File: script-src-self.sub.js

package info (click to toggle)
firefox-esr 115.15.0esr-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,659,216 kB
  • sloc: cpp: 6,676,686; javascript: 5,690,965; ansic: 3,328,546; python: 1,120,594; asm: 397,163; xml: 180,531; java: 178,838; sh: 68,930; makefile: 20,999; perl: 12,595; objc: 12,561; yacc: 4,583; cs: 3,846; pascal: 2,840; lex: 1,720; ruby: 1,079; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (71 lines) | stat: -rw-r--r-- 2,755 bytes parent folder | download | duplicates (25) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
importScripts("{{location[server]}}/resources/testharness.js");
importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js");

let importscripts_url ="https://{{hosts[][www]}}:{{ports[https][1]}}" +
    "/content-security-policy/support/var-a.js";

promise_test(async t => {
  self.a = false;
  assert_throws_dom("NetworkError",
                    _ => importScripts(importscripts_url),
                    "importScripts should throw `NetworkError`");
  assert_false(self.a);
  return waitUntilCSPEventForURL(t, importscripts_url);
}, "Cross-origin `importScripts()` blocked in " + self.location.protocol +
             " with {{GET[test-name]}}");

promise_test(t => {
  assert_throws_js(EvalError,
                   _ => eval("1 + 1"),
                   "`eval()` should throw 'EvalError'.");

  assert_throws_js(EvalError,
                   _ => new Function("1 + 1"),
                   "`new Function()` should throw 'EvalError'.");
  return Promise.all([
    waitUntilCSPEventForEval(t, 19),
    waitUntilCSPEventForEval(t, 23),
  ]);
}, "`eval()` blocked in " + self.location.protocol +
             " with {{GET[test-name]}}");

promise_test(t => {
  self.setTimeoutTest = t;
  let result = setTimeout("(self.setTimeoutTest.unreached_func(" +
                          "'setTimeout([string]) should not execute.'))()", 1);
  assert_equals(result, 0);
  return waitUntilCSPEventForEval(t, 34);
}, "`setTimeout([string])` blocked in " + self.location.protocol +
             " with {{GET[test-name]}}");

promise_test(async t => {
  let report_url = "{{location[server]}}/reporting/resources/report.py" +
      "?op=retrieve_report&reportID={{GET[id]}}&min_count=4";

  let response = await fetch(report_url);
  assert_equals(response.status, 200, "Fetching reports failed");

  let response_json = await response.json();
  let reports = response_json.map(x => x["csp-report"]);

  assert_array_equals(
      reports.map(x => x["blocked-uri"]).sort(),
      [ importscripts_url, "eval", "eval", "eval" ].sort(),
      "Reports do not match");
  assert_array_equals(
      reports.map(x => x["violated-directive"]).sort(),
      [ "script-src-elem", "script-src", "script-src", "script-src" ].sort(),
      "Violated directive in report does not match");
  assert_array_equals(
      reports.map(x => x["effective-directive"]).sort(),
      [ "script-src-elem", "script-src", "script-src", "script-src" ].sort(),
      "Effective directive in report does not match");
  reports.forEach(x => {
    assert_equals(
        x["disposition"], "enforce",
        "Disposition in report does not match");
  });
}, "Reports are sent for " + self.location.protocol +
                  " with {{GET[test-name]}}");

done();