nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/dom/security/test/csp/test_hash_source.html
Brian Grinstead 0d460e3432 Bug 1544322 - Part 2.2 - Remove the [type] attribute for one-liner <script> tags loading files in /tests/SimpleTest/ in dom/ r=bzbarsky 
This is split from the previous changeset since if we include dom/ the file size is too
large for phabricator to handle.

This is an autogenerated commit to handle scripts loading mochitest harness files, in
the simple case where the script src is on the same line as the tag.

This was generated with https://bug1544322.bmoattachments.org/attachment.cgi?id=9058170
using the `--part 2` argument.

Differential Revision: https://phabricator.services.mozilla.com/D27457

--HG--
extra : moz-landing-system : lando
2019-04-16 03:53:28 +00:00

135 lines
4.5 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html>
<head>
<title>Test CSP 1.1 hash-source for inline scripts and styles</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<script src="/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="visibility:hidden">
<iframe style="width:100%;" id='cspframe'></iframe>
</div>
<script class="testbody" type="text/javascript">
function cleanup() {
// finish the tests
SimpleTest.finish();
}
function checkInline () {
var cspframe = document.getElementById('cspframe').contentDocument;
var inlineScriptTests = {
'inline-script-valid-hash': {
shouldBe: 'allowed',
message: 'Inline script with valid hash should be allowed'
},
'inline-script-invalid-hash': {
shouldBe: 'blocked',
message: 'Inline script with invalid hash should be blocked'
},
'inline-script-invalid-hash-valid-nonce': {
shouldBe: 'allowed',
message: 'Inline script with invalid hash and valid nonce should be allowed'
},
'inline-script-valid-hash-invalid-nonce': {
shouldBe: 'allowed',
message: 'Inline script with valid hash and invalid nonce should be allowed'
},
'inline-script-invalid-hash-invalid-nonce': {
shouldBe: 'blocked',
message: 'Inline script with invalid hash and invalid nonce should be blocked'
},
'inline-script-valid-sha512-hash': {
shouldBe: 'allowed',
message: 'Inline script with a valid sha512 hash should be allowed'
},
'inline-script-valid-sha384-hash': {
shouldBe: 'allowed',
message: 'Inline script with a valid sha384 hash should be allowed'
},
'inline-script-valid-sha1-hash': {
shouldBe: 'blocked',
message: 'Inline script with a valid sha1 hash should be blocked, because sha1 is not a valid hash function'
},
'inline-script-valid-md5-hash': {
shouldBe: 'blocked',
message: 'Inline script with a valid md5 hash should be blocked, because md5 is not a valid hash function'
}
}
for (testId in inlineScriptTests) {
var test = inlineScriptTests[testId];
is(cspframe.getElementById(testId).innerHTML, test.shouldBe, test.message);
}
// Inline style tries to change an element's color to green. If blocked, the
// element's color will be the default black.
var green = "rgb(0, 128, 0)";
var black = "rgb(0, 0, 0)";
var getElementColorById = function (id) {
return window.getComputedStyle(cspframe.getElementById(id)).color;
};
var inlineStyleTests = {
'inline-style-valid-hash': {
shouldBe: green,
message: 'Inline style with valid hash should be allowed'
},
'inline-style-invalid-hash': {
shouldBe: black,
message: 'Inline style with invalid hash should be blocked'
},
'inline-style-invalid-hash-valid-nonce': {
shouldBe: green,
message: 'Inline style with invalid hash and valid nonce should be allowed'
},
'inline-style-valid-hash-invalid-nonce': {
shouldBe: green,
message: 'Inline style with valid hash and invalid nonce should be allowed'
},
'inline-style-invalid-hash-invalid-nonce' : {
shouldBe: black,
message: 'Inline style with invalid hash and invalid nonce should be blocked'
},
'inline-style-valid-sha512-hash': {
shouldBe: green,
message: 'Inline style with a valid sha512 hash should be allowed'
},
'inline-style-valid-sha384-hash': {
shouldBe: green,
message: 'Inline style with a valid sha384 hash should be allowed'
},
'inline-style-valid-sha1-hash': {
shouldBe: black,
message: 'Inline style with a valid sha1 hash should be blocked, because sha1 is not a valid hash function'
},
'inline-style-valid-md5-hash': {
shouldBe: black,
message: 'Inline style with a valid md5 hash should be blocked, because md5 is not a valid hash function'
}
}
for (testId in inlineStyleTests) {
var test = inlineStyleTests[testId];
is(getElementColorById(testId), test.shouldBe, test.message);
}
cleanup();
}
//////////////////////////////////////////////////////////////////////
// set up and go
SimpleTest.waitForExplicitFinish();
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_hash_source.html';
document.getElementById('cspframe').addEventListener('load', checkInline);
</script>
</pre>
</body>
</html>
View git blame Copy permalink