subsumption_algorithm-host_sources-hosts.html (1727B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Embedded Enforcement: Subsumption Algorithm - Host parts in host source expressions.</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="support/testharness-helper.sub.js"></script> 8 </head> 9 <body> 10 <script> 11 var tests = [ 12 { "name": "Host must match.", 13 "required_csp": "img-src http://c.com", 14 "returned_csp": "img-src http://b.com", 15 "expected": IframeLoad.EXPECT_BLOCK }, 16 { "name": "Hosts without wildcards must match.", 17 "required_csp": "img-src http://c.com:* http://inner.b.com", 18 "returned_csp": "img-src http://b.com", 19 "expected": IframeLoad.EXPECT_BLOCK }, 20 { "name": "More specific subdomain should not match.", 21 "required_csp": "img-src http://c.com:* http://b.com", 22 "returned_csp": "img-src http://inner.b.com", 23 "expected": IframeLoad.EXPECT_BLOCK }, 24 { "name": "Specified host should not match a wildcard host.", 25 "required_csp": "img-src http://c.com:* http://inner.b.com", 26 "returned_csp": "img-src http://*.b.com", 27 "expected": IframeLoad.EXPECT_BLOCK }, 28 { "name": "A wildcard host should match a more specific host.", 29 "required_csp": "img-src http://c.com:* http://*.b.com", 30 "returned_csp": "img-src https://inner.b.com", 31 "expected": IframeLoad.EXPECT_LOAD }, 32 ]; 33 34 tests.forEach(test => { 35 async_test(t => { 36 var url = generateUrlWithPolicies(Host.CROSS_ORIGIN, test.returned_csp); 37 assert_iframe_with_csp(t, url, test.required_csp, test.expected, test.name, null); 38 }, test.name); 39 }); 40 </script> 41 </body> 42 </html>