test_child-src_worker_data.html (4569B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1045891</title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <p id="display"></p> 11 <div id="content" style="visibility: hidden"> 12 </div> 13 14 <script class="testbody" type="text/javascript"> 15 /* 16 * Description of the test: 17 * We load a page with a given CSP and verify that child frames and workers are correctly 18 * evaluated through the "child-src" directive. 19 */ 20 21 SimpleTest.waitForExplicitFinish(); 22 23 var WORKER_TEST_FILE = "file_child-src_worker_data.html"; 24 var SHARED_WORKER_TEST_FILE = "file_child-src_shared_worker_data.html"; 25 26 var tests = { 27 'same-src-worker-no-data': { 28 id: "same-src-worker-no-data", 29 file: WORKER_TEST_FILE, 30 result : "blocked", 31 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self'" 32 }, 33 'same-src-worker': { 34 id: "same-src-worker", 35 file: WORKER_TEST_FILE, 36 result : "allowed", 37 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self' data:" 38 }, 39 'same-src-shared_worker-no-data': { 40 id: "same-src-shared_worker-no-data", 41 file: SHARED_WORKER_TEST_FILE, 42 result : "blocked", 43 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self'" 44 }, 45 'same-src-shared_worker': { 46 id: "same-src-shared_worker", 47 file: SHARED_WORKER_TEST_FILE, 48 result : "allowed", 49 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self' data:" 50 }, 51 'star-src-worker': { 52 id: "star-src-worker", 53 file: WORKER_TEST_FILE, 54 result : "allowed", 55 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src * data:" 56 }, 57 'star-src-worker-no-data': { 58 id: "star-src-worker-no-data", 59 file: WORKER_TEST_FILE, 60 result : "blocked", 61 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *" 62 }, 63 'star-src-shared_worker-no-data': { 64 id: "star-src-shared_worker-no-data", 65 file: SHARED_WORKER_TEST_FILE, 66 result : "blocked", 67 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *" 68 }, 69 'star-src-shared_worker': { 70 id: "star-src-shared_worker", 71 file: SHARED_WORKER_TEST_FILE, 72 result : "allowed", 73 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src * data:" 74 }, 75 'other-src-worker-no-data': { 76 id: "other-src-worker-no-data", 77 file: WORKER_TEST_FILE, 78 result : "blocked", 79 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org" 80 }, 81 'other-src-shared_worker-no-data': { 82 id: "other-src-shared_worker-no-data", 83 file: SHARED_WORKER_TEST_FILE, 84 result : "blocked", 85 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org" 86 }, 87 }; 88 89 finished = {}; 90 91 function recvMessage(ev) { 92 is(ev.data.message, tests[ev.data.id].result, "CSP child-src worker test " + ev.data.id); 93 finished[ev.data.id] = ev.data.message; 94 95 if (Object.keys(finished).length == Object.keys(tests).length) { 96 window.removeEventListener('message', recvMessage); 97 SimpleTest.finish(); 98 } 99 } 100 101 window.addEventListener('message', recvMessage); 102 103 function loadNextTest() { 104 for (item in tests) { 105 test = tests[item]; 106 var src = "file_testserver.sjs"; 107 // append the file that should be served 108 src += "?file=" + escape("tests/dom/security/test/csp/" + test.file); 109 // append the CSP that should be used to serve the file 110 src += "&csp=" + escape(test.policy); 111 // add our identifier 112 src += "#" + escape(test.id); 113 114 content = document.getElementById('content'); 115 testframe = document.createElement("iframe"); 116 testframe.setAttribute('id', test.id); 117 content.appendChild(testframe); 118 testframe.src = src; 119 } 120 } 121 122 // start running the tests 123 loadNextTest(); 124 </script> 125 </body> 126 </html>