inline.html (9856B)
1 <!doctype html> 2 <head> 3 <meta charset=utf-8> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 </head> 7 <body> 8 <!-- 9 The following tests all use the test Ed25519 key from RFC9421: 10 https://www.rfc-editor.org/rfc/rfc9421.html#name-example-ed25519-test-key 11 12 JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= 13 14 alongside a randomly generated key (the same one used in `helper.js`): 15 16 xDnP380zcL4rJ76rXYjeHlfMyPZEOqpJYjsjEppbuXE= 17 18 Note that whitespace matters in all the following tests, so when 19 generating a signature, it's important to match any formatting in the 20 <script> elements below.,] 21 --> 22 <script> 23 // We kinda have to assume this executes, since its failure would mean that 24 // the entire test is impossible to run. We'll set up all the following 25 // tests here as `async_test` calls, and verify execution or lack thereof 26 // in script blocks below. 27 let tests = { 28 // When no `signature` attribute is present, execution will not be blocked on verification. 29 "no signature, no integrity": async_test("No `signature`, no `integrity` => executes"), 30 "no signature, invalid integrity": async_test("No `signature`, invalid `integrity` => executes"), 31 "no signature, valid integrity": async_test("No `signature`, valid `integrity` => executes"), 32 "no signature, multiple integrity": async_test("No `signature`, multiple `integrity` => executes"), 33 34 // When an invalid `signature` attribute is present, execution will not be blocked on verification. 35 "invalid signature, no integrity": async_test("invalid `signature`, no `integrity` => executes"), 36 "invalid signature, invalid integrity": async_test("invalid `signature`, invalid `integrity` => executes"), 37 "invalid signature, valid integrity": async_test("invalid `signature`, valid `integrity` => executes"), 38 "invalid signature, multiple integrity": async_test("invalid `signature`, multiple `integrity` => executes"), 39 40 // When a valid `signature` attribute is present, execution depends upon verification via `integrity`. 41 "valid signature, no integrity": async_test("valid `signature`, no `integrity` => blocked"), 42 "valid signature, invalid integrity": async_test("valid `signature`, invalid `integrity` => blocked"), 43 "valid signature, valid integrity": async_test("valid `signature`, valid `integrity` => executes"), 44 "valid signature, multiple integrity": async_test("valid `signature`, multiple `integrity` => executes"), 45 46 // When multiple signatures are present in a `signature` attribute, execution depends upon verification via `integrity`. 47 "multiple signature, no integrity": async_test("multiple `signature`, no `integrity` => blocked"), 48 "multiple signature, invalid integrity": async_test("multiple `signature`, invalid `integrity` => blocked"), 49 "multiple signature, valid integrity": async_test("multiple `signature`, valid `integrity` => executes"), 50 "multiple signature, multiple integrity": async_test("multiple `signature`, multiple `integrity` => executes"), 51 52 // Non-ASCII characters. 53 "valid signature, valid integrity, non-ASCII": async_test("valid `signature`, valid `integrity`, non-ASCII => executes"), 54 55 // SVG 56 "SVG valid signature, no integrity": async_test("SVG valid `signature`, no `integrity` => blocked"), 57 "SVG valid signature, invalid integrity": async_test("SVG valid `signature`, invalid `integrity` => blocked"), 58 "SVG valid signature, valid integrity": async_test("SVG valid `signature`, valid `integrity` => executes"), 59 "SVG valid signature, multiple integrity": async_test("SVG valid `signature`, multiple `integrity` => executes"), 60 }; 61 </script> 62 63 <!-- 64 No signature tests 65 --> 66 <script> 67 tests["no signature, no integrity"].done(); 68 </script> 69 70 <script integrity="invalid-integrity"> 71 tests["no signature, invalid integrity"].done(); 72 </script> 73 74 <script integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="> 75 tests["no signature, valid integrity"].done(); 76 </script> 77 78 <script integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= 79 ed25519-xDnP380zcL4rJ76rXYjeHlfMyPZEOqpJYjsjEppbuXE="> 80 tests["no signature, multiple integrity"].done(); 81 </script> 82 83 <!-- 84 Invalid signature tests 85 --> 86 <script signature="invalid-signature"> 87 tests["invalid signature, no integrity"].done(); 88 </script> 89 90 <script signature="invalid-signature" 91 integrity="invalid-integrity"> 92 tests["invalid signature, invalid integrity"].done(); 93 </script> 94 95 <script signature="invalid-signature" 96 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="> 97 tests["invalid signature, valid integrity"].done(); 98 </script> 99 100 <script signature="invalid-signature" 101 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= 102 ed25519-xDnP380zcL4rJ76rXYjeHlfMyPZEOqpJYjsjEppbuXE="> 103 tests["invalid signature, multiple integrity"].done(); 104 </script> 105 106 <!-- 107 Valid signature tests 108 --> 109 <script signature="ed25519-4OPrZjK+XVtbLqLcus3k15FOxZIbgASmUGSuNjZcD7YPxI44o/MlZlE34sh1aSSGfpe8/TxYrePEUj0cQ0vaBg=="> 110 tests["valid signature, no integrity"].step(_ => assert_unreached("Should be blocked.")); 111 </script> 112 <script>tests["valid signature, no integrity"].done();</script> 113 114 <script signature="ed25519-nmVggq+GghoIYMaheQBzJirQsDy4/MP0siWjNiduMzPLSOP3PEV0aScOV5bq1WUkZP9dXyNXhfSIxCod6B47CQ==" 115 integrity="invalid-integrity"> 116 tests["valid signature, invalid integrity"].step(_ => assert_unreached("Should be blocked.")); 117 </script> 118 <script>tests["valid signature, invalid integrity"].done();</script> 119 120 <script signature="ed25519-O5fHCyO+T2JZZ91UUFFkkAtKW9mAOQRN2PpSUTXksBBNdX7uYE5d+bupx96arn+6SVRGm2PD8kSsbd6FNHG3AQ==" 121 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="> 122 tests["valid signature, valid integrity"].done(); 123 </script> 124 125 <script signature="ed25519-TUwOF1z8hTiVakVccimlm4hI8xi0Vdv7ab66IVztcKUiugwuNAihDlKSQkv9S08l0tg43UmZnhB5GbRem7Z7Cg==" 126 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= 127 ed25519-xDnP380zcL4rJ76rXYjeHlfMyPZEOqpJYjsjEppbuXE="> 128 tests["valid signature, multiple integrity"].done(); 129 </script> 130 131 <!-- 132 Multiple signature tests 133 --> 134 <script signature="ed25519-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 135 ed25519-ESUfd6rSpUdMtmGMXvozDWzZ2d+Tfhvo+X7ObA+lnV8qfvE3qn64P+mfuQlixBUktyx3ssdMQox+qPXR2hW8DQ=="> 136 tests["multiple signature, no integrity"].step(_ => assert_unreached("Should be blocked.")); 137 </script> 138 <script>tests["multiple signature, no integrity"].done();</script> 139 140 <script signature="ed25519-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 141 ed25519-qsuezXxAmnpeJr985iQTAVO3Q5TI8rF5HeKkiBDJRrQbtCHykx0QPy3ELSocWKDM40Ww/Zd/hKt1FdLEg2uDAA==" 142 integrity="invalid-integrity"> 143 tests["multiple signature, invalid integrity"].step(_ => assert_unreached("Should be blocked.")); 144 </script> 145 <script>tests["multiple signature, invalid integrity"].done();</script> 146 147 <script signature="ed25519-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 148 ed25519-7ceXA5rReNZdDzlsH8DDIy2SxLIS1Tp48TFJZrayi0uGBXHffUjj8liPnmV10fasoGTPuNnsvNHa5W1fghQZBw==" 149 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="> 150 tests["multiple signature, valid integrity"].done(); 151 </script> 152 153 <script signature="ed25519-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 154 ed25519-Njz1TpdFvYPsf4FCqGcDwVIjnhTkKOM2b0SdgaeE/guycjywsWAWV6U88NO3y0rLyptKj0WNwfQKvhJWhIxjAA==" 155 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= 156 ed25519-xDnP380zcL4rJ76rXYjeHlfMyPZEOqpJYjsjEppbuXE="> 157 tests["multiple signature, multiple integrity"].done(); 158 </script> 159 160 <!-- 161 Non-ASCII 162 --> 163 <script signature="ed25519-pUMhbd94Dbv8gQ8nlwdi5QZ6QFmVamoceflIbhVCV/odcP7UvJyTmPYt5y+oEOOp1d0cbagnlWYo1Q9FAQ7ECA==" 164 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="> 165 // Det er fullt av ål i luftputebåten min 166 tests["valid signature, valid integrity, non-ASCII"].done(); 167 </script> 168 169 <!-- 170 SVG 171 --> 172 <svg><script signature="ed25519-U1+GWrr0/qwdsIohJmQc9l4Z4Ji8acgpBXSmCXk5nVepNzoNtHrFCq2blReYN2h4FeBE2NtOJzFrBtS0+kUFAA=="> 173 tests["SVG valid signature, no integrity"].step(_ => assert_unreached("Should be blocked.")); 174 </script></svg> 175 <script>tests["SVG valid signature, no integrity"].done();</script> 176 177 <svg><script signature="ed25519-azU1yb4f+g5CqowFrz2LLIMft6Zj7psdpf90PXyjmxEC1pHaFOgYYwulX9KEe9OSmzj8GZg+6NgmOF4kwhL2Aw==" 178 integrity="invalid-integrity"> 179 tests["SVG valid signature, invalid integrity"].step(_ => assert_unreached("Should be blocked.")); 180 </script></svg> 181 <script>tests["SVG valid signature, invalid integrity"].done();</script> 182 183 <svg><script signature="ed25519-wKpcLXWo0PlBRa+zg2mXI3Prulg8K03GVl+7y7uQUJlC6g8KpH8g5GIEpn6asL7Ar1OFJIjaJBU87ofbVNo7BQ==" 184 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="> 185 tests["SVG valid signature, valid integrity"].done(); 186 </script></svg> 187 188 <svg><script signature="ed25519-V3b25FhkHFN4vjxAGK42dxoiTW6nIATEaf7AKMsVfGKYE6VVsGtlaiP0D5wIKsevw0eXOYKUu/KF+yyb0lYkBg==" 189 integrity="ed25519-JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= ed25519-xDnP380zcL4rJ76rXYjeHlfMyPZEOqpJYjsjEppbuXE="> 190 tests["SVG valid signature, multiple integrity"].done(); 191 </script></svg> 192 </body>