diff options
| author | Tim van der Lippe <TimvdLippe@users.noreply.github.com> | 2025-04-17 23:11:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-17 21:11:25 +0000 |
| commit | 2a81987590622feabd1beedb3c7cc87d6a88c85a (patch) | |
| tree | 1615f7c11bcbeeab8c43dad58c3980a7e072d32e /tests/wpt/meta | |
| parent | 70b3e248168f1277e282a269bd1bf754fa7b784c (diff) | |
| download | servo-2a81987590622feabd1beedb3c7cc87d6a88c85a.tar.gz servo-2a81987590622feabd1beedb3c7cc87d6a88c85a.zip | |
Check CSP for inline event handlers (#36510)
This also ensures that document now reports all violations and we set
the correct directive.
With these changes, all `script-src-attr-elem` WPT tests pass.
Part of #36437
Requires servo/rust-content-security-policy#3 to land first
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Diffstat (limited to 'tests/wpt/meta')
58 files changed, 14 insertions, 553 deletions
diff --git a/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini b/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini index efaa0fc8ca4..e3d7c23eef2 100644 --- a/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini @@ -1,6 +1,3 @@ [report-uri-does-not-respect-base-uri.sub.html] - [Event is fired] - expected: FAIL - [Violation report status OK.] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini deleted file mode 100644 index c2b9c5f26c7..00000000000 --- a/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[default-src-inline-blocked.sub.html] - [Expecting logs: ["violated-directive=script-src-elem","violated-directive=script-src-elem"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini deleted file mode 100644 index e1b9ec3f770..00000000000 --- a/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[default-src-strict_dynamic_and_unsafe_inline.html] - expected: TIMEOUT - [Should fire a security policy violation for the inline block] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini deleted file mode 100644 index 3cf8d56a5d6..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini +++ /dev/null @@ -1,25 +0,0 @@ -[allow_csp_from-header.html] - expected: TIMEOUT - [Same origin iframes with an empty Allow-CSP-From header get blocked.] - expected: FAIL - - [Same origin iframes without Allow-CSP-From header gets blocked.] - expected: FAIL - - [Same origin iframes are blocked if Allow-CSP-From does not match origin.] - expected: FAIL - - [Cross origin iframe with an empty Allow-CSP-From header gets blocked.] - expected: FAIL - - [Cross origin iframe without Allow-CSP-From header gets blocked.] - expected: FAIL - - [Iframe with improper Allow-CSP-From header gets blocked.] - expected: FAIL - - [Star Allow-CSP-From header enforces EmbeddingCSP.] - expected: TIMEOUT - - [Allow-CSP-From header enforces EmbeddingCSP.] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini deleted file mode 100644 index 31c147a6ece..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[blocked-iframe-are-cross-origin.html] - [Document blocked by embedded enforcement and its parent are cross-origin] - expected: FAIL - - [Two same-origin iframes must appear as cross-origin when one is blocked] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini deleted file mode 100644 index c8205878128..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[change-csp-attribute-and-history-navigation.html] - [Iframe csp attribute changed before history navigation of local scheme.] - expected: FAIL - - [Iframe csp attribute changed before history navigation of network scheme.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini deleted file mode 100644 index 551c76a0058..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini +++ /dev/null @@ -1,6 +0,0 @@ -[idlharness.window.html] - [HTMLIFrameElement interface: attribute csp] - expected: FAIL - - [HTMLIFrameElement interface: document.createElement("iframe") must inherit property "csp" with the proper type] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini deleted file mode 100644 index 000df37abc1..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[iframe-csp-attribute.html] - [<iframe> has a 'csp' attibute which is an empty string if undefined.] - expected: FAIL - - [<iframe>'s csp attribute is always a string.] - expected: FAIL - - [<iframe>'s 'csp content attribute reflects the IDL attribute.] - expected: FAIL - - [<iframe>'s IDL attribute reflects the DOM attribute.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini deleted file mode 100644 index 19ac0a5a7e6..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini +++ /dev/null @@ -1,27 +0,0 @@ -[required-csp-header-cascade.html] - [Test same origin: Test same policy for both iframes] - expected: FAIL - - [Test same origin: Test more restrictive policy on second iframe] - expected: FAIL - - [Test same origin: Test less restrictive policy on second iframe] - expected: FAIL - - [Test same origin: Test no policy on second iframe] - expected: FAIL - - [Test same origin: Test no policy on first iframe] - expected: FAIL - - [Test same origin: Test invalid policy on first iframe (bad directive name)] - expected: FAIL - - [Test same origin: Test invalid policy on first iframe (report directive)] - expected: FAIL - - [Test same origin: Test invalid policy on second iframe (bad directive name)] - expected: FAIL - - [Test same origin: Test invalid policy on second iframe (report directive)] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini deleted file mode 100644 index 784d7df63b8..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini +++ /dev/null @@ -1,141 +0,0 @@ -[required_csp-header.html] - [Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is not set on <iframe>.] - expected: FAIL - - [Test same origin: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.] - expected: FAIL - - [Test same origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.] - expected: FAIL - - [Test cross origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.] - expected: FAIL - - [Test Required-CSP value on `csp` change: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.] - expected: FAIL - - [Test same origin: Send Sec-Required-CSP Header on change of `src` attribute on iframe.] - expected: FAIL - - [Test same origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.] - expected: FAIL - - [Test cross origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP Header on change of `src` attribute on iframe.] - expected: FAIL - - [Test Required-CSP value on `csp` change: Send Sec-Required-CSP Header on change of `src` attribute on iframe.] - expected: FAIL - - [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp] - expected: FAIL - - [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp] - expected: FAIL - - [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp] - expected: FAIL - - [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name] - expected: FAIL - - [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name] - expected: FAIL - - [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name] - expected: FAIL - - [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives] - expected: FAIL - - [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives] - expected: FAIL - - [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives] - expected: FAIL - - [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none'] - expected: FAIL - - [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none'] - expected: FAIL - - [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none'] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none'] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none'] - expected: FAIL - - [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path] - expected: FAIL - - [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path] - expected: FAIL - - [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path] - expected: FAIL - - [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon] - expected: FAIL - - [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon] - expected: FAIL - - [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon] - expected: FAIL - - [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - comma separated] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - invalid characters in directive names] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - invalid character in directive name] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - report-uri present] - expected: FAIL - - [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - report-to present] - expected: FAIL - - [Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is longer than 4096 bytes] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini deleted file mode 100644 index 17be9612c26..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini +++ /dev/null @@ -1,21 +0,0 @@ -[subsumption_algorithm-general.html] - [Iframe with empty returned CSP should be blocked.] - expected: FAIL - - [Iframe with less restricting CSP should be blocked.] - expected: FAIL - - [Iframe with a different CSP should be blocked.] - expected: FAIL - - [Host wildcard *.a.com does not match a.com] - expected: FAIL - - [Iframe should block if intersection allows sources which are not in required_csp.] - expected: FAIL - - [Iframe should block if intersection allows sources which are not in required_csp (other ordering).] - expected: FAIL - - [Removed plugin-types directive should be ignored 3.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini deleted file mode 100644 index 52a06599411..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[subsumption_algorithm-hashes.html] - [Returned should not include hashes not present in required csp.] - expected: FAIL - - [Hashes do not have to be present in returned csp but must not allow all inline behavior.] - expected: FAIL - - [Other expressions have to be subsumed.] - expected: FAIL - - [Required csp must allow 'sha256-abc123'.] - expected: FAIL - - [Effective policy is properly found where 'sha256-abc123' is not subsumed.] - expected: FAIL - - ['sha256-abc123' is not subsumed by 'sha256-abc456'.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini deleted file mode 100644 index d45034b98bb..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[subsumption_algorithm-host_sources-hosts.html] - [Host must match.] - expected: FAIL - - [Hosts without wildcards must match.] - expected: FAIL - - [More specific subdomain should not match.] - expected: FAIL - - [Specified host should not match a wildcard host.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini deleted file mode 100644 index a209654a16a..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[subsumption_algorithm-host_sources-paths.html] - [Returned CSP must specify a path.] - expected: FAIL - - [Empty path is not subsumed by specified paths.] - expected: FAIL - - [That should not be true when required csp specifies a specific page.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini deleted file mode 100644 index 71eee1cc3a6..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[subsumption_algorithm-host_sources-ports.html] - [Specified ports must match.] - expected: FAIL - - [Returned CSP should be subsumed if the port is specified but is not default for a more secure scheme.] - expected: FAIL - - [Wildcard port should not be subsumed by a default port.] - expected: FAIL - - [Wildcard port should not be subsumed by a spcified port.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini deleted file mode 100644 index 7667e7f2f15..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[subsumption_algorithm-host_sources-protocols.html] - [`https` is more restrictive than `http`.] - expected: FAIL - - [`http:` does not subsume other protocols.] - expected: FAIL - - [If scheme source is present in returned csp, it must be specified in required csp too.] - expected: FAIL - - [All scheme sources must be subsumed.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini deleted file mode 100644 index beac34a684b..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[subsumption_algorithm-nonces.html] - [A nonce has to be returned if required by the embedder.] - expected: FAIL - - [Nonce intersection is still done on exact match - matching nonces.] - expected: FAIL - - [Other expressions still have to be subsumed - negative test] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini deleted file mode 100644 index 32ef4ddd0df..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini +++ /dev/null @@ -1,21 +0,0 @@ -[subsumption_algorithm-none.html] - [Required policy that allows `none` does not subsume empty list of policies.] - expected: FAIL - - [Required csp with effective `none` does not subsume a host source expression.] - expected: FAIL - - [Required csp with `none` does not subsume a host source expression.] - expected: FAIL - - [Required csp with effective `none` does not subsume `none` of another directive.] - expected: FAIL - - [Required csp with `none` does not subsume `none` of another directive.] - expected: FAIL - - [Required csp with `none` does not subsume `none` of different directives.] - expected: FAIL - - [Both required and returned csp are `none` for only one directive.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini deleted file mode 100644 index 6fc6208a3db..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[subsumption_algorithm-self.html] - [Returned CSP must not allow 'self' if required CSP does not.] - expected: FAIL - - [Returned 'self' should not be subsumed by a more secure version of origin's url.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini deleted file mode 100644 index bb05e009d9e..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini +++ /dev/null @@ -1,45 +0,0 @@ -[subsumption_algorithm-source_list-wildcards.html] - [Wildcard does not subsume empty list.] - expected: FAIL - - [Empty source list does not subsume a wildcard source list.] - expected: FAIL - - ['none' does not subsume a wildcard source list.] - expected: FAIL - - [Wildcard source list does not subsume `data:` scheme source expression.] - expected: FAIL - - [Wildcard source list does not subsume `blob:` scheme source expression.] - expected: FAIL - - [Source expressions do not subsume effective nonce expressions.] - expected: FAIL - - [Wildcard source list is not subsumed by a host expression.] - expected: FAIL - - [Wildcard list with keywords is not subsumed by a wildcard list.] - expected: FAIL - - [Wildcard list with 'unsafe-hashes' is not subsumed by a wildcard list.] - expected: FAIL - - [Wildcard list with 'unsafe-inline' is not subsumed by a wildcard list.] - expected: FAIL - - [Wildcard list with 'unsafe-eval' is not subsumed by a wildcard list.] - expected: FAIL - - [Wildcard list with 'unsafe-eval' is not subsumed by list with a single expression.] - expected: FAIL - - [The same as above but for 'unsafe-inline'.] - expected: FAIL - - [`data:` is not subsumed by a wildcard list.] - expected: FAIL - - [`blob:` is not subsumed by a wildcard list.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini deleted file mode 100644 index 1ac21eb5c3f..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[subsumption_algorithm-strict_dynamic.html] - ['strict-dynamic' is effective only for `script-src`.] - expected: FAIL - - ['strict-dynamic' is properly handled for finding effective policy.] - expected: FAIL - - ['strict-dynamic' has to be allowed by required csp if it is present in returned csp.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini deleted file mode 100644 index e5f8147c981..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[subsumption_algorithm-unsafe_eval.html] - [No other keyword has the same effect as 'unsafe-eval'.] - expected: FAIL - - [Other expressions have to be subsumed.] - expected: FAIL - - [Required csp must allow 'unsafe-eval'.] - expected: FAIL - - [Effective policy is properly found where 'unsafe-eval' is not subsumed.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini deleted file mode 100644 index be8fe1e17a1..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[subsumption_algorithm-unsafe_hashes.html] - [No other keyword has the same effect as 'unsafe-hashes'.] - expected: FAIL - - [Other expressions have to be subsumed.] - expected: FAIL - - [Required csp must allow 'unsafe-hashes'.] - expected: FAIL - - [Effective policy is properly found where 'unsafe-hashes' is not subsumed.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini deleted file mode 100644 index 7921da71005..00000000000 --- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[subsumption_algorithm-unsafe_inline.html?9-last] - [Required csp allows `strict-dynamic`, but retuned csp does.] - expected: FAIL - - [Required csp does not allow `unsafe-inline`, but retuned csp does.] - expected: FAIL - - [Returned csp allows a nonce.] - expected: FAIL - - [Returned csp allows a hash.] - expected: FAIL - - [Effective returned csp allows 'unsafe-inline'] - expected: FAIL - - -[subsumption_algorithm-unsafe_inline.html?1-8] diff --git a/tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini b/tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini new file mode 100644 index 00000000000..493d04ea590 --- /dev/null +++ b/tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini @@ -0,0 +1,3 @@ +[frame-ancestors-path-ignored.window.html] + [A 'frame-ancestors' CSP directive with a URL that includes a path should be ignored.] + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini b/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini index 84d3f383610..b22b217fc25 100644 --- a/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini +++ b/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini @@ -1,3 +1,4 @@ [frame-src-cross-origin-same-document-navigation.window.html] + expected: OK [frame-src-cross-origin-same-document-navigation] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini b/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini index 50fb992352a..f4f10d1a85c 100644 --- a/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini @@ -1,7 +1,6 @@ [304-response-should-update-csp.sub.html] - expected: TIMEOUT [Test that the first frame does not use nonce def] - expected: NOTRUN + expected: FAIL [Test that the second frame does not use nonce abc] - expected: NOTRUN + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini b/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini deleted file mode 100644 index 69bab8d00c4..00000000000 --- a/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[directive-name-case-insensitive.sub.html] - [Test that the www2 image throws a violation event] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini b/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini index 78c6e629154..cb39752b7cf 100644 --- a/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini @@ -1,3 +1,4 @@ [media-src-7_1_2.sub.html] + expected: TIMEOUT [Test that securitypolicyviolation events are fired] - expected: FAIL + expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini b/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini index 7985a3a7478..790f54981cc 100644 --- a/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini @@ -2,6 +2,3 @@ expected: TIMEOUT [Disallowed audio source element] expected: NOTRUN - - [Test that securitypolicyviolation events are fired] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini index afee3a14784..8ea44b08e0b 100644 --- a/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini @@ -1,8 +1,5 @@ [media-src-blocked.sub.html] expected: TIMEOUT - [Disallowed async video src] - expected: FAIL - [Disallowed async video source element] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/parsing/invalid-directive.html.ini b/tests/wpt/meta/content-security-policy/parsing/invalid-directive.html.ini deleted file mode 100644 index 8d9f04e0f62..00000000000 --- a/tests/wpt/meta/content-security-policy/parsing/invalid-directive.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[invalid-directive.html] - expected: TIMEOUT - [Even if an unknown directive is specified, img-src is honored.] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini index 507866f56bd..950bcfb5a23 100644 --- a/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini @@ -1,7 +1,4 @@ [report-to-directive-allowed-in-meta.https.sub.html] - [Event is fired] - expected: FAIL - [Report is observable to ReportingObserver] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini deleted file mode 100644 index b364374296d..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html] - [Event is fired] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini deleted file mode 100644 index 430f81a94a9..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[reporting-api-report-to-overrides-report-uri-1.https.sub.html] - [Event is fired] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini deleted file mode 100644 index b33bec4e299..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[reporting-api-report-to-overrides-report-uri-2.https.sub.html] - [Event is fired] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini index 6aca7743484..2e2c16c80c7 100644 --- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini @@ -1,7 +1,4 @@ [reporting-api-sends-reports-on-violation.https.sub.html] - [Event is fired] - expected: FAIL - [Report is observable to ReportingObserver] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html.ini deleted file mode 100644 index 7d63c9c4aa8..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-attr-blocked-src-allowed.html] - expected: TIMEOUT - [Should fire a security policy violation event] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html.ini deleted file mode 100644 index 26cdda4bcb0..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-elem-allowed-attr-blocked.html] - expected: TIMEOUT - [Should fire a security policy violation for the attribute] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html.ini deleted file mode 100644 index dbcc0e32fea..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-elem-blocked-attr-allowed.html] - expected: TIMEOUT - [Should fire a security policy violation for the attribute] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html.ini deleted file mode 100644 index 2b588c54a1b..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-elem-blocked-src-allowed.html] - expected: TIMEOUT - [Should fire a spv event] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html.ini deleted file mode 100644 index d9d532f939f..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[strict-dynamic-elem-blocked-src-allowed.sub.html] - [Should fire a security policy violation event] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini deleted file mode 100644 index a238a868a00..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[injected-inline-script-blocked.sub.html] - [Expecting logs: ["violated-directive=script-src-elem","blocked-uri=inline"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini deleted file mode 100644 index 539ba1d3fe6..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini +++ /dev/null @@ -1,7 +0,0 @@ -[script-src-1_1.html] - expected: TIMEOUT - [Inline event handler] - expected: FAIL - - [Should fire policy violation events] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini deleted file mode 100644 index 3b78af2b156..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini +++ /dev/null @@ -1,7 +0,0 @@ -[script-src-1_2.html] - expected: TIMEOUT - [Inline event handler] - expected: FAIL - - [Should fire policy violation events] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini deleted file mode 100644 index b67e9008738..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-1_2_1.html] - expected: TIMEOUT - [Test that securitypolicyviolation event is fired] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini index 64a53f8c449..33ba231777c 100644 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini +++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini @@ -1,4 +1,3 @@ [script-src-strict_dynamic_double_policy_different_nonce.html] - expected: TIMEOUT [Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.] - expected: TIMEOUT + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini index 6a8346f0e25..c9d74462151 100644 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini @@ -1,4 +1,3 @@ [script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html] - expected: TIMEOUT [Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy.] - expected: TIMEOUT + expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini index eaee0eea6e0..77fdfb89f19 100644 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini +++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini @@ -1,5 +1,5 @@ [script-src-strict_dynamic_meta_tag.html] - expected: TIMEOUT + expected: ERROR [Script injected via `appendChild` populated via `textContent` is allowed with `strict-dynamic`.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini index f25fbbe74d1..ca8b9d7bd1f 100644 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini +++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini @@ -1,5 +1,5 @@ [script-src-strict_dynamic_non_parser_inserted.html] - expected: TIMEOUT + expected: ERROR [Script injected via `appendChild` populated via `textContent` is allowed with `strict-dynamic`.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini deleted file mode 100644 index 95e07a69fd6..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html] - expected: TIMEOUT - [All the expected CSP violation reports have been fired.] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini deleted file mode 100644 index 9884e4545fd..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[scripthash-unicode-normalization.sub.html] - expected: TIMEOUT - [Should fire securitypolicyviolation] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini deleted file mode 100644 index ebb9846200d..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[scriptnonce-and-scripthash.sub.html] - expected: TIMEOUT - [Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"\]] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini deleted file mode 100644 index a002d68b3a0..00000000000 --- a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[scriptnonce-ignore-unsafeinline.sub.html] - expected: TIMEOUT - [Expecting alerts: ["PASS (1/2)","PASS (2/2)", "violated-directive=script-src-elem"\]] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini index a7ebd4aff51..b12f81377d1 100644 --- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini @@ -1,5 +1,5 @@ [script-sample-no-opt-in.html] - expected: ERROR + expected: TIMEOUT [Inline script should not have a sample.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini index d5f06d70c53..f4c315396f6 100644 --- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini +++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini @@ -1,5 +1,5 @@ [script-sample.html] - expected: ERROR + expected: TIMEOUT [Inline script should have a sample.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini deleted file mode 100644 index 1b173ed7507..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script_event_handlers_denied_missing_unsafe_hashes.html] - expected: TIMEOUT - [Test that the inline event handler is not allowed to run] - expected: NOTRUN diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini deleted file mode 100644 index 85499b57550..00000000000 --- a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[script_event_handlers_denied_wrong_hash.html] - expected: TIMEOUT - [Test that the inline event handler is not allowed to run] - expected: NOTRUN |