Bug 1509401 [wpt PR 14192] - Add javascript navigations interop tests, a=testonly
authorAndy Paicu <andypaicu@chromium.org>
Fri, 30 Nov 2018 18:05:18 +0000
changeset 450077 be26adb09ce09c5438a82b867661ff5d306deac1
parent 450076 011406a72554d1154955602fbf2592866dbfc59e
child 450078 a849cdb8cdc72ae214fcedac6c319d2f64094fa4
push id35189
push userccoroiu@mozilla.com
push dateTue, 11 Dec 2018 21:33:05 +0000
treeherdermozilla-central@ac7f3beb6333 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1509401, 14192, 694525, 1348054, 611643
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1509401 [wpt PR 14192] - Add javascript navigations interop tests, a=testonly Automatic update from web-platform-tests Add javascript navigations interop tests https://github.com/w3c/webappsec-csp/issues/322 raises an interop issue It appears the issue itself has been fixed since but I've added these tests regardless to ensure there is no regression. Bug: 694525 Change-Id: Icb5502e228b3a96c176cbe23d5b4ce9c5c8640ab Reviewed-on: https://chromium-review.googlesource.com/c/1348054 Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611643} -- wpt-commits: a82d43808d79ecd0074a4623fd69e3a7bb16c188 wpt-pr: 14192
testing/web-platform/tests/content-security-policy/navigation/support/frame-with-csp.sub.html
testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html
testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigation/support/frame-with-csp.sub.html
@@ -0,0 +1,2 @@
+<meta http-equiv="Content-Security-Policy" content="{{GET[csp]}}">
+CHILD FRAME
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<iframe src="support/frame-with-csp.sub.html?csp=script-src%20%27self%27"></iframe>
+<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
+<script>
+  var t = async_test("Should have executed the javascript url");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "executed")
+      t.done();
+  });
+  window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have raised a violation event"));
+  document.getElementById('special_div').click();
+</script>
+</body>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<head>
+<meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-abc'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<iframe src="support/frame-with-csp.sub.html"></iframe>
+<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
+<script nonce='abc'>
+  var t = async_test("Should not have executed the javascript url");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "executed")
+      assert_true(false, "Javascript url executed");
+  });
+  window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
+    assert_equals(e.blockedURI, 'inline');
+    assert_equals(e.violatedDirective, 'script-src-attr');
+  }));
+  document.getElementById('special_div').click();
+</script>
+</body>