script-src-self.sub.js (2755B)
1 importScripts("{{location[server]}}/resources/testharness.js"); 2 importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); 3 4 let importscripts_url ="https://{{hosts[][www]}}:{{ports[https][1]}}" + 5 "/content-security-policy/support/var-a.js"; 6 7 promise_test(async t => { 8 self.a = false; 9 assert_throws_dom("NetworkError", 10 _ => importScripts(importscripts_url), 11 "importScripts should throw `NetworkError`"); 12 assert_false(self.a); 13 return waitUntilCSPEventForURL(t, importscripts_url); 14 }, "Cross-origin `importScripts()` blocked in " + self.location.protocol + 15 " with {{GET[test-name]}}"); 16 17 promise_test(t => { 18 assert_throws_js(EvalError, 19 _ => eval("1 + 1"), 20 "`eval()` should throw 'EvalError'."); 21 22 assert_throws_js(EvalError, 23 _ => new Function("1 + 1"), 24 "`new Function()` should throw 'EvalError'."); 25 return Promise.all([ 26 waitUntilCSPEventForEval(t, 19), 27 waitUntilCSPEventForEval(t, 23), 28 ]); 29 }, "`eval()` blocked in " + self.location.protocol + 30 " with {{GET[test-name]}}"); 31 32 promise_test(t => { 33 self.setTimeoutTest = t; 34 let result = setTimeout("(self.setTimeoutTest.unreached_func(" + 35 "'setTimeout([string]) should not execute.'))()", 1); 36 assert_equals(result, 0); 37 return waitUntilCSPEventForEval(t, 34); 38 }, "`setTimeout([string])` blocked in " + self.location.protocol + 39 " with {{GET[test-name]}}"); 40 41 promise_test(async t => { 42 let report_url = "{{location[server]}}/reporting/resources/report.py" + 43 "?op=retrieve_report&reportID={{GET[id]}}&min_count=4"; 44 45 let response = await fetch(report_url); 46 assert_equals(response.status, 200, "Fetching reports failed"); 47 48 let response_json = await response.json(); 49 let reports = response_json.map(x => x["csp-report"]); 50 51 assert_array_equals( 52 reports.map(x => x["blocked-uri"]).sort(), 53 [ importscripts_url, "eval", "eval", "eval" ].sort(), 54 "Reports do not match"); 55 assert_array_equals( 56 reports.map(x => x["violated-directive"]).sort(), 57 [ "script-src-elem", "script-src", "script-src", "script-src" ].sort(), 58 "Violated directive in report does not match"); 59 assert_array_equals( 60 reports.map(x => x["effective-directive"]).sort(), 61 [ "script-src-elem", "script-src", "script-src", "script-src" ].sort(), 62 "Effective directive in report does not match"); 63 reports.forEach(x => { 64 assert_equals( 65 x["disposition"], "enforce", 66 "Disposition in report does not match"); 67 }); 68 }, "Reports are sent for " + self.location.protocol + 69 " with {{GET[test-name]}}"); 70 71 done();