Bug 663567 - Verify that content added by XSLT stylesheet is subject to document's CSP - test update. r=sstamm
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Wed, 04 Sep 2013 09:36:00 -0700
changeset 158652 49a194c84ab0fbf8c4a20122c111810d20798322
parent 158651 ee0964953b2583398a353d2ad629c1faa0938a9d
child 158653 2e67cbcf632286210b6dd80226c26f52931e1bf6
push id2961
push userlsblakk@mozilla.com
push dateMon, 28 Oct 2013 21:59:28 +0000
treeherdermozilla-beta@73ef4f13486f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm
bugs663567
milestone26.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 663567 - Verify that content added by XSLT stylesheet is subject to document's CSP - test update. r=sstamm
content/base/test/Makefile.in
content/base/test/file_CSP_bug663567.xsl
content/base/test/file_CSP_bug663567_allows.xml
content/base/test/file_CSP_bug663567_allows.xsl
content/base/test/file_CSP_bug663567_blocks.xml
content/base/test/file_CSP_bug663567_blocks.xml^headers^
content/base/test/test_CSP_bug663567.html
--- a/content/base/test/Makefile.in
+++ b/content/base/test/Makefile.in
@@ -646,17 +646,17 @@ MOCHITEST_FILES_C= \
 		variable_style_sheet.sjs \
 		test_processing_instruction_update_stylesheet.xhtml \
 		test_CSP_bug888172.html \
 		file_CSP_bug888172.html \
 		file_CSP_bug888172.sjs \
 		test_CSP_bug663567.html \
 		file_CSP_bug663567_allows.xml \
 		file_CSP_bug663567_allows.xml^headers^ \
-		file_CSP_bug663567_allows.xsl \
+		file_CSP_bug663567.xsl \
 		file_CSP_bug663567_blocks.xml \
 		file_CSP_bug663567_blocks.xml^headers^ \
 		test_CSP_bug802872.html \
 		file_CSP_bug802872.html \
 		file_CSP_bug802872.html^headers^ \
 		file_CSP_bug802872.js \
 		file_CSP_bug802872.sjs \
 		test_bug907892.html \
rename from content/base/test/file_CSP_bug663567_allows.xsl
rename to content/base/test/file_CSP_bug663567.xsl
--- a/content/base/test/file_CSP_bug663567_allows.xml
+++ b/content/base/test/file_CSP_bug663567_allows.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567_allows.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>
 		<artist>Bob Dylan</artist>
 		<country>USA</country>
 		<company>Columbia</company>
 		<price>10.90</price>
 		<year>1985</year>
--- a/content/base/test/file_CSP_bug663567_blocks.xml
+++ b/content/base/test/file_CSP_bug663567_blocks.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<?xml-stylesheet type="text/xsl" href="http://example.org/tests/content/base/test/file_CSP_bug663567_blocks.xsl"?>
+<?xml-stylesheet type="text/xsl" href="file_CSP_bug663567.xsl"?>
 <catalog>
 	<cd>
 		<title>Empire Burlesque</title>
 		<artist>Bob Dylan</artist>
 		<country>USA</country>
 		<company>Columbia</company>
 		<price>10.90</price>
 		<year>1985</year>
--- a/content/base/test/file_CSP_bug663567_blocks.xml^headers^
+++ b/content/base/test/file_CSP_bug663567_blocks.xml^headers^
@@ -1,1 +1,1 @@
-Content-Security-Policy: default-src 'self'
+Content-Security-Policy: default-src *.example.com
--- a/content/base/test/test_CSP_bug663567.html
+++ b/content/base/test/test_CSP_bug663567.html
@@ -29,36 +29,35 @@ var checkExplicitFinish = function() {
   }
 }
 
 function checkAllowed () {
   /*   The policy for this test is:
    *   Content-Security-Policy: default-src 'self'
    *
    *   we load the xsl file using:
-   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467_allows.xsl"?>
+   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?>
    */
   try {
     var cspframe = document.getElementById('xsltframe');
     var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
     is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
   }
   catch (e) {
     ok(false, "Error: could not access content in xsltframe!")
   }
   checkExplicitFinish();
 }
 
 function checkBlocked () {
   /*   The policy for this test is:
-   *   Content-Security-Policy: default-src 'self'
+   *   Content-Security-Policy: default-src *.example.com
    *
    *   we load the xsl file using:
-   *   <?xml-stylesheet type="text/xsl"
-   *    href="http://example.org/tests/content/base/test/file_CSP_bug663467_blocks.xsl"?>
+   *   <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?>
    */
   try {
     var cspframe = document.getElementById('xsltframe2');
     var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
     is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
   }
   catch (e) {
     ok(false, "Error: could not access content in xsltframe2!")