nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/dom/security/test/csp/test_bug885433.html
Brian Grinstead 0d460e3432 Bug 1544322 - Part 2.2 - Remove the [type] attribute for one-liner <script> tags loading files in /tests/SimpleTest/ in dom/ r=bzbarsky 
This is split from the previous changeset since if we include dom/ the file size is too
large for phabricator to handle.

This is an autogenerated commit to handle scripts loading mochitest harness files, in
the simple case where the script src is on the same line as the tag.

This was generated with https://bug1544322.bmoattachments.org/attachment.cgi?id=9058170
using the `--part 2` argument.

Differential Revision: https://phabricator.services.mozilla.com/D27457

--HG--
extra : moz-landing-system : lando
2019-04-16 03:53:28 +00:00

61 lines
2.4 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html>
<head>
<title>Test for Content Security Policy inline stylesheets stuff</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<iframe style="width:100%;" id='cspframe'></iframe>
<iframe style="width:100%;" id='cspframe2'></iframe>
<script class="testbody" type="text/javascript">
//////////////////////////////////////////////////////////////////////
// set up and go
SimpleTest.waitForExplicitFinish();
// utilities for check functions
// black means the style wasn't applied, applied styles are green
var green = 'rgb(0, 128, 0)';
var black = 'rgb(0, 0, 0)';
// We test both script and style execution by observing changes in computed styles
function checkAllowed () {
var cspframe = document.getElementById('cspframe');
var color;
color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-allowed')).color;
ok(color === green, "Inline script should be allowed");
color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-allowed')).color;
ok(color === green, "Eval should be allowed");
color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-allowed')).color;
ok(color === green, "Inline style should be allowed");
document.getElementById('cspframe2').src = 'file_bug885433_blocks.html';
document.getElementById('cspframe2').addEventListener('load', checkBlocked);
}
function checkBlocked () {
var cspframe = document.getElementById('cspframe2');
var color;
color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-blocked')).color;
ok(color === black, "Inline script should be blocked");
color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-blocked')).color;
ok(color === black, "Eval should be blocked");
color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-blocked')).color;
ok(color === black, "Inline style should be blocked");
SimpleTest.finish();
}
document.getElementById('cspframe').src = 'file_bug885433_allows.html';
document.getElementById('cspframe').addEventListener('load', checkAllowed);
</script>
</pre>
</body>
</html>
View git blame Copy permalink