[webkit-changes] [116335] trunk/LayoutTests

Mon, 07 May 2012 12:00:41 -0700

Title: [116335] trunk/LayoutTests
Revision
116335
Author
[email protected]
Date
2012-05-07 12:01:31 -0700 (Mon, 07 May 2012)

Log Message

Test the combination of CSP and srcdoc
https://bugs.webkit.org/show_bug.cgi?id=85778

Reviewed by Eric Seidel.

This test ensure that <iframe srcdoc> can't be used to bypass
Content-Security-Policy restrictions on script-src. We already have the
correct behavior. This test just verifies it.

* http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (116334 => 116335)


--- trunk/LayoutTests/ChangeLog	2012-05-07 18:57:46 UTC (rev 116334)
+++ trunk/LayoutTests/ChangeLog	2012-05-07 19:01:31 UTC (rev 116335)
@@ -1,3 +1,17 @@
+2012-05-07  Adam Barth  <[email protected]>
+
+        Test the combination of CSP and srcdoc
+        https://bugs.webkit.org/show_bug.cgi?id=85778
+
+        Reviewed by Eric Seidel.
+
+        This test ensure that <iframe srcdoc> can't be used to bypass
+        Content-Security-Policy restrictions on script-src. We already have the
+        correct behavior. This test just verifies it.
+
+        * http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html: Added.
+
 2012-05-07  Pravin D  <[email protected]>
 
         Wrong positioning due to wrong width calculation wrt width:0

Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt (0 => 116335)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt	2012-05-07 19:01:31 UTC (rev 116335)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: Refused to execute inline script because of Content-Security-Policy.
+
+This test passes if it doesn't alert fail.

Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html (0 => 116335)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html	2012-05-07 19:01:31 UTC (rev 116335)
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="X-WebKit-CSP" content="script-src 'self'">
+<script src=""
+</head>
+<body>
+This test passes if it doesn't alert fail.
+<iframe srcdoc="<script>alert('FAIL')</script>"></iframe>
+</body>
+</html>

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to