originpat = new RegExp("origin=([\\_a-z0-9]+)");
 
rename from dom/base/test/csp/test_csp_bug773891.html
rename to dom/security/test/csp/test_bug773891.html
--- a/dom/base/test/csp/test_csp_bug773891.html
+++ b/dom/security/test/csp/test_bug773891.html
@@ -36,43 +36,43 @@ SimpleTest.waitForExplicitFinish();
 
 var gData = [
 
   {
     app: "https://example.com/manifest_csp_inst.webapp",
     appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_INSTALLED,
     csp: MANIFEST_CSP_INST,
     origin: "https://example.com",
-    uri: "https://example.com/tests/dom/base/test/csp/file_csp_bug773891.html",
+    uri: "https://example.com/tests/dom/security/test/csp/file_bug773891.html",
     statusString: "installed app",
     expectedTestResults: {
       max_tests: 7, /* number of bools below plus one for the status check */
       cross_origin: { img: true,  script: false, style: false },
       same_origin:  { img: true,  script: true,  style: true  },
     },
   },
   {
     app: "https://example.com/manifest_csp_cert.webapp",
     appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_CERTIFIED,
     csp: MANIFEST_CSP_CERT,
     origin: "https://example.com",
-    uri: "https://example.com/tests/dom/base/test/csp/file_csp_bug773891.html",
+    uri: "https://example.com/tests/dom/security/test/csp/file_bug773891.html",
     statusString: "certified app",
     expectedTestResults: {
       max_tests: 7, /* number of bools below plus one for the status check */
       cross_origin: { img: true,  script: false, style: false },
       same_origin:  { img: true,  script: true,  style: true  },
     },
   },
   {
     app: "https://example.com/manifest_csp_priv.webapp",
     appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_PRIVILEGED,
     csp: MANIFEST_CSP_PRIV,
     origin: "https://example.com",
-    uri: "https://example.com/tests/dom/base/test/csp/file_csp_bug773891.html",
+    uri: "https://example.com/tests/dom/security/test/csp/file_bug773891.html",
     statusString: "privileged app",
     expectedTestResults: {
       max_tests: 7, /* number of bools below plus one for the status check */
       cross_origin: { img: true,  script: false, style: false },
       same_origin:  { img: true,  script: true,  style: true  },
     },
   },
 ];
@@ -88,17 +88,17 @@ function ThingyListener(app, iframe) {
   this._resultsRecorded = { cross_origin: {}, same_origin: {}};
   this._iframe = iframe;
   this._countedTests = 0;
 }
 ThingyListener.prototype = {
 
   observe: function(subject, topic, data) {
     // make sure to only observe app-generated calls to the helper for this test.
-    var testpat = new RegExp("file_csp_bug773891\\.sjs");
+    var testpat = new RegExp("file_bug773891\\.sjs");
 
     // used to extract which kind of load this is (img, script, etc).
     var typepat = new RegExp("type=([\\_a-z0-9]+)");
 
     // used to identify whether it's cross-origin or same-origin loads
     // (the applied CSP allows same-origin loads).
     var originpat = new RegExp("origin=([\\_a-z0-9]+)");
 
rename from dom/base/test/csp/test_CSP_bug802872.html
rename to dom/security/test/csp/test_bug802872.html
--- a/dom/base/test/csp/test_CSP_bug802872.html
+++ b/dom/security/test/csp/test_bug802872.html
@@ -41,13 +41,13 @@ addEventListener('blockedEventSrcCallbac
   checkExplicitFinish();
 }, false);
 addEventListener('blockedEventSrcCallbackFailed', function (e) {
   ok(true, "OK: CSP blocks EventSource for not whitelisted domain!");
   checkExplicitFinish();
 }, false);
 
 // load it
-document.getElementById('eventframe').src = 'file_CSP_bug802872.html';
+document.getElementById('eventframe').src = 'file_bug802872.html';
 
 </script>
 </body>
 </html>
rename from dom/base/test/csp/test_bug836922_npolicies.html
rename to dom/security/test/csp/test_bug836922_npolicies.html
--- a/dom/base/test/csp/test_bug836922_npolicies.html
+++ b/dom/security/test/csp/test_bug836922_npolicies.html
@@ -9,17 +9,17 @@
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
 </div>
 
 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>
 <script class="testbody" type="text/javascript">
 
-var path = "/tests/dom/base/test/csp/";
+var path = "/tests/dom/security/test/csp/";
 
 // These are test results: verified indicates whether or not the test has run.
 // true/false is the pass/fail result.
 window.loads = {
   css_self: {expected: true, verified: false},
   css_examplecom: {expected: false, verified: false},
   img_self: {expected: false, verified: false},
   img_examplecom: {expected: false, verified: false},
rename from dom/base/test/csp/test_CSP_bug885433.html
rename to dom/security/test/csp/test_bug885433.html
--- a/dom/base/test/csp/test_CSP_bug885433.html
+++ b/dom/security/test/csp/test_bug885433.html
@@ -30,17 +30,17 @@ function checkAllowed () {
 
   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-allowed')).color;
   ok(color === green, "Inline script should be allowed");
   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-allowed')).color;
   ok(color === green, "Eval should be allowed");
   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-allowed')).color;
   ok(color === green, "Inline style should be allowed");
 
-  document.getElementById('cspframe2').src = 'file_CSP_bug885433_blocks.html';
+  document.getElementById('cspframe2').src = 'file_bug885433_blocks.html';
   document.getElementById('cspframe2').addEventListener('load', checkBlocked, false);
 }
 
 function checkBlocked () {
   var cspframe = document.getElementById('cspframe2');
   var color;
 
   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-blocked')).color;
@@ -48,14 +48,14 @@ function checkBlocked () {
   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-blocked')).color;
   ok(color === black, "Eval should be blocked");
   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-blocked')).color;
   ok(color === black, "Inline style should be blocked");
 
   SimpleTest.finish();
 }
 
-document.getElementById('cspframe').src = 'file_CSP_bug885433_allows.html';
+document.getElementById('cspframe').src = 'file_bug885433_allows.html';
 document.getElementById('cspframe').addEventListener('load', checkAllowed, false);
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_bug886164.html
rename to dom/security/test/csp/test_bug886164.html
--- a/dom/base/test/csp/test_bug886164.html
+++ b/dom/security/test/csp/test_bug886164.html
@@ -14,17 +14,17 @@
 <iframe style="width:200px;height:200px;" id='cspframe2' sandbox></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe3' sandbox="allow-same-origin"></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe4' sandbox></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe5' sandbox="allow-scripts"></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe6' sandbox="allow-same-origin allow-scripts"></iframe>
 <script class="testbody" type="text/javascript">
 
 
-var path = "/tests/dom/base/test/csp/";
+var path = "/tests/dom/security/test/csp/";
 
 // These are test results: -1 means it hasn't run,
 // true/false is the pass/fail result.
 window.tests = {
   // sandbox allow-same-origin; 'self'
   img_good: -1, // same origin
   img_bad: -1, //example.com
 
rename from dom/base/test/csp/test_CSP_bug888172.html
rename to dom/security/test/csp/test_bug888172.html
--- a/dom/base/test/csp/test_CSP_bug888172.html
+++ b/dom/security/test/csp/test_bug888172.html
@@ -31,43 +31,43 @@ function getElementColorById(doc, id) {
 // We test both script and style execution by observing changes in computed styles
 function checkDefaultSrcOnly() {
   var testframe = document.getElementById('testframe1');
 
   ok(getElementColorById(testframe, 'unsafe-inline-script') === green, "Inline script should be allowed");
   ok(getElementColorById(testframe, 'unsafe-eval-script')  === green, "Eval should be allowed");
   ok(getElementColorById(testframe, 'unsafe-inline-style') === green, "Inline style should be allowed");
 
-  document.getElementById('testframe2').src = 'file_CSP_bug888172.sjs?csp=' +
+  document.getElementById('testframe2').src = 'file_bug888172.sjs?csp=' +
     escape("default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self'");
   document.getElementById('testframe2').addEventListener('load', checkDefaultSrcWithScriptSrc, false);
 }
 
 function checkDefaultSrcWithScriptSrc() {
   var testframe = document.getElementById('testframe2');
 
   ok(getElementColorById(testframe, 'unsafe-inline-script') === black, "Inline script should be blocked");
   ok(getElementColorById(testframe, 'unsafe-eval-script')  === black, "Eval should be blocked");
   ok(getElementColorById(testframe, 'unsafe-inline-style') === green, "Inline style should be allowed");
 
-  document.getElementById('testframe3').src = 'file_CSP_bug888172.sjs?csp=' +
+  document.getElementById('testframe3').src = 'file_bug888172.sjs?csp=' +
     escape("default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self'");
   document.getElementById('testframe3').addEventListener('load', checkDefaultSrcWithStyleSrc, false);
 }
 
 function checkDefaultSrcWithStyleSrc() {
   var testframe = document.getElementById('testframe3');
 
   ok(getElementColorById(testframe, 'unsafe-inline-script') === green, "Inline script should be allowed");
   ok(getElementColorById(testframe, 'unsafe-eval-script')  === green, "Eval should be allowed");
   ok(getElementColorById(testframe, 'unsafe-inline-style') === black, "Inline style should be blocked");
 
   // last test calls finish
   SimpleTest.finish();
 }
 
-document.getElementById('testframe1').src = 'file_CSP_bug888172.sjs?csp=' +
+document.getElementById('testframe1').src = 'file_bug888172.sjs?csp=' +
   escape("default-src 'self' 'unsafe-inline' 'unsafe-eval'");
 document.getElementById('testframe1').addEventListener('load', checkDefaultSrcOnly, false);
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_CSP_bug909029.html
rename to dom/security/test/csp/test_bug909029.html
--- a/dom/base/test/csp/test_CSP_bug909029.html
+++ b/dom/security/test/csp/test_bug909029.html
@@ -115,15 +115,15 @@ function checkInlineWithNone() {
   window.testResult("noneInlineStyleAllowed",
                     getElementColorById(testframe, 'inline-style') === green,
                     "Inline styles should be allowed (style-src 'unsafe-inline' with none)");
   window.testResult("noneInlineScriptBlocked",
                     getElementColorById(testframe, 'inline-script') === black,
                     "Inline scripts should be blocked (style-src 'unsafe-inline' with none)");
 }
 
-document.getElementById('testframe1').src = 'file_CSP_bug909029_star.html';
+document.getElementById('testframe1').src = 'file_bug909029_star.html';
 document.getElementById('testframe1').addEventListener('load', checkInlineWithStar, false);
-document.getElementById('testframe2').src = 'file_CSP_bug909029_none.html';
+document.getElementById('testframe2').src = 'file_bug909029_none.html';
 document.getElementById('testframe2').addEventListener('load', checkInlineWithNone, false);
     </script>
   </body>
 </html>
rename from dom/base/test/csp/test_CSP_bug910139.html
rename to dom/security/test/csp/test_bug910139.html
--- a/dom/base/test/csp/test_CSP_bug910139.html
+++ b/dom/security/test/csp/test_bug910139.html
@@ -19,48 +19,48 @@ SimpleTest.waitForExplicitFinish();
 // define the expected output of this test
 var header = "this xml file should be formatted using an xsl file(lower iframe should contain xml dump)!";
 
 function checkAllowed () {
   /*   The policy for this test is:
    *   Content-Security-Policy: default-src 'self'; script-src 'self'
    *
    *   we load the xsl file using:
-   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
+   *   <?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
    */
   try {
     var cspframe = document.getElementById('xsltframe');
     var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
     is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
   }
   catch (e) {
     ok(false, "Error: could not access content in xsltframe!")
   }
 
   // continue with the next test
   document.getElementById('xsltframe2').addEventListener('load', checkBlocked, false);
-  document.getElementById('xsltframe2').src = 'file_CSP_bug910139.sjs';
+  document.getElementById('xsltframe2').src = 'file_bug910139.sjs';
 }
 
 function checkBlocked () {
   /*   The policy for this test is:
    *   Content-Security-Policy: default-src 'self'; script-src *.example.com
    *
    *   we load the xsl file using:
-   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug910139.xsl"?>
+   *   <?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
    */
   try {
     var cspframe = document.getElementById('xsltframe2');
     var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
     is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
   }
   catch (e) {
     ok(false, "Error: could not access content in xsltframe2!")
   }
   SimpleTest.finish();
 }
 
 document.getElementById('xsltframe').addEventListener('load', checkAllowed, false);
-document.getElementById('xsltframe').src = 'file_CSP_bug910139.sjs';
+document.getElementById('xsltframe').src = 'file_bug910139.sjs';
 
 </script>
 </body>
 </html>
rename from dom/base/test/csp/test_CSP_bug941404.html
rename to dom/security/test/csp/test_bug941404.html
--- a/dom/base/test/csp/test_CSP_bug941404.html
+++ b/dom/security/test/csp/test_bug941404.html
@@ -12,17 +12,17 @@
 
 
 </div>
 
 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>
 <script class="testbody" type="text/javascript">
 
 
-var path = "/tests/dom/base/test/csp/";
+var path = "/tests/dom/security/test/csp/";
 
 // These are test results: -1 means it hasn't run,
 // true/false is the pass/fail result.
 window.tests = {
   img_good: -1,
   img2_good: -1,
 };
 
@@ -94,14 +94,14 @@ window.testResult = function(testname, r
   window.examiner.remove();
   SimpleTest.finish();
 }
 
 SimpleTest.waitForExplicitFinish();
 
 // save this for last so that our listeners are registered.
 // ... this loads the testbed of good and bad requests.
-document.getElementById('cspframe').src = 'file_CSP_bug941404.html';
+document.getElementById('cspframe').src = 'file_bug941404.html';
 
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_bug949549.html
rename to dom/security/test/csp/test_bug949549.html
rename from dom/base/test/csp/test_connect-src.html
rename to dom/security/test/csp/test_connect-src.html
--- a/dom/base/test/csp/test_connect-src.html
+++ b/dom/security/test/csp/test_connect-src.html
@@ -55,30 +55,30 @@ function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
   SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
    if (topic === "specialpowers-http-notify-request") {
       // making sure we do not bubble a result for something other
       // then the request in question.
-      if (!data.contains("file_csp_testserver.sjs?foo")) {
+      if (!data.contains("file_testserver.sjs?foo")) {
         return;
       }
       checkResult("allowed");
     }
 
     if (topic === "csp-on-violate-policy") {
       // making sure we do not bubble a result for something other
       // then the request in question.
       var asciiSpec = SpecialPowers.getPrivilegedProps(
                         SpecialPowers.do_QueryInterface(subject, "nsIURI"),
                         "asciiSpec");
 
-      if (!asciiSpec.contains("file_csp_testserver.sjs?foo")) {
+      if (!asciiSpec.contains("file_testserver.sjs?foo")) {
         return;
       }
       checkResult("blocked");
     }
   },
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
     SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
@@ -89,19 +89,19 @@ window.ConnectSrcExaminer = new examiner
 function loadNextTest() {
   counter++;
   if (counter == tests.length) {
     window.ConnectSrcExaminer.remove();
     SimpleTest.finish();
     return;
   }
 
-  var src = "file_csp_testserver.sjs";
+  var src = "file_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_connect-src.html");
+  src += "?file=" + escape("tests/dom/security/test/csp/file_connect-src.html");
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(tests[counter].policy);
 
   document.getElementById("testframe").src = src;
 }
 
 // start running the tests
 loadNextTest();
rename from dom/base/test/csp/test_CSP_evalscript.html
rename to dom/security/test/csp/test_evalscript.html
--- a/dom/base/test/csp/test_CSP_evalscript.html
+++ b/dom/security/test/csp/test_evalscript.html
@@ -46,14 +46,14 @@ var checkTestResults = function() {
 }
 
 //////////////////////////////////////////////////////////////////////
 // set up and go
 SimpleTest.waitForExplicitFinish();
 
 // save this for last so that our listeners are registered.
 // ... this loads the testbed of good and bad requests.
-document.getElementById('cspframe').src = 'file_CSP_evalscript_main.html';
-document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_allowed.html';
+document.getElementById('cspframe').src = 'file_evalscript_main.html';
+document.getElementById('cspframe2').src = 'file_evalscript_main_allowed.html';
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_form-action.html
rename to dom/security/test/csp/test_form-action.html
--- a/dom/base/test/csp/test_form-action.html
+++ b/dom/security/test/csp/test_form-action.html
@@ -83,19 +83,19 @@ window.FormActionExaminer = new examiner
 function loadNextTest() {
   counter++;
   if (counter == tests.length) {
     window.FormActionExaminer.remove();
     SimpleTest.finish();
     return;
   }
 
-  var src = "file_csp_testserver.sjs";
+  var src = "file_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/" + tests[counter].page);
+  src += "?file=" + escape("tests/dom/security/test/csp/" + tests[counter].page);
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(tests[counter].policy);
 
   document.getElementById("testframe").src = src;
 }
 
 // start running the tests
 loadNextTest();
rename from dom/base/test/csp/test_CSP_frameancestors.html
rename to dom/security/test/csp/test_frameancestors.html
--- a/dom/base/test/csp/test_CSP_frameancestors.html
+++ b/dom/security/test/csp/test_frameancestors.html
@@ -144,14 +144,14 @@ function receiveMessage(event) {
 
 //////////////////////////////////////////////////////////////////////
 // set up and go
 window.examiner = new examiner();
 SimpleTest.waitForExplicitFinish();
 
 // save this for last so that our listeners are registered.
 // ... this loads the testbed of good and bad requests.
-document.getElementById('cspframe').src = 'file_CSP_frameancestors_main.html';
+document.getElementById('cspframe').src = 'file_frameancestors_main.html';
 
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_hash_source.html
rename to dom/security/test/csp/test_hash_source.html
rename from dom/base/test/csp/test_CSP_inlinescript.html
rename to dom/security/test/csp/test_inlinescript.html
--- a/dom/base/test/csp/test_CSP_inlinescript.html
+++ b/dom/security/test/csp/test_inlinescript.html
@@ -98,16 +98,16 @@ function clickit1() {
 function clickit2() {
   var cspframe2 = document.getElementById('cspframe2');
   var a = cspframe2.contentDocument.getElementById('anchortoclick');
   sendMouseEvent({type:'click'}, a, cspframe2.contentWindow);
 }
 
 // save this for last so that our listeners are registered.
 // ... this loads the testbed of good and bad requests.
-document.getElementById('cspframe1').src = 'file_CSP_inlinescript_main.html';
+document.getElementById('cspframe1').src = 'file_inlinescript_main.html';
 document.getElementById('cspframe1').addEventListener('load', clickit1, false);
-document.getElementById('cspframe2').src = 'file_CSP_inlinescript_main_allowed.html';
+document.getElementById('cspframe2').src = 'file_inlinescript_main_allowed.html';
 document.getElementById('cspframe2').addEventListener('load', clickit2, false);
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_CSP_inlinestyle.html
rename to dom/security/test/csp/test_inlinestyle.html
--- a/dom/base/test/csp/test_CSP_inlinestyle.html
+++ b/dom/security/test/csp/test_inlinestyle.html
@@ -91,17 +91,17 @@ function checkStylesAllowed(evt) {
 function checkIfDone() {
   done++;
   if (done == 2)
     SimpleTest.finish();
 }
 
 // save this for last so that our listeners are registered.
 // ... this loads the testbed of good and bad requests.
-document.getElementById('cspframe1').src = 'file_CSP_inlinestyle_main.html';
+document.getElementById('cspframe1').src = 'file_inlinestyle_main.html';
 document.getElementById('cspframe1').addEventListener('load', checkStyles, false);
-document.getElementById('cspframe2').src = 'file_CSP_inlinestyle_main_allowed.html';
+document.getElementById('cspframe2').src = 'file_inlinestyle_main_allowed.html';
 document.getElementById('cspframe2').addEventListener('load', checkStylesAllowed, false);
 
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_csp_invalid_source_expression.html
rename to dom/security/test/csp/test_invalid_source_expression.html
--- a/dom/base/test/csp/test_csp_invalid_source_expression.html
+++ b/dom/security/test/csp/test_invalid_source_expression.html
@@ -22,19 +22,19 @@ SimpleTest.waitForExplicitFinish();
  * where the source expression (bankid:/*) is invalid. In that case the source-expression
  * should be the empty set ('none'), see: http://www.w3.org/TR/CSP11/#source-list-parsing
  * We confirm that the script is blocked by CSP.
  */
 
 const policy = "script-src bankid:/*";
 
 function runTest() {
-  var src = "file_csp_testserver.sjs";
+  var src = "file_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_csp_invalid_source_expression.html");
+  src += "?file=" + escape("tests/dom/security/test/csp/file_invalid_source_expression.html");
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(policy);
 
   document.getElementById("testframe").addEventListener("load", test, false);
   document.getElementById("testframe").src = src;
 }
 
 function test() {
rename from dom/base/test/csp/test_leading_wildcard.html
rename to dom/security/test/csp/test_leading_wildcard.html
--- a/dom/base/test/csp/test_leading_wildcard.html
+++ b/dom/security/test/csp/test_leading_wildcard.html
@@ -79,19 +79,19 @@ examiner.prototype  = {
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
     SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 window.wildCardExaminer = new examiner();
 
 function runTest() {
-  var src = "file_csp_testserver.sjs";
+  var src = "file_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_leading_wildcard.html");
+  src += "?file=" + escape("tests/dom/security/test/csp/file_leading_wildcard.html");
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(policy);
 
   document.getElementById("testframe").src = src;
 }
 
 // start running the tests
 runTest();
rename from dom/base/test/csp/test_multi_policy_injection_bypass.html
rename to dom/security/test/csp/test_multi_policy_injection_bypass.html
--- a/dom/base/test/csp/test_multi_policy_injection_bypass.html
+++ b/dom/security/test/csp/test_multi_policy_injection_bypass.html
@@ -14,17 +14,17 @@ https://bugzilla.mozilla.org/show_bug.cg
 
 
 </div>
 
 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe2'></iframe>
 <script class="testbody" type="text/javascript">
 
-var path = "/tests/dom/base/test/";
+var path = "/tests/dom/security/test/";
 
 // These are test results: -1 means it hasn't run,
 // true/false is the pass/fail result.
 // This is not exhaustive, just double-checking the 'self' vs * policy conflict in the two HTTP headers.
 window.tests = {
   img_good: -1,
   img_bad: -1,
   script_good: -1,
rename from dom/base/test/csp/test_nonce_source.html
rename to dom/security/test/csp/test_nonce_source.html
rename from dom/base/test/csp/test_csp_path_matching.html
rename to dom/security/test/csp/test_path_matching.html
--- a/dom/base/test/csp/test_csp_path_matching.html
+++ b/dom/security/test/csp/test_path_matching.html
@@ -13,74 +13,74 @@
   </div>
 
 <script class="testbody" type="text/javascript">
 
 SimpleTest.waitForExplicitFinish();
 
 /* Description of the test:
  * We are loading the following url (including a fragment portion):
- * http://test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo
+ * http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo
  * using different policies and verify that the applied policy is accurately enforced.
  */
 
 var policies = [
   ["allowed", "*"],
   ["allowed", "http://*"], // test for bug 1075230, enforcing scheme and wildcard
   ["allowed", "test1.example.com"],
   ["allowed", "test1.example.com/"],
-  ["allowed", "test1.example.com/tests/dom/base/test/csp/"],
-  ["allowed", "test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"],
+  ["allowed", "test1.example.com/tests/dom/security/test/csp/"],
+  ["allowed", "test1.example.com/tests/dom/security/test/csp/file_path_matching.js"],
 
   ["allowed", "test1.example.com?foo=val"],
   ["allowed", "test1.example.com/?foo=val"],
-  ["allowed", "test1.example.com/tests/dom/base/test/csp/?foo=val"],
-  ["allowed", "test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js?foo=val"],
+  ["allowed", "test1.example.com/tests/dom/security/test/csp/?foo=val"],
+  ["allowed", "test1.example.com/tests/dom/security/test/csp/file_path_matching.js?foo=val"],
 
   ["allowed", "test1.example.com#foo"],
   ["allowed", "test1.example.com/#foo"],
-  ["allowed", "test1.example.com/tests/dom/base/test/csp/#foo"],
-  ["allowed", "test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.js#foo"],
+  ["allowed", "test1.example.com/tests/dom/security/test/csp/#foo"],
+  ["allowed", "test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo"],
 
   ["allowed", "*.example.com"],
   ["allowed", "*.example.com/"],
-  ["allowed", "*.example.com/tests/dom/base/test/csp/"],
-  ["allowed", "*.example.com/tests/dom/base/test/csp/file_csp_path_matching.js"],
+  ["allowed", "*.example.com/tests/dom/security/test/csp/"],
+  ["allowed", "*.example.com/tests/dom/security/test/csp/file_path_matching.js"],
 
   ["allowed", "test1.example.com:80"],
   ["allowed", "test1.example.com:80/"],
-  ["allowed", "test1.example.com:80/tests/dom/base/test/csp/"],
-  ["allowed", "test1.example.com:80/tests/dom/base/test/csp/file_csp_path_matching.js"],
+  ["allowed", "test1.example.com:80/tests/dom/security/test/csp/"],
+  ["allowed", "test1.example.com:80/tests/dom/security/test/csp/file_path_matching.js"],
 
   ["allowed", "test1.example.com:*"],
   ["allowed", "test1.example.com:*/"],
-  ["allowed", "test1.example.com:*/tests/dom/base/test/csp/"],
-  ["allowed", "test1.example.com:*/tests/dom/base/test/csp/file_csp_path_matching.js"],
+  ["allowed", "test1.example.com:*/tests/dom/security/test/csp/"],
+  ["allowed", "test1.example.com:*/tests/dom/security/test/csp/file_path_matching.js"],
 
   ["blocked", "test1.example.com/tests"],
-  ["blocked", "test1.example.com/tests/dom/base/test/csp"],
-  ["blocked", "test1.example.com/tests/dom/base/test/csp/file_csp_path_matching.py"],
+  ["blocked", "test1.example.com/tests/dom/security/test/csp"],
+  ["blocked", "test1.example.com/tests/dom/security/test/csp/file_path_matching.py"],
 
   ["blocked", "test1.example.com:8888/tests"],
-  ["blocked", "test1.example.com:8888/tests/dom/base/test/csp"],
-  ["blocked", "test1.example.com:8888/tests/dom/base/test/csp/file_csp_path_matching.py"],
+  ["blocked", "test1.example.com:8888/tests/dom/security/test/csp"],
+  ["blocked", "test1.example.com:8888/tests/dom/security/test/csp/file_path_matching.py"],
 ]
 
 var counter = 0;
 var policy;
 
 function loadNextTest() {
   if (counter == policies.length) {
     SimpleTest.finish();
   }
   else {
     policy = policies[counter++];
-    var src = "file_csp_testserver.sjs";
+    var src = "file_testserver.sjs";
     // append the file that should be served
-    src += "?file=" + escape("tests/dom/base/test/csp/file_csp_path_matching.html");
+    src += "?file=" + escape("tests/dom/security/test/csp/file_path_matching.html");
     // append the CSP that should be used to serve the file
     src += "&csp=" + escape("default-src 'none'; script-src " + policy[1]);
 
     document.getElementById("testframe").addEventListener("load", test, false);
     document.getElementById("testframe").src = src;
   }
 }
 
rename from dom/base/test/csp/test_csp_path_matching_redirect.html
rename to dom/security/test/csp/test_path_matching_redirect.html
--- a/dom/base/test/csp/test_csp_path_matching_redirect.html
+++ b/dom/security/test/csp/test_path_matching_redirect.html
@@ -26,31 +26,31 @@ SimpleTest.waitForExplicitFinish();
  * as described in the spec, see:
  * http://www.w3.org/TR/CSP11/#source-list-paths-and-redirects
  */
 
 var policy = "script-src http://example.com http://test1.example.com/CSPAllowsScriptsInThatFolder";
 
 var tests = [
   {
-    // the script in file_csp_path_matching.html
-    // <script src="http://test1.example.com/tests/dom/base/..">
+    // the script in file_path_matching.html
+    // <script src="http://test1.example.com/tests/dom/security/..">
     // is not within the whitelisted path by the csp-policy
     // hence the script is 'blocked' by CSP.
     expected: "blocked",
-    uri: "tests/dom/base/test/csp/file_csp_path_matching.html"
+    uri: "tests/dom/security/test/csp/file_path_matching.html"
   },
   {
-    // the script in file_csp_path_matching_redirect.html
+    // the script in file_path_matching_redirect.html
     // <script src="http://example.com/tests/dom/..">
     // gets redirected to: http://test1.example.com/tests/dom
     // where after the redirect the path of the policy is not enforced
     // anymore and hence execution of the script is 'allowed'.
     expected: "allowed",
-    uri: "tests/dom/base/test/csp/file_csp_path_matching_redirect.html"
+    uri: "tests/dom/security/test/csp/file_path_matching_redirect.html"
   },
 ];
 
 var counter = 0;
 var curTest;
 
 function checkResult() {
   try {
@@ -66,17 +66,17 @@ function checkResult() {
 }
 
 function loadNextTest() {
   if (counter == tests.length) {
     SimpleTest.finish();
   }
   else {
     curTest = tests[counter++];
-    var src = "file_csp_testserver.sjs";
+    var src = "file_testserver.sjs";
     // append the file that should be served
     src += "?file=" + escape(curTest.uri);
     // append the CSP that should be used to serve the file
     src += "&csp=" + escape(policy);
 
     document.getElementById("testframe").addEventListener("load", checkResult, false);
     document.getElementById("testframe").src = src;
   }
rename from dom/base/test/csp/test_policyuri_regression_from_multipolicy.html
rename to dom/security/test/csp/test_policyuri_regression_from_multipolicy.html
rename from dom/base/test/csp/test_csp_redirects.html
rename to dom/security/test/csp/test_redirects.html
--- a/dom/base/test/csp/test_csp_redirects.html
+++ b/dom/security/test/csp/test_redirects.html
@@ -10,17 +10,17 @@
 <div id="content" style="display: none">
 
 </div>
 
 <iframe style="width:100%;height:300px;" id="harness"></iframe>
 <pre id="log"></pre>
 <script class="testbody" type="text/javascript">
 
-var path = "/tests/dom/base/test/csp/";
+var path = "/tests/dom/security/test/csp/";
 
 // debugging
 function log(s) {
   return;
   dump("**" + s + "\n");
   var log = document.getElementById("log");
   log.textContent = log.textContent+s+"\n";
 }
@@ -119,15 +119,15 @@ SpecialPowers.pushPrefEnv(
           // blocks loading the resource until the user interacts with a
           // corresponding widget, which breaks the media_* tests. We set it
           // back to the default used by desktop Firefox to get consistent
           // behavior.
           ["media.preload.default", 2]]},
   function() {
     // save this for last so that our listeners are registered.
     // ... this loads the testbed of good and bad requests.
-    document.getElementById("harness").src = "file_csp_redirects_main.html";
+    document.getElementById("harness").src = "file_redirects_main.html";
   });
 </script>
 </pre>
 
 </body>
 </html>
rename from dom/base/test/csp/test_CSP_referrerdirective.html
rename to dom/security/test/csp/test_referrerdirective.html
--- a/dom/base/test/csp/test_CSP_referrerdirective.html
+++ b/dom/security/test/csp/test_referrerdirective.html
@@ -107,19 +107,19 @@ SpecialPowers.pushPrefEnv({
     },
     function() {
       // each of the iframes we create will call us back when its contents are loaded.
       window.addEventListener("message", referrerDirectiveTests.onIframeComplete.bind(window), false);
 
       // one iframe created for each test case
       for (var id in testData) {
         var elt = document.createElement("iframe");
-        elt.src = "https://example.com/tests/dom/base/test/csp/file_csp_testserver.sjs?" +
+        elt.src = "https://example.com/tests/dom/security/test/csp/file_testserver.sjs?" +
                   "id=" + id +
                   "&csp=" + escape(testData[id]['csp']) +
-                  "&file=tests/dom/base/test/csp/file_csp_referrerdirective.html";
+                  "&file=tests/dom/security/test/csp/file_referrerdirective.html";
         document.getElementById("content").appendChild(elt);
       }
     });
 </script>
 </pre>
 </body>
 </html>
rename from dom/base/test/csp/test_csp_report.html
rename to dom/security/test/csp/test_report.html
--- a/dom/base/test/csp/test_csp_report.html
+++ b/dom/security/test/csp/test_report.html
@@ -22,35 +22,35 @@ https://bugzilla.mozilla.org/show_bug.cg
  * all scripts from running (default-src 'none'). We verify that
  * the generated csp-report contains the expceted values. If any
  * of the JSON is not formatted properly (e.g. not properly escaped)
  * then JSON.parse will fail, which allows to pinpoint such errors
  * in the catch block, and the test will fail. Since we use an
  * observer, we can set the actual report-uri to a foo value.
  */
 
-const testfile = "tests/dom/base/test/csp/file_csp_report.html";
+const testfile = "tests/dom/security/test/csp/file_report.html";
 const reportURI = "http://mochi.test:8888/foo.sjs";
 const policy = "default-src 'none'; report-uri " + reportURI;
-const docUri = "http://mochi.test:8888/tests/dom/base/test/csp/file_csp_testserver.sjs" +
-               "?file=tests/dom/base/test/csp/file_csp_report.html" +
+const docUri = "http://mochi.test:8888/tests/dom/security/test/csp/file_testserver.sjs" +
+               "?file=tests/dom/security/test/csp/file_report.html" +
                "&csp=default-src%20%27none%27%3B%20report-uri%20http%3A//mochi.test%3A8888/foo.sjs";
 
 window.checkResults = function(reportObj) {
   var cspReport = reportObj["csp-report"];
 
   // The following uris' fragments should be stripped before reporting:
   //    * document-uri
   //    * blocked-uri
   //    * source-file
   // see http://www.w3.org/TR/CSP11/#violation-reports
   is(cspReport["document-uri"], docUri, "Incorrect document-uri");
 
   // we can not test for the whole referrer since it includes platform specific information
-  ok(cspReport["referrer"].startsWith("http://mochi.test:8888/tests/dom/base/test/csp/test_csp_report.html"),
+  ok(cspReport["referrer"].startsWith("http://mochi.test:8888/tests/dom/security/test/csp/test_report.html"),
      "Incorrect referrer");
 
   is(cspReport["blocked-uri"], "self", "Incorrect blocked-uri");
 
   is(cspReport["violated-directive"], "default-src 'none'", "Incorrect violated-directive");
 
   is(cspReport["original-policy"], "default-src 'none'; report-uri http://mochi.test:8888/foo.sjs",
      "Incorrect original-policy");
@@ -125,17 +125,17 @@ examiner.prototype  = {
     SpecialPowers.removeObserver(this, "http-on-opening-request");
   }
 }
 window.examiner = new examiner();
 SimpleTest.waitForExplicitFinish();
 
 // load the resource which will generate a CSP violation report
 // save this for last so that our listeners are registered.
-var src = "file_csp_testserver.sjs";
+var src = "file_testserver.sjs";
 // append the file that should be served
 src += "?file=" + escape(testfile);
 // append the CSP that should be used to serve the file
 src += "&csp=" + escape(policy);
 // appending a fragment so we can test that it's correctly stripped
 // for document-uri and source-file.
 src += "#foo";
 document.getElementById("cspframe").src = src;
rename from dom/base/test/csp/test_report_uri_missing_in_report_only_header.html
rename to dom/security/test/csp/test_report_uri_missing_in_report_only_header.html
rename from dom/base/test/csp/test_self_none_as_hostname_confusion.html
rename to dom/security/test/csp/test_self_none_as_hostname_confusion.html
rename from dom/base/test/csp/test_subframe_run_js_if_allowed.html
rename to dom/security/test/csp/test_subframe_run_js_if_allowed.html
rename from dom/base/test/csp/test_worker_redirect.html
rename to dom/security/test/csp/test_worker_redirect.html
--- a/dom/base/test/csp/test_worker_redirect.html
+++ b/dom/security/test/csp/test_worker_redirect.html
@@ -55,19 +55,19 @@ function checkResult(aResult) {
 }
 
 function loadNextTest() {
   if (counter == tests.length) {
     SimpleTest.finish();
     return;
   }
   curTest = tests[counter++];
-  var src = "file_csp_testserver.sjs";
+  var src = "file_testserver.sjs";
   // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_worker_redirect.html");
+  src += "?file=" + escape("tests/dom/security/test/csp/file_worker_redirect.html");
   // append the CSP that should be used to serve the file
   src += "&csp=" + escape(curTest.policy);
   document.getElementById("testframe").src = src;
 }
 
 SimpleTest.waitForExplicitFinish();
 loadNextTest();
 
new file mode 100644
--- /dev/null
+++ b/dom/security/test/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+XPCSHELL_TESTS_MANIFESTS += [
+    'unit/xpcshell.ini',
+]
+
+GeckoCppUnitTests([
+    'TestCSPParser',
+])
+
+MOCHITEST_MANIFESTS += [
+    'csp/mochitest.ini',
+]
+
+MOCHITEST_CHROME_MANIFESTS += [
+    'csp/chrome.ini',
+]
rename from dom/base/test/unit/test_cspreports.js
rename to dom/security/test/unit/test_cspreports.js
--- a/dom/base/test/unit/test_cspreports.js
+++ b/dom/security/test/unit/test_cspreports.js
@@ -3,16 +3,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 const Cc = Components.classes;
 const Ci = Components.interfaces;
 const Cu = Components.utils;
 const Cr = Components.results;
 
 Cu.import('resource://gre/modules/NetUtil.jsm');
+Cu.import("resource://testing-common/httpd.js");
 
 var httpServer = new HttpServer();
 httpServer.start(-1);
 var testsToFinish = 0;
 
 const REPORT_SERVER_PORT = httpServer.identity.primaryPort;
 const REPORT_SERVER_URI = "http://localhost";
 const REPORT_SERVER_PATH = "/report";
new file mode 100644
--- /dev/null
+++ b/dom/security/test/unit/xpcshell.ini
@@ -0,0 +1,7 @@
+[DEFAULT]
+head =
+tail =
+skip-if = toolkit == 'gonk'
+
+[test_cspreports.js]
+skip-if = buildapp == 'mulet'