diff options
1167 files changed, 35128 insertions, 905 deletions
diff --git a/tests/wpt/metadata/FileAPI/progress.html.ini b/tests/wpt/metadata/FileAPI/progress.html.ini deleted file mode 100644 index 4a68bc13c80..00000000000 --- a/tests/wpt/metadata/FileAPI/progress.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[progress.html] - type: testharness - expected: TIMEOUT diff --git a/tests/wpt/metadata/MANIFEST.json b/tests/wpt/metadata/MANIFEST.json index af4492b4578..fd59fcd9568 100644 --- a/tests/wpt/metadata/MANIFEST.json +++ b/tests/wpt/metadata/MANIFEST.json @@ -66,6 +66,10 @@ "url": "/FileAPI/idlharness-manual.html" }, { + "path": "FileAPI/progress-manual.html", + "url": "/FileAPI/progress-manual.html" + }, + { "path": "FileAPI/reading-data-section/filereader_file-manual.html", "url": "/FileAPI/reading-data-section/filereader_file-manual.html" }, @@ -730,6 +734,10 @@ "url": "/html/semantics/grouping-content/the-li-element/grouping-li-novalue-manual.html" }, { + "path": "html/webappapis/system-state-and-capabilities/the-navigator-object/get-navigatorlanguage-manual.html", + "url": "/html/webappapis/system-state-and-capabilities/the-navigator-object/get-navigatorlanguage-manual.html" + }, + { "path": "mediacapture-streams/mediastreams-as-media-elements/video-assignment-manual.html", "url": "/mediacapture-streams/mediastreams-as-media-elements/video-assignment-manual.html" }, @@ -3154,6 +3162,10 @@ "url": "/touch-events/single-touch-manual.html" }, { + "path": "uievents/order-of-events/mouse-events/mouseevents-mousemove-manual.htm", + "url": "/uievents/order-of-events/mouse-events/mouseevents-mousemove-manual.htm" + }, + { "path": "vibration/cancel-when-hidden-manual.html", "url": "/vibration/cancel-when-hidden-manual.html" }, @@ -10462,10 +10474,6 @@ "url": "/FileAPI/idlharness.html" }, { - "path": "FileAPI/progress.html", - "url": "/FileAPI/progress.html" - }, - { "path": "FileAPI/reading-data-section/Determining-Encoding.html", "url": "/FileAPI/reading-data-section/Determining-Encoding.html" }, @@ -11578,6 +11586,10 @@ "url": "/XMLHttpRequest/event-abort.htm" }, { + "path": "XMLHttpRequest/event-error.html", + "url": "/XMLHttpRequest/event-error.html" + }, + { "path": "XMLHttpRequest/event-load.htm", "url": "/XMLHttpRequest/event-load.htm" }, @@ -11838,6 +11850,14 @@ "url": "/XMLHttpRequest/response-json.htm" }, { + "path": "XMLHttpRequest/response-method.htm", + "url": "/XMLHttpRequest/response-method.htm" + }, + { + "path": "XMLHttpRequest/responseText-status.html", + "url": "/XMLHttpRequest/responseText-status.html" + }, + { "path": "XMLHttpRequest/responsetext-decoding.htm", "url": "/XMLHttpRequest/responsetext-decoding.htm" }, @@ -12190,6 +12210,442 @@ "url": "/battery-status/battery-promise.html" }, { + "path": "content-security-policy/blink-contrib-2/base-uri-allow.sub.html", + "url": "/content-security-policy/blink-contrib-2/base-uri-allow.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/base-uri-deny.sub.html", + "url": "/content-security-policy/blink-contrib-2/base-uri-deny.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/meta-outside-head.sub.html", + "url": "/content-security-policy/blink-contrib-2/meta-outside-head.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html", + "url": "/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html", + "url": "/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html", + "url": "/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html", + "url": "/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scripthash-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html", + "url": "/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html", + "url": "/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html", + "url": "/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html", + "url": "/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html", + "url": "/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html", + "url": "/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html", + "url": "/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html", + "url": "/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html", + "url": "/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/stylehash-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html", + "url": "/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html", + "url": "/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html", + "url": "/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/blob-urls-match-blob.sub.html", + "url": "/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/combine-multiple-policies.sub.html", + "url": "/content-security-policy/blink-contrib/combine-multiple-policies.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/default-src-inline-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/default-src-inline-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/duplicate-directive.sub.html", + "url": "/content-security-policy/blink-contrib/duplicate-directive.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/eval-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html", + "url": "/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/eval-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html", + "url": "/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html", + "url": "/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html", + "url": "/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/function-constructor-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/function-constructor-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/function-constructor-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/function-constructor-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/image-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/image-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/image-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/image-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html", + "url": "/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/inline-style-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/inline-style-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html", + "url": "/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/inline-style-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/inline-style-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/media-src-track-block.sub.html", + "url": "/content-security-policy/blink-contrib/media-src-track-block.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html", + "url": "/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-applet-archive.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-applet-archive.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-applet-code.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-applet-code.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-url-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-url-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/object-src-url-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/object-src-url-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/report-blocked-data-uri.sub.html", + "url": "/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html", + "url": "/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html", + "url": "/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html", + "url": "/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html", + "url": "/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/report-uri-from-javascript.sub.html", + "url": "/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html", + "url": "/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html", + "url": "/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html", + "url": "/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/style-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/style-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/style-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/style-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html", + "url": "/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-eval-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/worker-eval-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-function-function-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-script-src.sub.html", + "url": "/content-security-policy/blink-contrib/worker-script-src.sub.html" + }, + { + "path": "content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html", + "url": "/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html" + }, + { "path": "content-security-policy/generic/generic-0_1-img-src.html", "url": "/content-security-policy/generic/generic-0_1-img-src.html" }, @@ -12730,6 +13186,18 @@ "url": "/dom/nodes/CharacterData-substringData.html" }, { + "path": "dom/nodes/ChildNode-after.html", + "url": "/dom/nodes/ChildNode-after.html" + }, + { + "path": "dom/nodes/ChildNode-before.html", + "url": "/dom/nodes/ChildNode-before.html" + }, + { + "path": "dom/nodes/ChildNode-replaceWith.html", + "url": "/dom/nodes/ChildNode-replaceWith.html" + }, + { "path": "dom/nodes/Comment-constructor.html", "url": "/dom/nodes/Comment-constructor.html" }, @@ -13150,14 +13618,14 @@ "url": "/dom/nodes/Node-isEqualNode.xhtml" }, { - "path": "dom/nodes/Node-lookupPrefix.xhtml", - "url": "/dom/nodes/Node-lookupPrefix.xhtml" - }, - { "path": "dom/nodes/Node-lookupNamespaceURI.html", "url": "/dom/nodes/Node-lookupNamespaceURI.html" }, { + "path": "dom/nodes/Node-lookupPrefix.xhtml", + "url": "/dom/nodes/Node-lookupPrefix.xhtml" + }, + { "path": "dom/nodes/Node-nodeName.html", "url": "/dom/nodes/Node-nodeName.html" }, @@ -13198,6 +13666,14 @@ "url": "/dom/nodes/Node-textContent.html" }, { + "path": "dom/nodes/ParentNode-append.html", + "url": "/dom/nodes/ParentNode-append.html" + }, + { + "path": "dom/nodes/ParentNode-prepend.html", + "url": "/dom/nodes/ParentNode-prepend.html" + }, + { "path": "dom/nodes/ParentNode-querySelector-All.html", "url": "/dom/nodes/ParentNode-querySelector-All.html" }, @@ -13222,6 +13698,10 @@ "url": "/dom/nodes/Text-splitText.html" }, { + "path": "dom/nodes/append-on-Document.html", + "url": "/dom/nodes/append-on-Document.html" + }, + { "path": "dom/nodes/attributes.html", "url": "/dom/nodes/attributes.html" }, @@ -13346,6 +13826,10 @@ "url": "/dom/nodes/getElementsByClassName-31.htm" }, { + "path": "dom/nodes/prepend-on-Document.html", + "url": "/dom/nodes/prepend-on-Document.html" + }, + { "path": "dom/ranges/Range-commonAncestorContainer-2.html", "url": "/dom/ranges/Range-commonAncestorContainer-2.html" }, @@ -16122,6 +16606,14 @@ "url": "/html/semantics/embedded-content/the-canvas-element/size.attributes.style.html" }, { + "path": "html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html", + "url": "/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html" + }, + { + "path": "html/semantics/embedded-content/the-canvas-element/toBlob.png.html", + "url": "/html/semantics/embedded-content/the-canvas-element/toBlob.png.html" + }, + { "path": "html/semantics/embedded-content/the-canvas-element/toDataURL.arguments.1.html", "url": "/html/semantics/embedded-content/the-canvas-element/toDataURL.arguments.1.html" }, @@ -16970,6 +17462,10 @@ "url": "/html/semantics/tabular-data/the-table-element/createTBody.html" }, { + "path": "html/semantics/tabular-data/the-table-element/delete-caption.html", + "url": "/html/semantics/tabular-data/the-table-element/delete-caption.html" + }, + { "path": "html/semantics/tabular-data/the-table-element/insertRow-method-01.html", "url": "/html/semantics/tabular-data/the-table-element/insertRow-method-01.html" }, @@ -17358,6 +17854,10 @@ "url": "/html/webappapis/system-state-and-capabilities/the-navigator-object/navigator-indexed.html" }, { + "path": "html/webappapis/system-state-and-capabilities/the-navigator-object/navigatorlanguage.html", + "url": "/html/webappapis/system-state-and-capabilities/the-navigator-object/navigatorlanguage.html" + }, + { "path": "html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.html", "url": "/html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.html" }, @@ -17702,6 +18202,994 @@ "url": "/microdata/microdata-dom-api/001.html" }, { + "path": "mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html" + }, + { + "path": "mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html", + "url": "/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html", + "url": "/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html", + "url": "/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html" + }, + { + "path": "mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html", + "url": "/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html" + }, + { "path": "navigation-timing/idlharness.html", "url": "/navigation-timing/idlharness.html" }, @@ -18674,6 +20162,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html" }, @@ -18722,6 +20222,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html" }, @@ -18770,6 +20282,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html" }, @@ -18818,6 +20342,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html" }, @@ -18866,6 +20402,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html" }, @@ -18914,6 +20462,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html" }, @@ -18962,6 +20522,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html" }, @@ -19010,6 +20582,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html" }, @@ -19058,6 +20642,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html" }, @@ -19106,6 +20702,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html" }, @@ -19154,6 +20762,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html" }, @@ -19202,6 +20822,18 @@ "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html" }, @@ -19250,6 +20882,18 @@ "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19298,6 +20942,18 @@ "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19346,6 +21002,18 @@ "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19394,6 +21062,18 @@ "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19442,6 +21122,18 @@ "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19490,6 +21182,18 @@ "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19538,6 +21242,18 @@ "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19586,6 +21302,18 @@ "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19634,6 +21362,18 @@ "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19682,6 +21422,18 @@ "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19730,6 +21482,18 @@ "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19778,6 +21542,18 @@ "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19826,6 +21602,18 @@ "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19874,6 +21662,18 @@ "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19922,6 +21722,18 @@ "url": "/referrer-policy/origin-only/http-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -19970,6 +21782,18 @@ "url": "/referrer-policy/origin-only/http-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20018,6 +21842,18 @@ "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20066,6 +21902,18 @@ "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20114,6 +21962,18 @@ "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20162,6 +22022,18 @@ "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20210,6 +22082,18 @@ "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20258,6 +22142,18 @@ "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20306,6 +22202,18 @@ "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20354,6 +22262,18 @@ "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-only/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-only/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -20402,6 +22322,18 @@ "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html" }, @@ -20450,6 +22382,18 @@ "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html" }, @@ -20498,6 +22442,18 @@ "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html" }, @@ -20578,6 +22534,34 @@ "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html" }, @@ -20658,6 +22642,18 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html" }, @@ -20706,6 +22702,18 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html" }, @@ -20754,6 +22762,18 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html" }, @@ -20834,6 +22854,34 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html" }, @@ -20914,6 +22962,18 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html" }, @@ -20962,6 +23022,18 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html" }, @@ -21010,6 +23082,18 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html" }, @@ -21090,6 +23174,34 @@ "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html" + }, + { + "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html", + "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html", "url": "/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html" }, @@ -21170,6 +23282,18 @@ "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21218,6 +23342,18 @@ "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21266,6 +23402,18 @@ "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21314,6 +23462,18 @@ "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21362,6 +23522,18 @@ "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21410,6 +23582,18 @@ "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21458,6 +23642,18 @@ "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21506,6 +23702,18 @@ "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21554,6 +23762,18 @@ "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21602,6 +23822,18 @@ "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21650,6 +23882,18 @@ "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21698,6 +23942,18 @@ "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21746,6 +24002,18 @@ "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21794,6 +24062,18 @@ "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21842,6 +24122,18 @@ "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21890,6 +24182,18 @@ "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21938,6 +24242,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -21986,6 +24302,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -22034,6 +24362,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -22082,6 +24422,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -22130,6 +24482,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -22178,6 +24542,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -22226,6 +24602,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html" }, @@ -22274,6 +24662,18 @@ "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html" }, { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html" + }, + { + "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html", + "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html" + }, + { "path": "referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html", "url": "/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html" }, @@ -23066,14 +25466,6 @@ "url": "/webgl/uniformMatrixNfv.html" }, { - "path": "webmessaging/Channel_MessagePort_initial_disabled.htm", - "url": "/webmessaging/Channel_MessagePort_initial_disabled.htm" - }, - { - "path": "webmessaging/Channel_MessagePort_onmessage_start.htm", - "url": "/webmessaging/Channel_MessagePort_onmessage_start.htm" - }, - { "path": "webmessaging/Channel_postMessage_DataCloneErr.htm", "url": "/webmessaging/Channel_postMessage_DataCloneErr.htm" }, @@ -23102,6 +25494,14 @@ "url": "/webmessaging/MessageEvent_properties.htm" }, { + "path": "webmessaging/MessagePort_initial_disabled.htm", + "url": "/webmessaging/MessagePort_initial_disabled.htm" + }, + { + "path": "webmessaging/MessagePort_onmessage_start.htm", + "url": "/webmessaging/MessagePort_onmessage_start.htm" + }, + { "path": "webmessaging/Transferred_objects_unusable.sub.htm", "url": "/webmessaging/Transferred_objects_unusable.sub.htm" }, @@ -24154,6 +26554,10 @@ "url": "/websockets/interfaces/WebSocket/url/006.html" }, { + "path": "websockets/interfaces/WebSocket/url/resolve.html", + "url": "/websockets/interfaces/WebSocket/url/resolve.html" + }, + { "path": "websockets/opening-handshake/001.html", "url": "/websockets/opening-handshake/001.html" }, @@ -24298,10 +26702,6 @@ "url": "/webstorage/storage_local_window_open.html" }, { - "path": "webstorage/storage_local_window_open_second.html", - "url": "/webstorage/storage_local_window_open_second.html" - }, - { "path": "webstorage/storage_removeitem.html", "url": "/webstorage/storage_removeitem.html" }, @@ -24310,10 +26710,6 @@ "url": "/webstorage/storage_session_window_open.html" }, { - "path": "webstorage/storage_session_window_open_second.html", - "url": "/webstorage/storage_session_window_open_second.html" - }, - { "path": "webstorage/storage_set_value_enumerate.html", "url": "/webstorage/storage_set_value_enumerate.html" }, @@ -24374,14 +26770,6 @@ "url": "/webvtt/webvtt-file-format-parsing/webvtt-file-parsing/001.html" }, { - "path": "workers/MessagePort_initial_disabled.htm", - "url": "/workers/MessagePort_initial_disabled.htm" - }, - { - "path": "workers/MessagePort_onmessage_start.htm", - "url": "/workers/MessagePort_onmessage_start.htm" - }, - { "path": "workers/WorkerGlobalScope_ErrorEvent_colno.htm", "url": "/workers/WorkerGlobalScope_ErrorEvent_colno.htm" }, @@ -26471,16 +28859,7 @@ }, "local_changes": { "deleted": [], - "items": { - "testharness": { - "websockets/interfaces/WebSocket/url/resolve.html": [ - { - "path": "websockets/interfaces/WebSocket/url/resolve.html", - "url": "/websockets/interfaces/WebSocket/url/resolve.html" - } - ] - } - }, + "items": {}, "reftest_nodes": {} }, "reftest_nodes": { @@ -31945,7 +34324,7 @@ } ] }, - "rev": "87398b8448f699e3e324148795891658f2fa16dd", + "rev": "5e3ea8f49fee68c327388bfd1dd1375a8ce12a0e", "url_base": "/", "version": 2 -} +}
\ No newline at end of file diff --git a/tests/wpt/metadata/XMLHttpRequest/response-method.htm.ini b/tests/wpt/metadata/XMLHttpRequest/response-method.htm.ini new file mode 100644 index 00000000000..2de47416cc3 --- /dev/null +++ b/tests/wpt/metadata/XMLHttpRequest/response-method.htm.ini @@ -0,0 +1,5 @@ +[response-method.htm] + type: testharness + [HEAD] + expected: FAIL + diff --git a/tests/wpt/metadata/XMLHttpRequest/send-authentication-basic-setrequestheader.htm.ini b/tests/wpt/metadata/XMLHttpRequest/send-authentication-basic-setrequestheader.htm.ini new file mode 100644 index 00000000000..52962976252 --- /dev/null +++ b/tests/wpt/metadata/XMLHttpRequest/send-authentication-basic-setrequestheader.htm.ini @@ -0,0 +1,5 @@ +[send-authentication-basic-setrequestheader.htm] + type: testharness + [XMLHttpRequest: send() - "Basic" authenticated request using setRequestHeader()] + expected: FAIL + diff --git a/tests/wpt/metadata/dom/nodes/ChildNode-after.html.ini b/tests/wpt/metadata/dom/nodes/ChildNode-after.html.ini new file mode 100644 index 00000000000..e0ebd79a258 --- /dev/null +++ b/tests/wpt/metadata/dom/nodes/ChildNode-after.html.ini @@ -0,0 +1,11 @@ +[ChildNode-after.html] + type: testharness + [Comment.after() with one sibling of child and text as arguments.] + expected: FAIL + + [Element.after() with one sibling of child and text as arguments.] + expected: FAIL + + [Text.after() with one sibling of child and text as arguments.] + expected: FAIL + diff --git a/tests/wpt/metadata/dom/nodes/ChildNode-before.html.ini b/tests/wpt/metadata/dom/nodes/ChildNode-before.html.ini new file mode 100644 index 00000000000..1697b57bbff --- /dev/null +++ b/tests/wpt/metadata/dom/nodes/ChildNode-before.html.ini @@ -0,0 +1,11 @@ +[ChildNode-before.html] + type: testharness + [Comment.before() with context object itself as the argument.] + expected: FAIL + + [Element.before() with context object itself as the argument.] + expected: FAIL + + [Text.before() with context object itself as the argument.] + expected: FAIL + diff --git a/tests/wpt/metadata/dom/nodes/ChildNode-replaceWith.html.ini b/tests/wpt/metadata/dom/nodes/ChildNode-replaceWith.html.ini new file mode 100644 index 00000000000..5c76bf364ac --- /dev/null +++ b/tests/wpt/metadata/dom/nodes/ChildNode-replaceWith.html.ini @@ -0,0 +1,11 @@ +[ChildNode-replaceWith.html] + type: testharness + [Comment.replaceWith() with one sibling of child and child itself as arguments.] + expected: FAIL + + [Element.replaceWith() with one sibling of child and child itself as arguments.] + expected: FAIL + + [Text.replaceWith() with one sibling of child and child itself as arguments.] + expected: FAIL + diff --git a/tests/wpt/metadata/html/infrastructure/urls/terminology-0/document-base-url.html.ini b/tests/wpt/metadata/html/infrastructure/urls/terminology-0/document-base-url.html.ini index a9ce512b7d8..99f69acae2d 100644 --- a/tests/wpt/metadata/html/infrastructure/urls/terminology-0/document-base-url.html.ini +++ b/tests/wpt/metadata/html/infrastructure/urls/terminology-0/document-base-url.html.ini @@ -4,12 +4,12 @@ [The document base URL of a document containing one or more base elements with href attributes is the frozen base URL of the first base element in the document that has an href attribute, in tree order.] expected: FAIL - [The fallback base URL of a document containing no base element is the document's address.] - expected: PASS - [The fallback base URL of a document whose address is about:blank is the document base URL of the creator document.] expected: TIMEOUT [The fallback base URL of an iframe srcdoc document is the document base URL of the document's browsing context's browsing context container's document.] expected: TIMEOUT + [about:blank with a base element.] + expected: TIMEOUT + diff --git a/tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html.ini b/tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html.ini new file mode 100644 index 00000000000..552163d5d1b --- /dev/null +++ b/tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html.ini @@ -0,0 +1,5 @@ +[toBlob.jpeg.html] + type: testharness + [toBlob with image/jpeg returns a JPEG Blob] + expected: FAIL + diff --git a/tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.png.html.ini b/tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.png.html.ini new file mode 100644 index 00000000000..7f3ca91f2c7 --- /dev/null +++ b/tests/wpt/metadata/html/semantics/embedded-content/the-canvas-element/toBlob.png.html.ini @@ -0,0 +1,5 @@ +[toBlob.png.html] + type: testharness + [toBlob with image/png returns a PNG Blob] + expected: FAIL + diff --git a/tests/wpt/metadata/html/semantics/tabular-data/the-table-element/delete-caption.html.ini b/tests/wpt/metadata/html/semantics/tabular-data/the-table-element/delete-caption.html.ini new file mode 100644 index 00000000000..58658cdd9c6 --- /dev/null +++ b/tests/wpt/metadata/html/semantics/tabular-data/the-table-element/delete-caption.html.ini @@ -0,0 +1,20 @@ +[delete-caption.html] + type: testharness + [deleteCaption() delete only caption on table] + expected: FAIL + + [deleteCaption() returns undefined] + expected: FAIL + + [deleteCaption()] + expected: FAIL + + [deleteCaption() does not throw any exceptions when called on a table without a caption] + expected: FAIL + + [deleteCaption() does not delete captions in descendent tables] + expected: FAIL + + [deleteCaption() handles captions from different namespaces] + expected: FAIL + diff --git a/tests/wpt/metadata/mozilla-sync b/tests/wpt/metadata/mozilla-sync index 42a6f02a9af..aea6bada764 100644 --- a/tests/wpt/metadata/mozilla-sync +++ b/tests/wpt/metadata/mozilla-sync @@ -1 +1 @@ -836463b9e03f441aaf213ff48c99d50d8c1be5a5
\ No newline at end of file +f52a4a292aa30b1dcb3e36812f82aeef1e2bdd20
\ No newline at end of file diff --git a/tests/wpt/metadata/url/url-constructor.html.ini b/tests/wpt/metadata/url/url-constructor.html.ini index e93502392fd..b8ff027163a 100644 --- a/tests/wpt/metadata/url/url-constructor.html.ini +++ b/tests/wpt/metadata/url/url-constructor.html.ini @@ -177,3 +177,6 @@ [Parsing: <sc://ñ.test/> against <about:blank>] expected: FAIL + [Parsing: <http://%30%78%63%30%2e%30%32%35%30.01%2e> against <http://other.com/>] + expected: FAIL + diff --git a/tests/wpt/metadata/webstorage/event_basic.html.ini b/tests/wpt/metadata/webstorage/event_basic.html.ini new file mode 100644 index 00000000000..daad83f1e5f --- /dev/null +++ b/tests/wpt/metadata/webstorage/event_basic.html.ini @@ -0,0 +1,8 @@ +[event_basic.html] + type: testharness + [sessionStorage mutations fire StorageEvents that are caught by the event listener set via window.onstorage.] + expected: FAIL + + [localStorage mutations fire StorageEvents that are caught by the event listener set via window.onstorage.] + expected: FAIL + diff --git a/tests/wpt/metadata/webstorage/event_body_attribute.html.ini b/tests/wpt/metadata/webstorage/event_body_attribute.html.ini new file mode 100644 index 00000000000..996df51b214 --- /dev/null +++ b/tests/wpt/metadata/webstorage/event_body_attribute.html.ini @@ -0,0 +1,8 @@ +[event_body_attribute.html] + type: testharness + [sessionStorage mutations fire StorageEvents that are caught by the event listener specified as an attribute on the body.] + expected: FAIL + + [localStorage mutations fire StorageEvents that are caught by the event listener specified as an attribute on the body.] + expected: FAIL + diff --git a/tests/wpt/metadata/webstorage/event_case_sensitive.html.ini b/tests/wpt/metadata/webstorage/event_case_sensitive.html.ini new file mode 100644 index 00000000000..de86046b9c5 --- /dev/null +++ b/tests/wpt/metadata/webstorage/event_case_sensitive.html.ini @@ -0,0 +1,9 @@ +[event_case_sensitive.html] + type: testharness + expected: TIMEOUT + [sessionStorage storage events fire even when only the case of the value changes.] + expected: TIMEOUT + + [localStorage storage events fire even when only the case of the value changes.] + expected: TIMEOUT + diff --git a/tests/wpt/metadata/webstorage/event_setattribute.html.ini b/tests/wpt/metadata/webstorage/event_setattribute.html.ini new file mode 100644 index 00000000000..f934b86f0b7 --- /dev/null +++ b/tests/wpt/metadata/webstorage/event_setattribute.html.ini @@ -0,0 +1,8 @@ +[event_setattribute.html] + type: testharness + [sessionStorage mutations fire StorageEvents that are caught by the event listener attached via setattribute.] + expected: FAIL + + [localStorage mutations fire StorageEvents that are caught by the event listener attached via setattribute.] + expected: FAIL + diff --git a/tests/wpt/metadata/webstorage/storage_local_window_open.html.ini b/tests/wpt/metadata/webstorage/storage_local_window_open.html.ini index 4cf4a59cd27..e8e80e3126b 100644 --- a/tests/wpt/metadata/webstorage/storage_local_window_open.html.ini +++ b/tests/wpt/metadata/webstorage/storage_local_window_open.html.ini @@ -1,5 +1,5 @@ [storage_local_window_open.html] type: testharness - [A new window to make sure there is a copy of the previous window's localStorage, and that they diverge after a change] + [A new window to make sure there is a copy of the previous window's localStorage, and that they do not diverge after a change] expected: FAIL diff --git a/tests/wpt/metadata/webstorage/storage_local_window_open_second.html.ini b/tests/wpt/metadata/webstorage/storage_local_window_open_second.html.ini deleted file mode 100644 index d174c62a22b..00000000000 --- a/tests/wpt/metadata/webstorage/storage_local_window_open_second.html.ini +++ /dev/null @@ -1,5 +0,0 @@ -[storage_local_window_open_second.html] - type: testharness - [A new window to make sure there is a copy of the previous window's localStorage, and that they diverge after a change] - expected: FAIL - diff --git a/tests/wpt/metadata/webstorage/storage_session_window_open_second.html.ini b/tests/wpt/metadata/webstorage/storage_session_window_open_second.html.ini deleted file mode 100644 index 46bffcd7fb0..00000000000 --- a/tests/wpt/metadata/webstorage/storage_session_window_open_second.html.ini +++ /dev/null @@ -1,5 +0,0 @@ -[storage_session_window_open_second.html] - type: testharness - [A new window to make sure there is a copy of the previous window's sessionStorage, and that they diverge after a change] - expected: FAIL - diff --git a/tests/wpt/metadata/workers/MessagePort_initial_disabled.htm.ini b/tests/wpt/metadata/workers/MessagePort_initial_disabled.htm.ini deleted file mode 100644 index 1718c77fbc3..00000000000 --- a/tests/wpt/metadata/workers/MessagePort_initial_disabled.htm.ini +++ /dev/null @@ -1,5 +0,0 @@ -[MessagePort_initial_disabled.htm] - type: testharness - [ MessageChannel: port message queue is initially disabled ] - expected: FAIL - diff --git a/tests/wpt/metadata/workers/MessagePort_onmessage_start.htm.ini b/tests/wpt/metadata/workers/MessagePort_onmessage_start.htm.ini deleted file mode 100644 index 5036ad4949f..00000000000 --- a/tests/wpt/metadata/workers/MessagePort_onmessage_start.htm.ini +++ /dev/null @@ -1,5 +0,0 @@ -[MessagePort_onmessage_start.htm] - type: testharness - [ MessageChannel: port.onmessage enables message queue ] - expected: FAIL - diff --git a/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_canvas_9.html b/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_canvas_9.html index 7cb61b67aee..8b48e644fb8 100644 --- a/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_canvas_9.html +++ b/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_canvas_9.html @@ -38,7 +38,6 @@ try { destCtx.fillRect(0, 0, destCanvas.width, destCanvas.height); } catch(err) { - console.err("Exception Thrown"); } </script> diff --git a/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_13.html b/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_13.html index 43f9512dbcf..1faecc32577 100644 --- a/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_13.html +++ b/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_13.html @@ -33,7 +33,6 @@ try { destCtx.fillRect(0, 0, destCanvas.width, destCanvas.height); } catch(err) { - console.log("Exception: " + err.message); } </script> diff --git a/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_9.html b/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_9.html index f0fc85d384a..73a872f0c55 100644 --- a/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_9.html +++ b/tests/wpt/web-platform-tests/2dcontext/drawing-images-to-the-canvas/drawimage_html_image_9.html @@ -32,7 +32,6 @@ try { destCtx.fillRect(0, 0, destCanvas.width, destCanvas.height); } catch(err) { - console.err("Exception Thrown"); } </script> diff --git a/tests/wpt/web-platform-tests/2dcontext/tools/tests.yaml b/tests/wpt/web-platform-tests/2dcontext/tools/tests.yaml index 4a89836c06f..00a9fbb2291 100644 --- a/tests/wpt/web-platform-tests/2dcontext/tools/tests.yaml +++ b/tests/wpt/web-platform-tests/2dcontext/tools/tests.yaml @@ -448,6 +448,23 @@ +- name: toBlob.png + desc: toBlob with image/png returns a PNG Blob + testing: + - toBlob.png + code: | + canvas.toBlob(function(data){ + @assert data.type === "image/png"; + }, 'image/png'); + +- name: toBlob.jpeg + desc: toBlob with image/jpeg returns a JPEG Blob + testing: + - toBlob.jpeg + code: | + canvas.toBlob(function(data){ + @assert data.type === "image/jpeg"; + }, 'image/jpeg'); - name: toDataURL.default desc: toDataURL with no arguments returns a PNG diff --git a/tests/wpt/web-platform-tests/FileAPI/progress.html b/tests/wpt/web-platform-tests/FileAPI/progress-manual.html index b2e03b3eb27..b2e03b3eb27 100644 --- a/tests/wpt/web-platform-tests/FileAPI/progress.html +++ b/tests/wpt/web-platform-tests/FileAPI/progress-manual.html diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/event-error.html b/tests/wpt/web-platform-tests/XMLHttpRequest/event-error.html new file mode 100644 index 00000000000..3f95bf58d56 --- /dev/null +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/event-error.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>XMLHttpRequest Test: event - error</title> +<link rel="author" title="Intel" href="http://www.intel.com"> +<meta name="assert" content="Check if event onerror is fired When the request has failed."> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> + +<div id="log"></div> + +<script> + +async_test(function (t) { + var client = new XMLHttpRequest(); + client.onerror = t.step_func(function(e) { + assert_true(e instanceof ProgressEvent); + assert_equals(e.type, "error"); + t.done(); + }); + + client.open("GET", "http://example.nonexist"); + client.send("null"); +}, document.title); + +</script> diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/getallresponseheaders-status.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/getallresponseheaders-status.htm index b4afc61c469..ec1aa9a8072 100644 --- a/tests/wpt/web-platform-tests/XMLHttpRequest/getallresponseheaders-status.htm +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/getallresponseheaders-status.htm @@ -12,6 +12,10 @@ var test = async_test() test.step(function() { var client = new XMLHttpRequest() + var headersUnsent = client.getAllResponseHeaders(); + test.step(function() { + assert_equals(headersUnsent, "") + }); client.onreadystatechange = function() { test.step(function() { var headers = client.getAllResponseHeaders().toLowerCase() diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/resources/echo-method.py b/tests/wpt/web-platform-tests/XMLHttpRequest/resources/echo-method.py new file mode 100644 index 00000000000..5351d1961ac --- /dev/null +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/resources/echo-method.py @@ -0,0 +1,6 @@ +def main(request, response): + response.send_body_for_head_request = True + headers = [("Content-type", "text/plain")] + content = request.method + + return headers, content diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/response-method.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/response-method.htm new file mode 100644 index 00000000000..1bf26bac79c --- /dev/null +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/response-method.htm @@ -0,0 +1,21 @@ +<!doctype html> +<html> + <head> + <title>XMLHttpRequest: influence of HTTP method on response</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <div id="log"></div> + <script> + ["GET", "HEAD", "POST"].forEach(function(method) { + test(function() { + var client = new XMLHttpRequest() + client.open(method, "resources/echo-method.py", false) + client.send() + assert_equals(client.responseText, (method === "HEAD" ? "" : method)) + }, method) + }) + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/responseText-status.html b/tests/wpt/web-platform-tests/XMLHttpRequest/responseText-status.html new file mode 100644 index 00000000000..7d575902ddc --- /dev/null +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/responseText-status.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>XMLHttpRequest Test: responseText - status</title> +<link rel="author" title="Intel" href="http://www.intel.com"> +<meta name="assert" content="Check if XMLHttpRequest.responseText return empty string if state is not LOADING or DONE"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> + +<div id="log"></div> + +<script> + +async_test(function (t) { + var client = new XMLHttpRequest(); + t.step(function () { + assert_equals(client.responseText, ""); + }); + + client.onreadystatechange = t.step_func(function () { + if (client.readyState == 1 || client.readyState == 2) { + assert_equals(client.responseText, ""); + } + + if (client.readyState == 3) { + t.done(); + } + }); + + client.open("GET", "resources/headers.py") + client.send(null) +}, document.title); + +</script> diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/responsexml-document-properties.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/responsexml-document-properties.htm index ef4d5906cf7..ed53996dcec 100644 --- a/tests/wpt/web-platform-tests/XMLHttpRequest/responsexml-document-properties.htm +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/responsexml-document-properties.htm @@ -43,7 +43,7 @@ } test(function() { - assert_equals((new Date(client.getResponseHeader('Last-Modified'))).getTime(), (new Date(client.responseXML.lastModified)).getTime()) + assert_true((new Date(client.getResponseHeader('Last-Modified'))).getTime() == (new Date(client.responseXML.lastModified)).getTime(), 'responseXML.lastModified time shoud be equal to time in response Last-Modified header') }, 'lastModified set according to HTTP header') test(function() { diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-basic-setrequestheader-existing-session.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-basic-setrequestheader-existing-session.htm index 5b8932c2c63..6e68f098cf5 100644 --- a/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-basic-setrequestheader-existing-session.htm +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-basic-setrequestheader-existing-session.htm @@ -25,7 +25,7 @@ client.setRequestHeader('X-User', open_user) // initial request - this will get a 401 response and re-try with HTTP auth client.send(null) - assert_equals(client.responseText, open_user + '\nopen-pass') + assert_true(client.responseText == (open_user + '\nopen-pass'), 'responseText should contain the right user and password') assert_equals(client.status, 200) assert_equals(client.getResponseHeader('x-challenge'), 'DID') // Another request, this time user,pass is omitted and an Authorization header set explicitly diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm index 994ebb5a857..ba7ea7e35c5 100644 --- a/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-competing-names-passwords.htm @@ -34,7 +34,7 @@ client.open("GET", urlstart + "resources/authentication.py", false, user2, pass2) client.setRequestHeader("x-user", userwin) client.send(null) - assert_equals(client.responseText, (userwin||'') + "\n" + (passwin||'')) + assert_true(client.responseText == ((userwin||'') + "\n" + (passwin||'')), 'responseText should contain the right user and password') // We want to send multiple requests to the same realm here, so we try to make the UA forget its (cached) credentials between each test.. // forcing a 401 response to (hopefully) "log out" diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader.htm index 6f2eeb734a5..85911d78d9f 100644 --- a/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader.htm +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader.htm @@ -25,7 +25,7 @@ client.onreadystatechange = function () { if (client.readyState < 4) {return} test.step( function () { - assert_equals(client.responseText, user + '\npass') + assert_true(client.responseText == (user + '\npass'), 'responseText should contain the right user and password') assert_equals(client.status, 200) assert_equals(client.getResponseHeader('x-challenge'), 'DID-NOT') test.done() diff --git a/tests/wpt/web-platform-tests/XMLHttpRequest/status-basic.htm b/tests/wpt/web-platform-tests/XMLHttpRequest/status-basic.htm index 5005ceae688..fed7cabec47 100644 --- a/tests/wpt/web-platform-tests/XMLHttpRequest/status-basic.htm +++ b/tests/wpt/web-platform-tests/XMLHttpRequest/status-basic.htm @@ -17,7 +17,9 @@ counter++ test(function() { var client = new XMLHttpRequest() + assert_equals(client.status, 0); client.open(method, "resources/status.py?code=" + code + "&text=" + encodeURIComponent(text) + "&content=" + encodeURIComponent(content) + "&type=" + encodeURIComponent(type), false) + assert_equals(client.status, 0); client.send(null) assert_equals(client.status, code) assert_equals(client.statusText, text) diff --git a/tests/wpt/web-platform-tests/conformance-checkers/html-aria/_functional/tree/js/aria.js b/tests/wpt/web-platform-tests/conformance-checkers/html-aria/_functional/tree/js/aria.js index e853a3a95f0..bf3bc5399e5 100644 --- a/tests/wpt/web-platform-tests/conformance-checkers/html-aria/_functional/tree/js/aria.js +++ b/tests/wpt/web-platform-tests/conformance-checkers/html-aria/_functional/tree/js/aria.js @@ -20,7 +20,6 @@ var Aria = { Aria.Tree = Class.create(); Aria.Tree.prototype = { initialize: function(inNode){ - if(!$(inNode) && console.error) console.error('Error from aria.js: Aria.Tree instance initialized with invalid element, '+ inNode); this.el = $(inNode); this.index = Aria.Trees.length; // each tree should know its index in the Aria singleton's list, in order to concatenate id strings this.strActiveDescendant = this.el.getAttribute('aria-activedescendant'); @@ -112,8 +111,7 @@ Aria.Tree.prototype = { case Event.KEY_UP: this.keyUp(); break; case Event.KEY_RIGHT: this.keyRight(); break; case Event.KEY_DOWN: this.keyDown(); break; - default: - //console.log(inEvent.keyCode); + default: return; } Event.stop(inEvent); diff --git a/tests/wpt/web-platform-tests/conformance-checkers/messages.json b/tests/wpt/web-platform-tests/conformance-checkers/messages.json index 34e3a756738..34990c02200 100644 --- a/tests/wpt/web-platform-tests/conformance-checkers/messages.json +++ b/tests/wpt/web-platform-tests/conformance-checkers/messages.json @@ -1388,13 +1388,13 @@ "html/elements/kbd/model-novalid.html": "End tag \u201cp\u201d implied, but there were open elements.", "html/elements/keygen/id-bad-novalid.html": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.", "html/elements/keygen/id-missing-novalid.html": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.", - "html/elements/keygen/id-redundant-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.", + "html/elements/keygen/id-redundant-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.", "html/elements/keygen/keytype-bad-value-novalid.html": "Bad value \u201cdsa\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.", "html/elements/keygen/keytype-empty-novalid.html": "Bad value \u201c\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.", "html/elements/keygen/model-novalid.html": "The element \u201ckeygen\u201d must not appear as a descendant of the \u201ca\u201d element.", "html/elements/keygen/non-void-novalid.html": "Stray end tag \u201ckeygen\u201d.", "html/elements/label/for-descendant-no-id-novalid.html": "Any \u201cinput\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.", - "html/elements/label/multiple-descendants-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.", + "html/elements/label/multiple-descendants-novalid.html": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.", "html/elements/link/href-empty-novalid.html": "Bad value \u201c\u201d for attribute \u201chref\u201d on element \u201clink\u201d: Bad URL: Must be non-empty.", "html/elements/link/href-missing-novalid.html": "Element \u201clink\u201d is missing required attribute \u201chref\u201d.", "html/elements/link/href-whitespace-only-novalid.html": "Bad value \u201c\t \n\u201d for attribute \u201chref\u201d on element \u201clink\u201d: Bad URL: Must be non-empty.", @@ -2167,9 +2167,9 @@ "html/media-queries/022-novalid.html": "Bad value \u201cscreen,\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Media query ended prematurely.", "html/media-queries/023-novalid.html": "Bad value \u201c,screen\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Media query ended prematurely.", "html/media-queries/024-novalid.html": "Bad value \u201cscreen and (min-width: 400)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Non-zero lengths require a unit.", - "html/media-queries/device-aspect-ratio-novalid.html": "Bad value \u201cscreen and (device-aspect-ratio: 16/9)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Expected a CSS media feature but saw \u201cdevice-aspect-ratio\u201d instead.", - "html/media-queries/projection-novalid.html": "Bad value \u201cprojection\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Expected a CSS media type but the query ended.", - "html/media-queries/tv-novalid.html": "Bad value \u201ctv and (scan: progressive)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Expected a CSS media type but saw \u201ctv\u201d instead.", + "html/media-queries/device-aspect-ratio-novalid.html": "Bad value \u201cscreen and (device-aspect-ratio: 16/9)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Deprecated media feature \u201cdevice-aspect-ratio\u201d. For guidance, see the Deprecated Media Features section in the current Media Queries specification.", + "html/media-queries/projection-novalid.html": "Bad value \u201cprojection\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Deprecated media type \u201cprojection\u201d. For guidance, see the Media Types section in the current Media Queries specification.", + "html/media-queries/tv-novalid.html": "Bad value \u201ctv and (scan: progressive)\u201d for attribute \u201cmedia\u201d on element \u201clink\u201d: Bad media query: Deprecated media type \u201ctv\u201d. For guidance, see the Media Types section in the current Media Queries specification.", "html/microdata/itemid-scheme-data-contains-fragment-haswarn.html": "Bad value \u201cdata:text/html,test#test\u201d for attribute \u201citemid\u201d on element \u201cdiv\u201d: Bad URL: Fragment is not allowed for data: URIs according to RFC 2397.", "html/microdata/itemid/fragment-backslash-novalid.html": "Bad value \u201c#\\\u201d for attribute \u201citemid\u201d on element \u201cdiv\u201d: Bad URL: Illegal character in fragment: not a URL code point.", "html/microdata/itemid/fragment-contains-hash-novalid.html": "Bad value \u201chttp://foo/path#f#g\u201d for attribute \u201citemid\u201d on element \u201cdiv\u201d: Bad URL: Illegal character in fragment: not a URL code point.", @@ -2370,12 +2370,12 @@ "xhtml/elements/keygen/057-novalid.xhtml": "Bad value \u201c\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.", "xhtml/elements/keygen/058-novalid.xhtml": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.", "xhtml/elements/keygen/059-novalid.xhtml": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.", - "xhtml/elements/keygen/060-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.", + "xhtml/elements/keygen/060-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.", "xhtml/elements/keygen/061-novalid.xhtml": "The element \u201ckeygen\u201d must not appear as a descendant of the \u201ca\u201d element.", "xhtml/elements/keygen/154-novalid.xhtml": "Text not allowed in element \u201ckeygen\u201d in this context.", "xhtml/elements/keygen/157-novalid.xhtml": "Bad value \u201c\u201d for attribute \u201ckeytype\u201d on element \u201ckeygen\u201d.", "xhtml/elements/keygen/359-novalid.xhtml": "Any \u201ckeygen\u201d descendant of a \u201clabel\u201d element with a \u201cfor\u201d attribute must have an ID value that matches that \u201cfor\u201d attribute.", - "xhtml/elements/keygen/360-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cinput\u201d, \u201cbutton\u201d, \u201cselect\u201d, \u201ctextarea\u201d, or \u201ckeygen\u201d descendant.", + "xhtml/elements/keygen/360-novalid.xhtml": "The \u201clabel\u201d element may contain at most one \u201cbutton\u201d, \u201cinput\u201d, \u201ckeygen\u201d, \u201cmeter\u201d, \u201coutput\u201d, \u201cprogress\u201d, \u201cselect\u201d, or \u201ctextarea\u201d descendant.", "xhtml/elements/keygen/361-novalid.xhtml": "The element \u201ckeygen\u201d must not appear as a descendant of the \u201ca\u201d element.", "xhtml/elements/link/001-novalid.xhtml": "Element \u201clink\u201d is missing required attribute \u201chref\u201d.", "xhtml/elements/menu/001-haswarn.xhtml": "The \u201cmenu\u201d element is not supported by browsers yet. It would probably be better to wait for implementations.", diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/allowed.css b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/allowed.css new file mode 100644 index 00000000000..ace54348973 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/allowed.css @@ -0,0 +1,3 @@ +#test { + color: green; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html new file mode 100644 index 00000000000..1baa22a8291 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>base-uri-allow</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +base-uri http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; +--> + <base href="http://www1.{{host}}:{{ports[http][0]}}/"> + <script> + console.info('Check that base URIs can be set if they do not violate the page\'s policy.'); + test(function() { + assert_equals(document.baseURI, 'http://www1.{{host}}:{{ports[http][0]}}/'); + log("TEST COMPLETE") + }); + + </script> +</head> + +<body> + <div id="log"></div> + <script async defer src="./content-security-policy/support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html.sub.headers new file mode 100644 index 00000000000..e749d723890 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-allow.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: base-uri-allow={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: base-uri http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html new file mode 100644 index 00000000000..451bfda90c5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>base-uri-deny</title> + <base href="http://www1.{{host}}:{{ports[http][0]}}/"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS document.baseURI is document.location.href","TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +base-uri 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + console.info('Check that base URIs cannot be set if they violate the page\'s policy.'); + var base = document.createElement('base'); + base.href = 'http://www1.{{host}}:{{ports[http][0]}}/'; + document.head.appendChild(base); + if (document.baseURI == document.location.href) { + log("PASS document.baseURI is document.location.href"); + log("TEST COMPLETE"); + } + + </script> +</head> + +<body> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=base-uri%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html.sub.headers new file mode 100644 index 00000000000..0312c46d07c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/base-uri-deny.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: base-uri-deny={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: base-uri 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html new file mode 100644 index 00000000000..376a06a180a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() { + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }, 0); + }); + + </script> +</head> + +<body> + <form action="../support/pass.png" id="theform" method="post" target="_blank"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..88cbfda0ef0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html new file mode 100644 index 00000000000..81fe844f1e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() { + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }, 0); + }); + setTimeout(function() {}, 1000); + + </script> +</head> + +<body> + <form action="../content-security-policy/support/fail.png" id="theform" method="post"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=form-action%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..29351c00843 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html new file mode 100644 index 00000000000..14efac46e75 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-default-ignored</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() { + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }, 0); + }); + + </script> +</head> + +<body> + <form action="../support/pass.png" id="theform" method="post" target="_blank"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that default-src does. If this test passes, you will see a page indicating a form was POSTed or a blocked pop-up warning.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html.sub.headers new file mode 100644 index 00000000000..d8655e27856 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-default-ignored.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-default-ignored={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html new file mode 100644 index 00000000000..82a0714dd90 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-get-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() { + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }, 0); + }); + + </script> +</head> + +<body> + <form action="../support/pass.png" id="theform" method="get" target="_blank"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that allowed form actions work correctly. If this test passes, you will see a page indicating a form was POSTed or a blocked pop-up warning.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..ac8761518c8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-get-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html new file mode 100644 index 00000000000..9a1b9f5b1a6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-get-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() {}, 1000); + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }); + + </script> +</head> + +<body> + <form action="/navigation/resources/form-target.pl" id="theform" method="get"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=form-action%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..e7a044dbcca --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-get-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-get-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html new file mode 100644 index 00000000000..7bef874e862 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-javascript-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() { + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }, 0); + }); + + </script> +</head> + +<body> + <form action="javascript:alert_assert("FAIL!")" id="theform" method="post"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a JavaScript alert.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=form-action%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..bbdf4a0711e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-javascript-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-javascript-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html new file mode 100644 index 00000000000..6829a27e585 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>form-action-src-redirect-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +form-action 127.0.0.1:8000; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + window.addEventListener('load', function() { + setTimeout(function() { + document.getElementById('submit').click(); + log("TEST COMPLETE"); + }, 0); + }); + setTimeout(function() {}, 1000); + + </script> +</head> + +<body> + <form id="form1" action="/navigation/resources/redirection-response.php?host=localhost:8000&status=302&target=form-target.pl" method="post"> + <input type="text" name="fieldname" value="fieldvalue"> + <input type="submit" id="submit" value="submit"> + </form> + <p>Tests that blocking form redirect works correctly. If this test passes, a CSP violation will be generated, and will not see a page indicating a form was POSTed.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=form-action%20127.0.0.1:8000"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..cca14ebb5af --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/form-action-src-redirect-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: form-action-src-redirect-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: form-action 127.0.0.1:8000; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html new file mode 100644 index 00000000000..ac103981c3c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>meta-outside-head</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS (1/1)"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'none'; connect-src 'self'; +--> +</head> + +<body> + <meta http-equiv="Content-Security-Policy" content="script-src 'none'"> + <p>This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document's head.</p> + <script> + alert_assert("PASS (1/1)"); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html.sub.headers new file mode 100644 index 00000000000..3cd33519216 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/meta-outside-head.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: meta-outside-head={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'none'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html new file mode 100644 index 00000000000..fe3f95878d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>plugintypes-mismatched-data</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + This tests that plugin content that doesn't match the declared type doesn't load, even if the document's CSP would allow it. This test passes if "FAIL!" isn't logged. + <object type="application/x-invalid-type" data="data:application/x-webkit-test-netscape,logifloaded" log="FAIL!"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html.sub.headers new file mode 100644 index 00000000000..4e5b31b2a6b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-data.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: plugintypes-mismatched-data={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html new file mode 100644 index 00000000000..bc60994ad3a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>plugintypes-mismatched-url</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + This tests that plugin content that doesn't match the declared type doesn't load, even if the document's CSP would allow it. This test passes if no iframe is dumped (meaning that no PluginDocument was created). + <object type="application/x-invalid-type" data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html.sub.headers new file mode 100644 index 00000000000..38a7450ab72 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-mismatched-url.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: plugintypes-mismatched-url={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html new file mode 100644 index 00000000000..59179c71615 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>plugintypes-notype-data</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there's a CSP report and "FAIL!" isn't logged. + <object data="data:application/x-webkit-test-netscape" onload="log('FAIL');" onerror="log('PASS');"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=plugin-types+application/x-invalid-type"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html.sub.headers new file mode 100644 index 00000000000..ea938378afc --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-data.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: plugintypes-notype-data={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html new file mode 100644 index 00000000000..e9918941fd3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>plugintypes-notype-url</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there's an error report is sent. + <object data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=plugin-types%20application/x-invalid-type"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html.sub.headers new file mode 100644 index 00000000000..ffe26cdf169 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-notype-url.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: plugintypes-notype-url={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html new file mode 100644 index 00000000000..222d6500d1b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>plugintypes-nourl-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +plugin-types application/x-webkit-test-netscape; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if there isn't a CSP violation sayingthe plugin was blocked. + <object type="application/x-webkit-test-netscape"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..7fef2a5b560 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: plugintypes-nourl-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: plugin-types application/x-webkit-test-netscape; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html new file mode 100644 index 00000000000..b5cc5a5a40f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>plugintypes-nourl-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if there is a CSP violation sayingthe plugin was blocked. + <object type="application/x-webkit-test-netscape"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=plugin-types%20text/plain"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..709bf90df99 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/plugintypes-nourl-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: plugintypes-nourl-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html new file mode 100644 index 00000000000..6bacdc36e5b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scripthash-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/content-security-policy/support/alertAssert.sub.js?alerts=%5B%22PASS%20(1%2F4)%22%2C%22PASS%20(2%2F4)%22%2C%22PASS%20(3%2F4)%22%2C%22PASS%20(4%2F4)%22%5D"> + + + </script> + <!-- enforcing policy: +script-src 'self' 'sha256-IFmozo9WnnsMXVl_Ka8XzJ3Nd8yzS2zA2ME0mwtd-Ck=' 'sha256-jSpTmJKcrnHttKdYM_wCCDJoQY5tdSxNf7zd2prwFfI=' 'sha256-qbgA2XjB2EZKjn_UmK7v_K77t-fvfxA89QT_K9qPNyE=' 'sha256-K-7X5Ip3msvRvyQzf6fkrWZziuhaUIee1aLnlP5nX10='; connect-src 'self'; connect-src 'self'; +--> + <script> + alert_assert('PASS (1/4)'); + + </script> + <script> + alert_assert('PASS (2/4)'); + + </script> + <script> + alert_assert('PASS (3/4)'); + + </script> + <script> + alert_assert('PASS (4/4)'); + + </script> +</head> + +<body> + <p> + This tests the effect of a valid script-hash value. It passes if no CSP violation is generated, and the alert_assert() is executed. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..8eaf327858a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scripthash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'sha256-IFmozo9WnnsMXVl_Ka8XzJ3Nd8yzS2zA2ME0mwtd-Ck=' 'sha256-jSpTmJKcrnHttKdYM_wCCDJoQY5tdSxNf7zd2prwFfI=' 'sha256-qbgA2XjB2EZKjn_UmK7v_K77t-fvfxA89QT_K9qPNyE=' 'sha256-K-7X5Ip3msvRvyQzf6fkrWZziuhaUIee1aLnlP5nX10='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html new file mode 100644 index 00000000000..ac7b2c02f9d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html @@ -0,0 +1,69 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scripthash-basic-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script> + var t_alert = async_test('Expecting alerts: ["PASS (1/1)"]'); + var expected_alerts = ["PASS (1/1)"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='; connect-src 'self'; +--> + <script> + alert_assert('PASS (1/1)'); + + </script> + <script> + alert_assert('FAIL (1/4)'); + + </script> + <script> + alert_assert('FAIL (2/4)'); + + </script> + <script> + alert_assert('FAIL (3/4)'); + + </script> + <script> + alert_assert('FAIL (4/4)'); + + </script> +</head> + +<body> + <p> + This tests the effect of a valid script-hash value, with one valid script and several invalid ones. It passes if one alert is executed and a CSP violation is reported. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..740f975a2de --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-basic-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scripthash-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html new file mode 100644 index 00000000000..545099e080f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scripthash-ignore-unsafeinline</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script> + var t_alert = async_test('Expecting alerts: ["PASS (1/1)"]'); + var expected_alerts = ["PASS (1/1)"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'; connect-src 'self'; +--> + <script> + alert_assert('PASS (1/1)'); + + </script> + <script> + alert_assert('FAIL (1/1)'); + + </script> +</head> + +<body> + <p> + This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='%20'unsafe-inline'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html.sub.headers new file mode 100644 index 00000000000..4fe453debf7 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-ignore-unsafeinline.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scripthash-ignore-unsafeinline={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html new file mode 100644 index 00000000000..cbf955b10d8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scripthash-unicode-normalization</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/content-security-policy/support/alertAssert.sub.js?alerts=%5B%22PASS%22%2C%22PASS%22%5D"> + + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'sha256-xy4iRAvdlFCq-M5-4yu4B7dy0Kc2FfljmZO4Jkj3Yhw='; connect-src 'self'; +--> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + <!-- The following two scripts contain two separate code points (U+00C5 + and U+212B, respectively) which, depending on your text editor, might be + rendered the same. However, their difference is important as they should + be NFC normalized to the same code point, thus they should hash to the + same value.--> + <script> + 'Å'; + alert_assert('PASS'); + + </script> + <script> + 'Å'; + alert_assert('PASS'); + + </script> +</head> + +<body> + <p> + This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html.sub.headers new file mode 100644 index 00000000000..065234dd7f1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scripthash-unicode-normalization.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scripthash-unicode-normalization={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'sha256-xy4iRAvdlFCq-M5-4yu4B7dy0Kc2FfljmZO4Jkj3Yhw='; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html new file mode 100644 index 00000000000..2a1321d2423 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html @@ -0,0 +1,64 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scriptnonce-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script nonce="noncynonce"> + function log(msg) { + test(function() { + assert_unreached(msg) + }); + } + + </script> + <script nonce="noncynonce"> + var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]'); + var expected_alerts = ["PASS (1/2)", "PASS (2/2)"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/=nonce'; connect-src 'self'; +--> + <script nonce="noncynonce"> + alert_assert('PASS (1/2)'); + + </script> + <script nonce="noncy+/=nonce"> + alert_assert('PASS (2/2)'); + + </script> +</head> + +<body> + <p> + This tests the effect of a valid script-nonce value. It passes if no CSP violation is generated and the alerts are executed. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..a69c927c906 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scriptnonce-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'nonce-noncynonce' 'nonce-noncy+/=nonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html new file mode 100644 index 00000000000..2b333cbeade --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html @@ -0,0 +1,76 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scriptnonce-and-scripthash</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script nonce="nonceynonce"> + function log(msg) { + test(function() { + assert_unreached(msg) + }); + } + + </script> + <script nonce="nonceynonce"> + var t_alert = async_test('Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"]'); + var expected_alerts = ["PASS (1/3)", "PASS (2/3)", "PASS (3/3)"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'sha256-LS8v1E1Ff0Hc8FobgWKNKY3sbW4rljPlZNQHyyutfKU=' 'nonce-nonceynonce'; connect-src 'self'; +--> + <script nonce="nonceynonce"> + alert_assert('PASS (1/3)'); + + </script> + <script> + alert_assert('PASS (2/3)'); + + </script> + <script nonce="nonceynonce"> + alert_assert('PASS (3/3)'); + + </script> + <script> + alert_assert('FAIL (1/2)'); + + </script> + <script nonce="notanonce"> + alert_assert('FAIL (2/2)'); + + </script> +</head> + +<body> + <p> + This tests the combined use of script hash and script nonce. It passes if a CSP violation is generated and the three alerts show PASS. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'sha1-MfuEFRkC2LmR31AMy9KW2ZLDegA='%20'sha1-p70t5PXyndLfjKNjbyBBOL1gFiM='%20'nonce-nonceynonce'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html.sub.headers new file mode 100644 index 00000000000..afa33e6df18 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-and-scripthash.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scriptnonce-and-scripthash={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'sha256-LS8v1E1Ff0Hc8FobgWKNKY3sbW4rljPlZNQHyyutfKU=' 'nonce-nonceynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html new file mode 100644 index 00000000000..18ad1d4f66c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html @@ -0,0 +1,76 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scriptnonce-basic-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script nonce='noncynonce'> + function log(msg) { + test(function() { + assert_unreached(msg) + }); + } + + </script> + <script nonce='noncynonce'> + var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]'); + var expected_alerts = ["PASS (1/2)", "PASS (2/2)"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self'; +--> + <script nonce="noncynonce"> + alert_assert('PASS (1/2)'); + + </script> + <script nonce=" noncynonce "> + alert_assert('PASS (2/2)'); + + </script> + <script nonce="noncynonce noncynonce"> + alert_assert('FAIL (1/3)'); + + </script> + <script> + alert_assert('FAIL (2/3)'); + + </script> + <script nonce="noncynonceno?"> + alert_assert('FAIL (3/3)'); + + </script> +</head> + +<body> + <p> + This tests the effect of a valid script-nonce value. It passes if a CSP violation is generated, and the two PASS alerts are executed. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'nonce-noncynonce'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..ee4e8b3f0b2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-basic-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scriptnonce-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html new file mode 100644 index 00000000000..d1b97dfb920 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html @@ -0,0 +1,72 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scriptnonce-ignore-unsafeinline</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script nonce='noncynonce'> + function log(msg) { + test(function() { + assert_unreached(msg) + }); + } + + </script> + <script nonce='noncynonce'> + var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]'); + var expected_alerts = ["PASS (1/2)", "PASS (2/2)"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/=nonce' 'unsafe-inline'; connect-src 'self'; +--> + <script nonce="noncynonce"> + + + </script> + <script nonce="noncynonce"> + alert_assert('PASS (1/2)'); + + </script> + <script nonce="noncy+/=nonce"> + alert_assert('PASS (2/2)'); + + </script> + <script> + alert_assert('FAIL (1/1)'); + + </script> +</head> + +<body> + <p> + This tests that a valid nonce disables inline JavaScript, even if 'unsafe-inline' is present. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'nonce-noncynonce'%20'nonce-noncy+/=nonce'%20'unsafe-inline'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html.sub.headers new file mode 100644 index 00000000000..01f7e185a2e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scriptnonce-ignore-unsafeinline={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/=nonce' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html new file mode 100644 index 00000000000..a17f1fb5c30 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>scriptnonce-redirect</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script nonce="noncynonce"> + function log(msg) { + test(function() { + assert_unreached(msg) + }); + } + + </script> + <script nonce="noncynonce"> + var t_alert = async_test('Expecting alerts: ["PASS"]'); + var expected_alerts = ["PASS"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self'; +--> +</head> + +<body> + This tests whether a deferred script load caused by a redirect is properly allowed by a nonce. + <script nonce="noncynonce" src="/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/content-security-policy/support/alert-pass.js"></script> + <script nonce="noncynonce"> + + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html.sub.headers new file mode 100644 index 00000000000..8d71f88d55e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/scriptnonce-redirect.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: scriptnonce-redirect={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-noncynonce'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html new file mode 100644 index 00000000000..82cad034796 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>securitypolicyviolation-block-cross-origin-image-from-script</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + var x = document.createElement('script'); + x.src = 'http://{{host}}:{{ports[http][0]}}/content-security-policy/support/inject-image.js'; + document.body.appendChild(x); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.sub.headers new file mode 100644 index 00000000000..723ed281ffc --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: securitypolicyviolation-block-cross-origin-image-from-script={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html new file mode 100644 index 00000000000..c805cc57b7f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>securitypolicyviolation-block-cross-origin-image</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + console.info('Check that a SecurityPolicyViolationEvent strips detail from cross-origin blocked URLs.'); + var img = document.createElement('img'); + img.src = 'http://{{host}}:{{ports[http][0]}}/security/resources/abe.png'; + document.body.appendChild(img); + log("TEST COMPLETE"); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html.sub.headers new file mode 100644 index 00000000000..d701a476fa4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: securitypolicyviolation-block-cross-origin-image={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html new file mode 100644 index 00000000000..8c00fdb36d8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>securitypolicyviolation-block-image-from-script</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + console.info('Check that a SecurityPolicyViolationEvent is fired upon blocking an image injected via script.'); + var script = document.createElement('script'); + script.src = '../support/inject-image.js'; + document.body.appendChild(script); + log("TEST COMPLETE"); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html.sub.headers new file mode 100644 index 00000000000..6b6084dc531 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: securitypolicyviolation-block-image-from-script={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html new file mode 100644 index 00000000000..31b4492002b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>securitypolicyviolation-block-image</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + console.info('Check that a SecurityPolicyViolationEvent is fired upon blocking an image.'); + var img = document.createElement('img'); + img.src = '../support/fail.png'; + img.onerror = function() { + log("TEST COMPLETE"); + }; + img.onload = function() { + log("FAIL"); + }; + document.body.appendChild(img); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html.sub.headers new file mode 100644 index 00000000000..1f4f8457845 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/securitypolicyviolation-block-image.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: securitypolicyviolation-block-image={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html new file mode 100644 index 00000000000..be7ef1a8198 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html @@ -0,0 +1,77 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>stylehash-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script> + var t_alert = async_test('Expecting alerts: ["PASS (1/4): The \'#p1\' element\'s text is green, which means the style was correctly applied.","PASS (2/4): The \'#p2\' element\'s text is green, which means the style was correctly applied.","PASS (3/4): The \'#p3\' element\'s text is green, which means the style was correctly applied.","PASS (4/4): The \'#p4\' element\'s text is green, which means the style was correctly applied."]'); + var expected_alerts = ["PASS (1/4): The '#p1' element's text is green, which means the style was correctly applied.", "PASS (2/4): The '#p2' element's text is green, which means the style was correctly applied.", "PASS (3/4): The '#p3' element's text is green, which means the style was correctly applied.", "PASS (4/4): The '#p4' element's text is green, which means the style was correctly applied."]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +style-src 'sha1-eYyYGmKWdhpUewohaXk9o8IaLSw=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <p id="p1">This tests the result of a valid style hash. It passes if this text is green, and a "PASS" alert for p1 is fired.</p> + <p id="p2">This tests the result of a valid style hash. It passes if this text is green, and a "PASS" alert for p2 is fired.</p> + <p id="p3">This tests the result of a valid style hash. It passes if this text is green, and a "PASS" alert for p3 is fired.</p> + <p id="p4">This tests the result of a valid style hash. It passes if this text is green, and a "PASS" alert for p4 is fired.</p> + <style>p#p1 { color: green; }</style> + <style>p#p2 { color: green; }</style> + <style>p#p3 { color: green; }</style> + <style>p#p4 { color: green; }</style> + <script> + var color = window.getComputedStyle(document.querySelector('#p1')).color; + if (color === "rgb(0, 128, 0)") + alert_assert("PASS (1/4): The '#p1' element's text is green, which means the style was correctly applied."); + else + alert_assert("FAIL (1/4): The '#p1' element's text is " + color + ", which means the style was incorrectly applied."); + var color = window.getComputedStyle(document.querySelector('#p2')).color; + if (color === "rgb(0, 128, 0)") + alert_assert("PASS (2/4): The '#p2' element's text is green, which means the style was correctly applied."); + else + alert_assert("FAIL (2/4): The '#p2' element's text is " + color + ", which means the style was incorrectly applied."); + var color = window.getComputedStyle(document.querySelector('#p3')).color; + if (color === "rgb(0, 128, 0)") + alert_assert("PASS (3/4): The '#p3' element's text is green, which means the style was correctly applied."); + else + alert_assert("FAIL (3/4): The '#p3' element's text is " + color + ", which means the style was incorrectly applied."); + var color = window.getComputedStyle(document.querySelector('#p4')).color; + if (color === "rgb(0, 128, 0)") + alert_assert("PASS (4/4): The '#p4' element's text is green, which means the style was correctly applied."); + else + alert_assert("FAIL (4/4): The '#p4' element's text is " + color + ", which means the style was incorrectly applied."); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..3f0aff7db89 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: stylehash-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: style-src 'self' 'sha1-eYyYGmKWdhpUewohaXk9o8IaLSw=' 'sha256-hndjYvzUzy2Ykuad81Cwsl1FOXX/qYs/aDVyUyNZwBw=' 'sha384-bSVm1i3sjPBRM4TwZtYTDjk9JxZMExYHWbFmP1SxDhJH4ue0Wu9OPOkY5hcqRcSt' 'sha512-440MmBLtj9Kp5Bqloogn9BqGDylY8vFsv5/zXL1zH2fJVssCoskRig4gyM+9KqwvCSapSz5CVoUGHQcxv43UQg=='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html new file mode 100644 index 00000000000..274db01403c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html @@ -0,0 +1,61 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>stylehash-basic-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script> + var t_alert = async_test('Expecting alerts: ["PASS: The \'p\' element\'s text is green, which means the style was correctly applied."]'); + var expected_alerts = ["PASS: The 'p' element's text is green, which means the style was correctly applied."]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +style-src 'sha1-pfeR5wMA6np45oqDTP6Pj3tLpJo='; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <style>p { color: green; }</style> + <style>p { color: red; }</style> + <style>p { color: purple; }</style> + <style>p { color: blue; }</style> +</head> + +<body> + <p> + This tests the effect of a valid style-hash value, with one valid style and several invalid ones. It passes if the valid style is applied and a CSP violation is generated. + </p> + <script> + var color = window.getComputedStyle(document.querySelector('p')).color; + if (color === "rgb(0, 128, 0)") + alert_assert("PASS: The 'p' element's text is green, which means the style was correctly applied."); + else + alert_assert("FAIL: The 'p' element's text is " + color + ", which means the style was incorrectly applied."); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'sha1-pfeR5wMA6np45oqDTP6Pj3tLpJo='"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..ac9ca4e870c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylehash-basic-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: stylehash-basic-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: style-src 'self' 'sha1-pfeR5wMA6np45oqDTP6Pj3tLpJo='; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html new file mode 100644 index 00000000000..3588a631bb9 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html @@ -0,0 +1,54 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>stylenonce-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'self' nonce-noncynonce' 'nonce-noncy+/=nonce'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script></script> + <style nonce="noncynonce"> + #test1 { + color: green; + } + + </style> + <style> + #test1 { + color: red; + } + + </style> + <style nonce="noncynonce"> + #test2 { + color: green; + } + + </style> +</head> + +<body> + <p id="test1">This text should be green.</p> + <p id="test2">This text should also be green.</p> + <script> + console.info("Style correctly whitelisted via a 'nonce-*' expression in 'style-src' should be applied to the page."); + var el = document.querySelector('#test1'); + test(function() { + assert_equals(window.getComputedStyle(el).color, "rgb(0, 128, 0)") + }); + var el = document.querySelector('#test2'); + test(function() { + assert_equals(window.getComputedStyle(el).color, "rgb(0, 128, 0)") + }); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'nonce-noncynonce'%20'nonce-noncy+/=nonce'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..28c85c91a94 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: stylenonce-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: style-src 'self' 'nonce-noncynonce' 'nonce-noncy+/=nonce'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html new file mode 100644 index 00000000000..8bf450d74e9 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html @@ -0,0 +1,38 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>stylenonce-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <link rel="stylesheet" type="text/css" href="allowed.css"> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script></script> + <style nonce="noncynonce"> + #test { + color: red; + } + + </style> +</head> + +<body> + <p id="test">This text should be green.</p> + <script> + console.info("Style that does not match a 'nonce-*' expression in 'style-src' should not be applied to the page."); + var el = document.querySelector('#test'); + test(function() { + assert_equals(window.getComputedStyle(el).color, "rgb(0, 128, 0)") + }); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..e51a02dd0be --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib-2/stylenonce-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: stylenonce-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib-2 +Content-Security-Policy: style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html new file mode 100644 index 00000000000..3f25b94834f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>blob-urls-do-not-match-self</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <p> + blob: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content. + </p> + <script> + function fail() { + alert_assert("FAIL!"); + } + var b = new Blob(['fail();'], { + type: 'application/javascript' + }); + var script = document.createElement('script'); + script.src = URL.createObjectURL(b); + document.body.appendChild(script); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'%20'unsafe-inline'%20''"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html.sub.headers new file mode 100644 index 00000000000..41c66413ca0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-do-not-match-self.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: blob-urls-do-not-match-self={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' '*'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html new file mode 100644 index 00000000000..819c1a699f2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>blob-urls-match-blob</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS (1/1)"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' blob:; connect-src 'self'; +--> +</head> + +<body> + <p> + blob: URLs are same-origin with the page in which they were created, but match only if the blob: scheme is specified. + </p> + <script> + function pass() { + log("PASS (1/1)"); + } + var b = new Blob(['pass();'], { + type: 'application/javascript' + }); + var script = document.createElement('script'); + script.src = URL.createObjectURL(b); + document.body.appendChild(script); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html.sub.headers new file mode 100644 index 00000000000..be74e61a78b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/blob-urls-match-blob.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: blob-urls-match-blob={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' blob:; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/combine-multiple-policies.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/combine-multiple-policies.sub.html new file mode 100644 index 00000000000..be778e44df0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/combine-multiple-policies.sub.html @@ -0,0 +1,50 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> + <title>combine-multiple-policies</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing multiple policies: +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; styls-src 'self' +Content-Security-Policy: img-src 'none' +--> +</head> + +<body> + This test checks that we enforce all the supplied policies. This test passe if it doesn't alert fail and if the style doesn't apply. + <script> + console.info('Check that a SecurityPolicyViolationEvent is fired upon blocking an image.'); + var img = document.createElement('img'); + img.src = '../support/fail.png'; + img.onerror = function() { + log("TEST COMPLETE"); + }; + img.onload = function() { + log("FAIL"); + }; + document.body.appendChild(img); + + </script> + <style> + body { + background-color: blue; + } + + </style> + <script> + var el = document.querySelector('body'); + test(function() { + assert_equals(window.getComputedStyle(el).color, "rgb(0, 0, 0)") + }); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/combine-multiple-policies.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/combine-multiple-policies.sub.html.sub.headers new file mode 100644 index 00000000000..eec4b0be352 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/combine-multiple-policies.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: combine-multiple-policies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}}
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html new file mode 100644 index 00000000000..c07fecee8b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-beacon-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var es = navigator.sendBeacon("http://{{host}}:{{ports[http][0]}}/cors/resources/status.py"); + log("Pass"); + } catch (e) { + log("Fail"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..bd3eda40a86 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-beacon-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html new file mode 100644 index 00000000000..135f69b3e13 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-beacon-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var es = navigator.sendBeacon("http://www1.{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/echo-report.php"); + log("Fail"); + } catch (e) { + log("Pass"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..69ded8da7fb --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-beacon-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html new file mode 100644 index 00000000000..0b5c6d8328d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-beacon-redirect-to-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self'; script-src 'self' 'unsafe-inline'; +--> + <script></script> +</head> + +<body> + <p>The beacon should not follow the redirect to http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png and send a CSP violation report.</p> + <script> + console.info("Verify that a CSP connect-src directive blocks redirects."); + navigator.sendBeacon( + "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", + "ping"); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..2c69d0dc866 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-beacon-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html new file mode 100644 index 00000000000..f7a90c13d1b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-eventsource-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var es = new EventSource("http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream"); + log("Pass"); + } catch (e) { + log("Fail"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..eff5c546a8f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-eventsource-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html new file mode 100644 index 00000000000..099b123c2c9 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-eventsource-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self'; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var es = new EventSource("http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream"); + log("Fail"); + } catch (e) { + log("Pass"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..ac37816a439 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-eventsource-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html new file mode 100644 index 00000000000..129a2613690 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-eventsource-redirect-to-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS EventSource() did not follow the disallowed redirect.","PASS successfullyParsed is true","TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self'; script-src 'self' 'unsafe-inline'; +--> + <script></script> +</head> + +<body> + <script> + var es; + try { + es = new EventSource("/common/redirect.py?location= http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/simple-event-stream"); + } catch (e) { + log("FAIL " + "EventSource() should not throw an exception."); + } + es.onload = function() { + log("FAIL " + "EventSource() should fail to follow the disallowed redirect."); + log("TEST COMPLETE"); + }; + es.onerror = function() { + log("PASS " + "EventSource() did not follow the disallowed redirect."); + log("TEST COMPLETE"); + }; + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'/security/contentSecurityPolicy/resources/redir.php"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..c63c8a9dea0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-eventsource-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/resources/redir.php; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html new file mode 100644 index 00000000000..a633681542d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-websocket-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var ws = new WebSocket("ws://127.0.0.1:8880/echo"); + log("Pass"); + } catch (e) { + log("Fail"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..707435174f7 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-websocket-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html new file mode 100644 index 00000000000..540ac1ee6bb --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-websocket-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var ws = new WebSocket("ws://localhost:8880/echo"); + log("Fail"); + } catch (e) { + log("Pass"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20ws://127.0.0.1:8880"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..69036f5bdde --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-websocket-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-websocket-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html new file mode 100644 index 00000000000..6b2a444fc35 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-xmlhttprequest-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://{{host}}:{{ports[http][0]}}/xmlhttprequest/resources/get.txt", true); + log("Pass"); + } catch (e) { + log("Fail"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..dbabcad7a02 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-xmlhttprequest-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html new file mode 100644 index 00000000000..b72973b88de --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-xmlhttprequest-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["Pass"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self'; script-src 'self' 'unsafe-inline'; +--> +</head> + +<body> + <pre id="console"></pre> + <script> + try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", true); + log("Fail"); + } catch (e) { + log("Pass"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..d338034cfc1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-xmlhttprequest-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html new file mode 100644 index 00000000000..148f68228c8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>connect-src-xmlhttprequest-redirect-to-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +connect-src 'self'; script-src 'self' 'unsafe-inline'; +--> + <script></script> +</head> + +<body> + <script> + var xhr = new XMLHttpRequest; + try { + xhr.open("GET", "/common/redirect.py?location=http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png", true); + } catch (e) { + log("FAIL " + "XMLHttpRequest.open() should not throw an exception."); + } + xhr.onload = function() { + log("FAIL " + "XMLHttpRequest.send() should fail to follow the disallowed redirect."); + log("TEST COMPLETE"); + }; + xhr.onerror = function() { + log("PASS " + "XMLHttpRequest.send() did not follow the disallowed redirect."); + log("TEST COMPLETE"); + }; + xhr.send(); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=connect-src%20'self'/security/contentSecurityPolicy/resources/redir.php"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..452104ecd8e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: connect-src-xmlhttprequest-redirect-to-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html new file mode 100644 index 00000000000..f5859087a29 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>default-src-inline-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> + <!-- enforcing policy: +default-src 'self' about: 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body onload="alert_assert('PASS 2 of 2')"> + <script> + alert_assert('PASS 1 of 2'); + + </script> + <!--iframe src="javascript:alert_assert('PASS 2 of 3')"></iframe--> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..f223f066176 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: default-src-inline-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: default-src 'self' about: 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html new file mode 100644 index 00000000000..ad66a9d1f44 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>default-src-inline-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- enforcing policy: +default-src 'self'; connect-src 'self'; +--> +</head> + +<body> + This test passes if the inline scripts don't create failing tests and a CSP report is sent. + <script> + test(function() { + assert_unreached('FAIL inline script ran') + }); + + </script> + <script src="resources/document-write-alert-fail.js"></script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=default-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..63ea706f955 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: default-src-inline-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: default-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/duplicate-directive.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/duplicate-directive.sub.html new file mode 100644 index 00000000000..4336b729b28 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/duplicate-directive.sub.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>duplicate-directive</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS (1/1)"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline'; script-src 'none'; connect-src 'self'; +--> + + <script> + alert_assert('PASS (1/1)'); + + </script> +</head> + +<body> + <p> + This tests the effect of duplicated directives. It passes if the alert_assert() is executed. + </p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/duplicate-directive.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/duplicate-directive.sub.html.sub.headers new file mode 100644 index 00000000000..eefd7197f0f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/duplicate-directive.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: duplicate-directive={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; script-src 'none'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-allowed.sub.html new file mode 100644 index 00000000000..88da806a895 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-allowed.sub.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS (1 of 2)","PASS (2 of 2)"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; +--> +</head> + +<body> + <script> + eval("alert_assert('PASS (1 of 2)')"); + + </script> + <script> + window.eval("alert_assert('PASS (2 of 2)')"); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..6bf55a116ea --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html new file mode 100644 index 00000000000..599b01c3138 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-blocked-and-sends-report</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS: eval() blocked."]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'self'; report-uri resources/save-report.php?test=eval-blocked-and-sends-report.html; connect-src 'self'; +--> +</head> + +<body> + <script> + try { + eval("alert_assert('FAIL')"); + } catch (e) { + log('PASS: eval() blocked.'); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'%20'unsafe-inline'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html.sub.headers new file mode 100644 index 00000000000..f197e41de3a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-and-sends-report.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-blocked-and-sends-report={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html new file mode 100644 index 00000000000..449f9d1927b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html @@ -0,0 +1,10 @@ + +<iframe src="about:blank"></iframe> +Eval should be blocked in the iframe, but inline script should be allowed. +<script> + window.onload = function() { + frames[0].log("<script>alert_assert(/PASS/); eval('alert_assert(/FAIL/);');<\/script>"); + frames[0].document.close(); + } + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html.sub.headers new file mode 100644 index 00000000000..224f25ba7b5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked-in-about-blank-iframe.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-blocked-in-about-blank-iframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked.sub.html new file mode 100644 index 00000000000..229667e7d66 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked.sub.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS EvalError","PASS EvalError"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + try { + eval("alert_assert('FAIL (1 of 2)')"); + } catch (e) { + log("PASS EvalError"); + } + + </script> + <script> + try { + window.eval("alert_assert('FAIL (1 of 2)')"); + } catch (e) { + log("PASS EvalError"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'unsafe-inline'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..124f56bfad3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html new file mode 100644 index 00000000000..66fa95d31e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-scripts-setInterval-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; +--> +</head> +<pre> +<script> + { +} +var id_string = setInterval("clearInterval(id_string); alert_assert('PASS 1 of 2')", 0); +if (id_string == 0) + log('FAIL: Return value for string (should not be 0): ' + id_string); +var id_function = setInterval(function() { + clearInterval(id_function); + alert_assert('PASS 2 of 2'); +}, 0); +if (id_function == 0) + document.write('FAIL: Return value for function (should not be 0): ' + id_function); +</script> +</pre> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..f13ba4c644e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-scripts-setInterval-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html new file mode 100644 index 00000000000..45d873c8027 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-scripts-setInterval-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> +<pre> +<script> + { +} +var id = setInterval("alert_assert('FAIL')", 0); +if (id != 0) + log('FAIL: Return value for string (should be 0): ' + id); +var id = setInterval(function() { + clearInterval(id); + alert_assert('PASS'); +}, 0); +if (id == 0) + document.write('FAIL: Return value for function (should not be 0): ' + id); +</script> +</pre> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..1bd6b636db1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setInterval-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-scripts-setInterval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html new file mode 100644 index 00000000000..9b2e595e5d4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-scripts-setTimeout-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; +--> +</head> +<pre> +<script> + { +} +var id = setTimeout("alert_assert('PASS 1 of 2')", 0); +if (id == 0) + log('FAIL: Return value for string (should not be 0): ' + id); +var id = setTimeout(function() { + alert_assert('PASS 2 of 2'); +}, 0); +if (id == 0) + document.write('FAIL: Return value for function (should not be 0): ' + id); +</script> +</pre> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..4d664d600b9 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-scripts-setTimeout-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html new file mode 100644 index 00000000000..72ed2ce1a37 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html @@ -0,0 +1,30 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>eval-scripts-setTimeout-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> +<pre> +<script> + { +} +var id = setTimeout("alert_assert('FAIL')", 0); +if (id != 0) + log('FAIL: Return value for string (should be 0): ' + id); +var id = setTimeout(function() { + alert_assert('PASS'); +}, 0); +if (id == 0) + document.write('FAIL: Return value for function (should not be 0): ' + id); +</script> +</pre> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..81537fe3ebb --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/eval-scripts-setTimeout-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: eval-scripts-setTimeout-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html new file mode 100644 index 00000000000..e3ab5ea6dd4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html @@ -0,0 +1,48 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>filesystem-urls-do-not-match-self</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' 'self'; connect-src 'self'; +--> +</head> + +<body> + <p> + filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content.. + </p> + <script> + function fail() { + alert_assert("FAIL!"); + } + window.webkitRequestFileSystem(TEMPORARY, 1024 * 1024 /*1MB*/ , function(fs) { + fs.root.getFile('fail.js', { + create: true + }, function(fileEntry) { + fileEntry.createWriter(function(fileWriter) { + fileWriter.onwriteend = function(e) { + var script = document.createElement('script'); + script.src = fileEntry.toURL('application/javascript'); + document.body.appendChild(script); + }; + // Create a new Blob and write it to pass.js. + var b = new Blob(['fail();'], { + type: 'application/javascript' + }); + fileWriter.write(b); + }); + }); + }); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'%20'unsafe-inline'%20'*'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html.sub.headers new file mode 100644 index 00000000000..fa4fbee48e1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-do-not-match-self.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: filesystem-urls-do-not-match-self={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' '*'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html new file mode 100644 index 00000000000..e835c95ac87 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html @@ -0,0 +1,48 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>filesystem-urls-match-filesystem</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS (1/1)"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' 'self'; connect-src 'self'; +--> +</head> + +<body> + <p> + filesystem: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content, but should match filesystem: source. + </p> + <script> + function pass() { + log("PASS (1/1)"); + } + window.webkitRequestFileSystem(TEMPORARY, 1024 * 1024 /*1MB*/ , function(fs) { + fs.root.getFile('pass.js', { + create: true + }, function(fileEntry) { + fileEntry.createWriter(function(fileWriter) { + fileWriter.onwriteend = function(e) { + var script = document.createElement('script'); + script.src = fileEntry.toURL('application/javascript'); + document.body.appendChild(script); + }; + // Create a new Blob and write it to pass.js. + var b = new Blob(['pass();'], { + type: 'application/javascript' + }); + fileWriter.write(b); + }); + }); + }); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html.sub.headers new file mode 100644 index 00000000000..f9956ede828 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/filesystem-urls-match-filesystem.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: filesystem-urls-match-filesystem={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' filesystem:; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html new file mode 100644 index 00000000000..f88b3e57d37 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html @@ -0,0 +1,4 @@ + +These frames should not be blocked by Content-Security-Policy. It's pointle to block about:blank iframes because blocking a frame just results in displaying about:blank anyway! +<iframe src="about:blank"></iframe> +<object type="text/html" data="about:blank"></object> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html.sub.headers new file mode 100644 index 00000000000..ba1169956a3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-default.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: frame-src-about-blank-allowed-by-default={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: frame-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html new file mode 100644 index 00000000000..2aea6e6dd35 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html @@ -0,0 +1,3 @@ + +This iframe should not be blocked by Content-Security-Policy: +<iframe src="about:blank"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html.sub.headers new file mode 100644 index 00000000000..e23b82a937b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: frame-src-about-blank-allowed-by-scheme={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: frame-src about:; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html new file mode 100644 index 00000000000..a43e4be27c2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html @@ -0,0 +1 @@ +<iframe src="resources/alert-pass.html"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..05247b4024d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: frame-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: frame-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html new file mode 100644 index 00000000000..80427ad5cd7 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html @@ -0,0 +1 @@ +<iframe src="resources/alert-fail.html"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..bd0e6d17f32 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: frame-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: frame-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html new file mode 100644 index 00000000000..3231fa5d979 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html @@ -0,0 +1,67 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>frame-src-cross-origin-load</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS IFrame %231 generated a load event.","PASS IFrame %232 generated a load event.","PASS IFrame %233 generated a load event."]'></script> + <script> + window.addEventListener("message", function(event) { + alert_assert(event.data); + }, false); + + var t_alert = async_test('Expecting alerts: ["PASS","PASS"]'); + var expected_alerts = ["PASS", "PASS"]; + + function alert_assert(msg) { + t_alert.step(function() { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } + + </script> + <!-- enforcing policy: +frame-src 'self' http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script></script> + <script> + window.wasPostTestScriptParsed = true; + console.info("IFrames blocked by CSP should generate a 'load' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS."); + var loads = 0; + + function loadEvent() { + loads++; + log("PASS " + "IFrame #" + loads + " generated a load event."); + if (loads == 3) + log("TEST COMPLETE"); + } + + </script> +</head> + +<body> + <iframe src="resources/postmessage-pass.html" onload="loadEvent()"></iframe> + <iframe src="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/postmessage-pass.html" onload="loadEvent()"></iframe> + <iframe src="http://www2.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/postmessage-fail.html" onload="loadEvent()"></iframe> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=frame-src%20'self'%20http://localhost:8080"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html.sub.headers new file mode 100644 index 00000000000..0970bbebf3a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-cross-origin-load.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: frame-src-cross-origin-load={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: frame-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-redirect-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-redirect-blocked.sub.html new file mode 100644 index 00000000000..a8d4af4a569 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-redirect-blocked.sub.html @@ -0,0 +1 @@ +<iframe src="/common/redirect.py?location=http://{{host}}:{{ports[http][0]}}/security/contentSecurityPolicy/resources/alert-fail.html"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-redirect-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-redirect-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..43a16c21826 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/frame-src-redirect-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: frame-src-redirect-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: frame-src 127.0.0.1:8000; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html new file mode 100644 index 00000000000..92cd088c52f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>function-constructor-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; +--> +</head> + +<body> + <script> + (new Function("alert_assert('PASS')"))(); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..dd80ebaccb4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: function-constructor-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html new file mode 100644 index 00000000000..be0c574776e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>function-constructor-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS EvalError"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + try { + (new Function("alert_assert('FAIL')"))(); + } catch (e) { + log("PASS EvalError"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'unsafe-inline'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..eb7da39cb91 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/function-constructor-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: function-constructor-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-allowed.sub.html new file mode 100644 index 00000000000..8bacdd30594 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-allowed.sub.html @@ -0,0 +1,19 @@ +<!DOCTYPE html> +<html> +<script> + {} + + function createLink(rel, src) { + var link = document.createElement('link'); + link.rel = rel; + link.href = src; + document.head.appendChild(link); + } + window.addEventListener('DOMContentLoaded', function() { + createLink('icon', 'http://localhost/foo?q=from_icon'); {} + }); + +</script> +<p>Use callbacks to show that favicons are loaded as allowed by CSP when link tags are dynamically added to the page.</p> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..b7d557b52ed --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: icon-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src http://localhost; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-blocked.sub.html new file mode 100644 index 00000000000..978f25f63d1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-blocked.sub.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<html> +<script> + function createLink(rel, src) { + var link = document.createElement('link'); + link.rel = rel; + link.href = src; + document.head.appendChild(link); + } + window.addEventListener('DOMContentLoaded', function() { + createLink('icon', 'http://localhost/foo?q=from_icon'); {} + }); + +</script> +<p>Use callbacks to show that favicons are not loaded in violation of CSP when link tags are dynamically added to the page.</p> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..c4dc69985ca --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/icon-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: icon-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html new file mode 100644 index 00000000000..f3d1e142415 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html @@ -0,0 +1 @@ +<iframe src="resources/sandboxed-eval.php"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html.sub.headers new file mode 100644 index 00000000000..2cb1c72149c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/iframe-inside-csp.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: iframe-inside-csp={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-allowed.sub.html new file mode 100644 index 00000000000..c087692db9a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-allowed.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>image-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +img-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <img src="../support/pass.png" onload="alert_assert(this.width == 168 ? 'PASS' : 'FAIL')"> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..3b85fc689b2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: image-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-blocked.sub.html new file mode 100644 index 00000000000..e572070ef6e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-blocked.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>image-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +img-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if it doesn't alert FAIL and does alert PASS. + <img src="../support/pass.png" onload='alert_assert("FAIL")' onerror='alert_assert("PASS")'> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..c58bb88bb37 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: image-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html new file mode 100644 index 00000000000..6482654cdf3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>image-full-host-wildcard-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +img-src http://*.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <img src="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/pass.png" onload="alert_assert(this.width == 168 ? 'PASS' : 'FAIL')"> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..0f384f0931d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/image-full-host-wildcard-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: image-full-host-wildcard-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src http://*.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html new file mode 100644 index 00000000000..5594a761551 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>injected-inline-script-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["Pass 1 of 2","Pass 2 of 2"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' http://127.0.0.1:* 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script src="resources/inject-script.js"></script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..80315fb217f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: injected-inline-script-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' http://127.0.0.1:* 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html new file mode 100644 index 00000000000..6e910e5eab2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html @@ -0,0 +1,20 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>injected-inline-script-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- enforcing policy: +script-src 'self'; connect-src 'self'; +--> +</head> + +<body> + <script src="resources/inject-script.js"></script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20http://127.0.0.1:*"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..e90dec673c0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-script-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: injected-inline-script-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html new file mode 100644 index 00000000000..f52289e4964 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>injected-inline-style-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS: 2 stylesheets on the page."]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <div id="test1"> + FAIL 1/2 + </div> + <div id="test2"> + FAIL 2/2 + </div> + <script src="resources/inject-style.js"></script> + <script> + if (document.styleSheets.length === 2) + log("PASS: 2 stylesheets on the page."); + else + document.write("FAIL: " + document.styleSheets.length + " stylesheets on the page (should be 2)."); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..8a48dc2487b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: injected-inline-style-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html new file mode 100644 index 00000000000..1ed46cb6532 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>injected-inline-style-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <div id="test1"> + PASS 1/2 + </div> + <div id="test2"> + PASS 2/2 + </div> + <script src="resources/inject-style.js"></script> + <script> + log(document.styleSheets.length == 0 ? "PASS" : "FAIL"); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..d3f0a5efb85 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/injected-inline-style-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: injected-inline-style-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html new file mode 100644 index 00000000000..31112b1adc5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html @@ -0,0 +1,129 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>inline-style-allowed-while-cloning-objects</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script></script> + <script> + window.onload = function() { + console.info("This test ensures that styles can be set by object.cloneNode()"); + window.nodes = document.getElementById('nodes'); + window.node1 = document.getElementById('node1'); + window.node1.style.background = "yellow"; + window.node1.style.color = "red"; + window.node2 = document.getElementById('node1').cloneNode(true); + window.node2.id = "node2"; + window.node3 = document.getElementById('node3'); + window.node3.style.background = "blue"; + window.node3.style.color = "green"; + window.node4 = document.getElementById('node3').cloneNode(false); + window.node4.id = "node4"; + window.node4.innerHTML = "Node #4"; + nodes.appendChild(node1); + nodes.appendChild(node2); + nodes.appendChild(node3); + nodes.appendChild(node4); + test(function() { + assert_equals(node1.style.background.match(/yellow/)[0], "yellow") + }); + test(function() { + assert_equals(node2.style.background.match(/yellow/)[0], "yellow") + }); + test(function() { + assert_equals(node3.style.background.match(/blue/)[0], "blue") + }); + test(function() { + assert_equals(node4.style.background.match(/blue/)[0], "blue") + }); + test(function() { + assert_equals(node1.style.color, "red") + }); + test(function() { + assert_equals(node2.style.color, "red") + }); + test(function() { + assert_equals(node3.style.color, "green") + }); + test(function() { + assert_equals(node4.style.color, "green") + }); + test(function() { + assert_equals(window.getComputedStyle(node1).background, window.getComputedStyle(node2).background) + }); + test(function() { + assert_equals(window.getComputedStyle(node3).background, window.getComputedStyle(node4).background) + }); + test(function() { + assert_equals(window.getComputedStyle(node1).color, window.getComputedStyle(node2).color) + }); + test(function() { + assert_equals(window.getComputedStyle(node3).color, window.getComputedStyle(node4).color) + }); + window.ops = document.getElementById('ops'); + ops.style.color = 'red'; + window.clonedOps = ops.cloneNode(true); + window.violetOps = document.getElementById('violetOps'); + violetOps.style.background = 'rgb(238, 130, 238)'; + document.getElementsByTagName('body')[0].appendChild(clonedOps); + test(function() { + assert_equals(ops.style.background, "") + }); + console.info("getComputedStyle(clonedOps).background: " + window.getComputedStyle(ops).background); + test(function() { + assert_equals(ops.style.color, "red") + }); + test(function() { + assert_equals(clonedOps.style.background, "") + }); + test(function() { + assert_equals(violetOps.style.background.match(/rgb\(238, 130, 238\)/)[0], "rgb(238, 130, 238)") + }); + test(function() { + assert_equals(window.getComputedStyle(clonedOps).background, window.getComputedStyle(ops).background) + }); + test(function() { + assert_equals(window.getComputedStyle(clonedOps).color, window.getComputedStyle(ops).color) + }); + console.info("getComputedStyle(violetOps).background: " + window.getComputedStyle(violetOps).background); + test(function() { + assert_equals(window.getComputedStyle(ops).background, window.getComputedStyle(violetOps).background) + }); + test(function() { + assert_equals(window.getComputedStyle(clonedOps).background, window.getComputedStyle(violetOps).background) + }); + test(function() { + assert_equals(ops.id, "ops") + }); + test(function() { + assert_equals(ops.id, clonedOps.id) + }); + }; + + </script> +</head> + +<body> + <div id="nodes"> + This is a div (nodes) + <div id="node1"> This is a div. (node 1 or 2)</div> + <div id="node3"> This is a div. (node 3 or 4)</div> + </div> + <div id="ops" style="background: rgb(238, 130, 238)"> + Yet another div. + </div> + <div id="violetOps"> + Yet another div. + </div> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html.sub.headers new file mode 100644 index 00000000000..963fa175175 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed-while-cloning-objects.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: inline-style-allowed-while-cloning-objects={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html new file mode 100644 index 00000000000..bf5ac125d25 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>inline-style-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> + <style> + .target { + background-color: blue; + } + + </style> +</head> + +<body class="target"> + <script> + log(document.styleSheets.length > 0 ? 'PASS' : 'FAIL'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..8ff58f55f2c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: inline-style-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html new file mode 100644 index 00000000000..ab446040a60 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>inline-style-attribute-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body style="background-color: blue;"> + <script> + log(document.body.style.length > 0 ? 'PASS' : 'FAIL'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..7d765e2b698 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: inline-style-attribute-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html new file mode 100644 index 00000000000..90efe9fe7e1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>inline-style-attribute-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body style="background-color: blue;"> + <script> + log(document.body.style.length > 0 ? 'FAIL' : 'PASS'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..0b1ec14c1df --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: inline-style-attribute-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html new file mode 100644 index 00000000000..b002af987d4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html @@ -0,0 +1,28 @@ +<!DOCTYPE html> +<html style="background-color: blue;"> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <meta http-equiv="Content-Security-Policy" content="style-src 'self'"> + <title>inline-style-attribute-on-html</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <p>Even though this page has a CSP policy the blocks inline style, the style attribute on the HTML element still takes effect because it preceeds the meta element. + </p> + <script> + log(document.documentElement.style.length > 0 ? 'PASS' : 'FAIL'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html.sub.headers new file mode 100644 index 00000000000..66bf93faa1c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-attribute-on-html.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: inline-style-attribute-on-html={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html new file mode 100644 index 00000000000..3f7756e4498 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html @@ -0,0 +1,31 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>inline-style-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> + <style> + .target { + background-color: blue; + } + + </style> +</head> + +<body class="target"> + <script> + log(document.styleSheets.length > 0 ? 'FAIL' : 'PASS'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..0b83063268d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/inline-style-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: inline-style-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html new file mode 100644 index 00000000000..fe6d2b1c2c6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html @@ -0,0 +1,9 @@ +<link rel="manifest" href="manifest.test/manifest.json"> +<script> + { + testRunner.getManifestThen(function() { + alert_assert("Pass"); + }); + } + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..3fbdc7337c6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: manifest-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: manifest-src *; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html new file mode 100644 index 00000000000..fe6d2b1c2c6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html @@ -0,0 +1,9 @@ +<link rel="manifest" href="manifest.test/manifest.json"> +<script> + { + testRunner.getManifestThen(function() { + alert_assert("Pass"); + }); + } + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..4d6e5e39564 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/manifest-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: manifest-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: manifest-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-allowed.sub.html new file mode 100644 index 00000000000..4cb4002d978 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-allowed.sub.html @@ -0,0 +1,14 @@ +<video></video> +<script src="../../../media-resources/media-file.js"></script> +<script src="../../../media-resources/video-test.js"></script> +<script> + waitForEvent('loadedmetadata', function() { + alert_assert('PASS'); + endTestLater(); + }); + // Find a supported media file. + var mediaFile = findMediaFile("video", "content/test"); + var mimeType = mimeTypeForFile(mediaFile); + video.src = "http://{{host}}:{{ports[http][0]}}/resources/load-and-stall.cgi?name=../../../media/" + mediaFile + "&mimeType=" + mimeType + "&stallAt=100000"; + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..b0401f7c762 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: media-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: media-src http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-blocked.sub.html new file mode 100644 index 00000000000..57c8d5f650b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-blocked.sub.html @@ -0,0 +1,15 @@ +<video></video> +<script src="../../../media-resources/media-file.js"></script> +<script src="../../../media-resources/video-test.js"></script> +<p>This test passes if it doesn't alert failure.</p> +<script> + waitForEvent('loadedmetadata', function() { + alert_assert('FAIL'); + }); + addEventListener('load', endTestLater, false); + // Find a supported media file. + var mediaFile = findMediaFile("video", "content/test"); + var mimeType = mimeTypeForFile(mediaFile); + video.src = "http://{{host}}:{{ports[http][0]}}/resources/load-and-stall.cgi?name=../../../media/" + mediaFile + "&mimeType=" + mimeType + "&stallAt=100000"; + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..86c56953dbc --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: media-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: media-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-track-block.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-track-block.sub.html new file mode 100644 index 00000000000..c8036ce174c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-track-block.sub.html @@ -0,0 +1,39 @@ +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>media-src-track-block</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +media-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script> + function loaded() { + alert_assert("FAIL"); + } + + function errored() { + alert_assert("PASS"); + } + + function start() { + var track = document.querySelector('track'); + track.track.mode = "hidden"; + track.setAttribute('src', 'resources/track.vtt'); + } + + </script> +</head> + +<body onload="start()"> + <video> + <track kind="captions" onload="loaded()" onerror="errored()"> + </video> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=media-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-track-block.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-track-block.sub.html.sub.headers new file mode 100644 index 00000000000..85c496e74f3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/media-src-track-block.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: media-src-track-block={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: media-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html new file mode 100644 index 00000000000..358b7af1a7e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html @@ -0,0 +1,28 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-in-svg-foreignobject</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <p>This test ensures that objects inside SVG foreignobject elements are beholden to the same policy as the rest of the document. This test passes if there i a CSP violation saying the plugin was blocked.</p> + <svg> + <foreignobject> + <object xmlns="http://www.w3.org/1999/xhtml" data="/plugins/resources/mock-plugin.pl"> + </object> + </foreignobject> + </svg> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html.sub.headers new file mode 100644 index 00000000000..a196a15589e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-in-svg-foreignobject.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-in-svg-foreignobject={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html new file mode 100644 index 00000000000..45635778216 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-applet-archive-codebase</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + var len = navigator.mimeTypes.length; + var allTypes = ""; + var appletMimeType = "application/x-java-applet"; + for (var i = 0; i < len; i++) { + console.log("Found navigator.mimeType " + navigator.mimeTypes[i].type); + allTypes += navigator.mimeTypes[i].type + ';'; + } + if (allTypes.indexOf(appletMimeType) == -1) { + t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); + t_log.phase = t_log.phases.HAS_RESULT; + t_log.done(); + } else { + var s = document.createElement('script'); + s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; + document.body.appendChild(s); + } + + </script> + This test passes if there is a CSP violation saying the plugin was blocked. + <applet code="TestThingie" archive="archive.jar" codebase="/plugins/codebase/" id="appletObject" onload="log('FAIL')" onerror="log('PASS')"></applet> + <div id="log"></div> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html.sub.headers new file mode 100644 index 00000000000..0b71a188bab --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive-codebase.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-applet-archive-codebase={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html new file mode 100644 index 00000000000..06a36ccd24c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-applet-archive</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + var len = navigator.mimeTypes.length; + var allTypes = ""; + var appletMimeType = "application/x-java-applet"; + for (var i = 0; i < len; i++) { + console.log("Found navigator.mimeType " + navigator.mimeTypes[i].type); + allTypes += navigator.mimeTypes[i].type + ';'; + } + if (allTypes.indexOf(appletMimeType) == -1) { + t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); + t_log.phase = t_log.phases.HAS_RESULT; + t_log.done(); + } else { + var s = document.createElement('script'); + s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; + document.body.appendChild(s); + } + + </script> + This test passes if there is a CSP violation saying the plugin was blocked. + <applet code="TestThingie" archive="/plugins/archive.jar" id="appletObject" onload="log('FAIL')" onerror="log('PASS')"></applet> + <div id="log"></div> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html.sub.headers new file mode 100644 index 00000000000..4bd5ec149f6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-archive.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-applet-archive={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html new file mode 100644 index 00000000000..62ab2301463 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-applet-archive-code-codebase</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + var len = navigator.mimeTypes.length; + var allTypes = ""; + var appletMimeType = "application/x-java-applet"; + for (var i = 0; i < len; i++) { + console.log("Found navigator.mimeType " + navigator.mimeTypes[i].type); + allTypes += navigator.mimeTypes[i].type + ';'; + } + if (allTypes.indexOf(appletMimeType) == -1) { + t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); + t_log.phase = t_log.phases.HAS_RESULT; + t_log.done(); + } else { + var s = document.createElement('script'); + s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; + document.body.appendChild(s); + } + + </script> + This test passes if there is a CSP violation saying the plugin was blocked. + <applet code="code.class" codebase="/plugins/codebase/"></applet> + <div id="log"></div> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html.sub.headers new file mode 100644 index 00000000000..1ced1a8e2c0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code-codebase.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-applet-code-codebase={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html new file mode 100644 index 00000000000..9a697b0daf3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-applet-code</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + var len = navigator.mimeTypes.length; + var allTypes = ""; + var appletMimeType = "application/x-java-applet"; + for (var i = 0; i < len; i++) { + console.log("Found navigator.mimeType " + navigator.mimeTypes[i].type); + allTypes += navigator.mimeTypes[i].type + ';'; + } + if (allTypes.indexOf(appletMimeType) == -1) { + t_log.set_status(t_log.NOTRUN, "No Java Plugin, cannot run test."); + t_log.phase = t_log.phases.HAS_RESULT; + t_log.done(); + } else { + var s = document.createElement('script'); + s.src = "../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"; + document.body.appendChild(s); + } + + </script> + This test passes if there is a CSP violation saying the plugin was blocked. + <applet code="/plugins/code.class"></applet> + <div id="log"></div> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html.sub.headers new file mode 100644 index 00000000000..44bd725f817 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-applet-code.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-applet-code={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html new file mode 100644 index 00000000000..2e2bef25d3e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-no-url-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if there isn't a CSP violation saying the plugin was blocked. + <object type="application/x-webkit-test-netscape"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..3746103fe4a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-no-url-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html new file mode 100644 index 00000000000..ad3eebcaeb5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-no-url-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if there is a CSP violation saying the plugin was blocked. + <object type="application/x-webkit-test-netscape"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..dba0ece704a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-no-url-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-no-url-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html new file mode 100644 index 00000000000..ae4bfb71759 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-param-code-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script src="resources/object-src-param.js"></script> +</head> + +<body> + This test passes if there is a CSP violation saying the plugin was blocked. + <script> + appendObjectElement('code'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20http://localhost:8080"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..f7535ffbe93 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-code-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-param-code-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html new file mode 100644 index 00000000000..289c2c8edd3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-param-movie-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script src="resources/object-src-param.js"></script> +</head> + +<body> + This test passes if there is a CSP violation saying the plugin was blocked. + <script> + appendObjectElement('movie'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20http://localhost:8080"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..3f357a63f4b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-movie-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-param-movie-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html new file mode 100644 index 00000000000..9a0d9e0bee4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-param-src-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script src="resources/object-src-param.js"></script> +</head> + +<body> + This test passes if there is a CSP violation saying the plugin was blocked. + <script> + appendObjectElement('src'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20http://localhost:8080"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..c5a76850345 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-param-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html new file mode 100644 index 00000000000..f30550416f8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html @@ -0,0 +1,27 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-param-url-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <script src="resources/object-src-param.js"></script> +</head> + +<body> + This test passes if there is a CSP violation saying the plugin was blocked. + <script> + appendObjectElement('url'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20http://localhost:8080"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..baf227d985a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-param-url-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-param-url-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src http://localhost:8080; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html new file mode 100644 index 00000000000..dace2c417d6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-url-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if there is no CSP violation saying the plugin was blocked. + <object data="/content-security-policy/support/pass.png"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..bce19c1defc --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-url-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html new file mode 100644 index 00000000000..4f12d747b01 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>object-src-url-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + This test passes if there is a CSP violation saying the plugin was blocked. + <object data="/plugins/resources/mock-plugin.pl"></object> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=object-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..1447fd0fce2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/object-src-url-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: object-src-url-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html new file mode 100644 index 00000000000..a43e4be27c2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html @@ -0,0 +1 @@ +<iframe src="resources/alert-pass.html"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html.sub.headers new file mode 100644 index 00000000000..ff37e37ee6f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/policy-does-not-affect-child.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: policy-does-not-affect-child={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html new file mode 100644 index 00000000000..dea8a87a31b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>report-blocked-data-uri</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; report-uri resources/save-report.php?test=report-blocked-data-uri.html; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html.sub.headers new file mode 100644 index 00000000000..8530a1cc4a1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-blocked-data-uri.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-blocked-data-uri={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html new file mode 100644 index 00000000000..ed2cd2a742d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>report-cross-origin-no-cookies</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; report-uri http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID=; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; +--> + <script src="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/set-cookie.js"></script> +</head> + +<body> + <!-- This image will generate a CSP violation report. --> + <img src="resources/abe.png"> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'&noCookies=true"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html.sub.headers new file mode 100644 index 00000000000..5a71229752e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-cross-origin-no-cookies.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-cross-origin-no-cookies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; report-uri http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html new file mode 100644 index 00000000000..cb001a22094 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>report-disallowed-from-meta</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> + <meta http-equiv="Content-Security-Policy" content="img-src 'none'; report-uri /content-security-policy/support/report.py?op=put&reportID=5ada7c32-1c46-4b79-a95f-af33fcf95f8e"> +</head> + +<body> + This image should be blocked, but should not show up in the violation report because meta policies MUST ignore report-uri. + <img src="../resources/abe.png" onerror="alert_assert('PASS')" onload="alert_assert('FAIL')"> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html.sub.headers new file mode 100644 index 00000000000..4c620525a37 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-disallowed-from-meta.sub.html.sub.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-disallowed-from-meta=5ada7c32-1c46-4b79-a95f-af33fcf95f8e; Path=/content-security-policy/blink-contrib
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html new file mode 100644 index 00000000000..e90cb066b06 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html @@ -0,0 +1,24 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>report-cross-origin-no-cookies</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; report-uri http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID=; script-src 'self' 'unsafe-inline' http://www1.{{host}}:{{ports[http][0]}}; connect-src 'self'; +--> + <script src="/content-security-policy/blink-contrib/resources/set-cookie.js"></script> +</head> + +<body> + <!-- This image will generate a CSP violation report. --> + <img src="resources/abe.png"> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'&noCookies=true"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html.sub.headers new file mode 100644 index 00000000000..4655de25482 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-same-origin-with-cookies.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-same-origin-with-cookies={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html new file mode 100644 index 00000000000..cf3f72f1e7d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html @@ -0,0 +1,28 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>report-uri-from-inline-javascript</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; report-uri resources/save-report.php?test=report-uri-from-inline-javascript.html; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script> + // This script block will trigger a violation report. + var i = document.createElement('img'); + i.src = 'resources/abe.png'; + document.body.appendChild(i); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html.sub.headers new file mode 100644 index 00000000000..c37a9ff8d73 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-inline-javascript.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-uri-from-inline-javascript={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html new file mode 100644 index 00000000000..790a75bdad3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>report-uri-from-javascript</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +img-src 'none'; report-uri resources/save-report.php?test=report-uri-from-javascript.html; script-src 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body> + <script src="resources/inject-image.js"></script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=img-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html.sub.headers new file mode 100644 index 00000000000..ed6560118b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-from-javascript.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-uri-from-javascript={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: img-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-scheme-relative.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-scheme-relative.sub.html new file mode 100644 index 00000000000..c6aba864d68 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-scheme-relative.sub.html @@ -0,0 +1,5 @@ +<script> + // This script block will trigger a violation report. + alert_assert('FAIL'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-scheme-relative.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-scheme-relative.sub.html.sub.headers new file mode 100644 index 00000000000..d000f87ec5c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri-scheme-relative.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-uri-scheme-relative={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.php?test=report-uri-scheme-relative.html; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri.sub.html new file mode 100644 index 00000000000..9ffb835f2bf --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri.sub.html @@ -0,0 +1,6 @@ +<script src="resources/report-test.js"></script> +<script> + // This script block will trigger a violation report. + alert_assert('FAIL'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri.sub.html.sub.headers new file mode 100644 index 00000000000..1416ea7f1d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/report-uri.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: report-uri={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self'; report-uri resources/save-report.php?test=report-uri.html; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-fail.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-fail.html new file mode 100644 index 00000000000..c0fb8173d50 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-fail.html @@ -0,0 +1,4 @@ +<script> + alert('FAIL'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-fail.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-fail.js new file mode 100644 index 00000000000..40d2127b559 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-fail.js @@ -0,0 +1 @@ +alert_assert('FAIL'); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-pass.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-pass.html new file mode 100644 index 00000000000..50e753d0d32 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-pass.html @@ -0,0 +1,4 @@ +<script> + alert('PASS'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-pass.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-pass.js new file mode 100644 index 00000000000..ec2f0076d57 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/alert-pass.js @@ -0,0 +1 @@ +alert_assert('PASS'); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/blue.css b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/blue.css new file mode 100644 index 00000000000..54aeecc12f5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/blue.css @@ -0,0 +1,3 @@ +.target { + background-color: blue; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/child-src-test.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/child-src-test.js new file mode 100644 index 00000000000..fd09f153716 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/child-src-test.js @@ -0,0 +1,66 @@ +var EXPECT_BLOCK = true; +var EXPECT_LOAD = false; + +window.jsTestIsAsync = true; +window.wasPostTestScriptParsed = true; + +var iframe; + +function injectFrame(url, shouldBlock) { + window.onload = function() { + iframe = document.createElement('iframe'); + iframe.onload = iframeLoaded(shouldBlock); + iframe.src = url; + document.body.appendChild(iframe); + }; +} + +function iframeLoaded(expectBlock) { + return function(ev) { + var failed = true; + try { + console.log("IFrame load event fired: the IFrame's location is '" + ev.target.contentWindow.location.href + "'."); + if (expectBlock) { + testFailed("The IFrame should have been blocked (or cross-origin). It wasn't."); + failed = true; + } else { + testPassed("The IFrame should not have been blocked. It wasn't."); + failed = false; + } + } catch (ex) { + debug("IFrame load event fired: the IFrame is cross-origin (or was blocked)."); + if (expectBlock) { + testPassed("The IFrame should have been blocked (or cross-origin). It was."); + failed = false; + } else { + testFailed("The IFrame should not have been blocked. It was."); + failed = true; + } + } + finishJSTest(); + }; +} + +function injectFrameRedirectingTo(url, shouldBlock) { + injectFrame("/security/contentSecurityPolicy/resources/redir.php?url=" + url, shouldBlock); +} + +function injectWorker(url, expectBlock) { + window.onload = function() { + if (expectBlock == EXPECT_BLOCK) + shouldThrow("var w = new Worker('" + url + "');"); + else + shouldNotThrow("var w = new Worker('" + url + "');"); + finishJSTest(); + }; +} + +function injectSharedWorker(url, expectBlock) { + window.onload = function() { + if (expectBlock == EXPECT_BLOCK) + shouldThrow("var w = new SharedWorker('" + url + "');"); + else + shouldNotThrow("var w = new SharedWorker('" + url + "');"); + finishJSTest(); + }; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/document-write-alert-fail.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/document-write-alert-fail.js new file mode 100644 index 00000000000..5e78ca0dac3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/document-write-alert-fail.js @@ -0,0 +1 @@ +document.write("<script>test(function () { assert_unreached('FAIL inline script from document.write ran') });</script>"); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/dump-as-text.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/dump-as-text.js new file mode 100644 index 00000000000..a229b1fc75c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/dump-as-text.js @@ -0,0 +1,2 @@ +if (window.testRunner) + testRunner.dumpAsText(); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/frame-ancestors-test.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/frame-ancestors-test.js new file mode 100644 index 00000000000..e4b12d4faf7 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/frame-ancestors-test.js @@ -0,0 +1,109 @@ +var SAME_ORIGIN = true; +var CROSS_ORIGIN = false; + +var EXPECT_BLOCK = true; +var EXPECT_LOAD = false; + +var SAMEORIGIN_ORIGIN = "http://127.0.0.1:8000"; +var CROSSORIGIN_ORIGIN = "http://localhost:8080"; + +window.jsTestIsAsync = true; +window.wasPostTestScriptParsed = true; + +if (window.testRunner) + testRunner.dumpChildFramesAsText(); + +window.addEventListener("message", function(e) { + if (window.parent != window) { + window.parent.postMessage(e.data, "*"); + } else { + if (e.data) + testFailed("The inner IFrame failed."); + else + testPassed("The inner IFrame passed."); + + finishJSTest(); + } +}); + +function injectNestedIframe(policy, parent, child, expectation) { + var iframe = document.createElement("iframe"); + + var url = "/security/contentSecurityPolicy/resources/frame-in-frame.pl?" + "policy=" + policy + "&parent=" + parent + "&child=" + child + "&expectation=" + expectation; + url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url; + + iframe.src = url; + document.body.appendChild(iframe); +} + +function injectIFrame(policy, sameOrigin, expectBlock) { + var iframe = document.createElement("iframe"); + iframe.addEventListener("load", iframeLoaded(expectBlock)); + iframe.addEventListener("error", iframeLoaded(expectBlock)); + + var url = "/security/contentSecurityPolicy/resources/frame-ancestors.pl?policy=" + policy; + if (!sameOrigin) + url = CROSSORIGIN_ORIGIN + url; + + iframe.src = url; + document.body.appendChild(iframe); +} + +function iframeLoaded(expectBlock) { + return function(ev) { + var failed = true; + try { + console.log("IFrame load event fired: the IFrame's location is '" + ev.target.contentWindow.location.href + "'."); + if (expectBlock) { + testFailed("The IFrame should have been blocked (or cross-origin). It wasn't."); + failed = true; + } else { + testPassed("The IFrame should not have been blocked. It wasn't."); + failed = false; + } + } catch (ex) { + debug("IFrame load event fired: the IFrame is cross-origin (or was blocked)."); + if (expectBlock) { + testPassed("The IFrame should have been blocked (or cross-origin). It was."); + failed = false; + } else { + testFailed("The IFrame should not have been blocked. It was."); + failed = true; + } + } + if (window.parent != window) + window.parent.postMessage(failed, '*'); + else + finishJSTest(); + }; +} + +function crossOriginFrameShouldBeBlocked(policy) { + window.onload = function() { + injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK); + }; +} + +function crossOriginFrameShouldBeAllowed(policy) { + window.onload = function() { + injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD); + }; +} + +function sameOriginFrameShouldBeBlocked(policy) { + window.onload = function() { + injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK); + }; +} + +function sameOriginFrameShouldBeAllowed(policy) { + window.onload = function() { + injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD); + }; +} + +function testNestedIFrame(policy, parent, child, expectation) { + window.onload = function() { + injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "Allowed" : "Blocked"); + }; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/generate-csp-report.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/generate-csp-report.html new file mode 100644 index 00000000000..887f44f48b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/generate-csp-report.html @@ -0,0 +1,7 @@ +<meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri save-report.php?test=generate-csp-report.html"> +<script> + // This script block will trigger a violation report. + alert('FAIL'); + +</script> +<script src="go-to-echo-report.js"></script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/go-to-echo-report.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/go-to-echo-report.js new file mode 100644 index 00000000000..e220f2a47e3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/go-to-echo-report.js @@ -0,0 +1,12 @@ +if (window.testRunner) { + testRunner.dumpAsText(); + testRunner.waitUntilDone(); +} + +window.onload = function() { + var test = window.location.pathname.replace(/^.+\//, ''); + var match = window.location.search.match(/^\?test=([^&]+)/); + if (match) + test = match[1]; + window.location = "/security/contentSecurityPolicy/resources/echo-report.php?test=" + test; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-image.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-image.js new file mode 100644 index 00000000000..1e1f93b394a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-image.js @@ -0,0 +1,4 @@ +// This script block will trigger a violation report. +var i = document.createElement('img'); +i.src = '/security/resources/abe.png'; +document.body.appendChild(i); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-script.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-script.js new file mode 100644 index 00000000000..f646027f5c4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-script.js @@ -0,0 +1,5 @@ +document.write("<script>alert_assert('Pass 1 of 2');</script>"); + +var s = document.createElement('script'); +s.innerText = "alert_assert('Pass 2 of 2');"; +document.body.appendChild(s); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-style.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-style.js new file mode 100644 index 00000000000..219d8f559c5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/inject-style.js @@ -0,0 +1,5 @@ +document.write("<style>#test1 { display: none; }</style>"); + +var s = document.createElement('style'); +s.innerText = "#test2 { display: none; }"; +document.body.appendChild(s); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/mixed-content-with-csp.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/mixed-content-with-csp.html new file mode 100644 index 00000000000..77f47cf3b1c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/mixed-content-with-csp.html @@ -0,0 +1,2 @@ +<meta http-equiv="Content-Security-Policy" content="default-src 'self'"> This page includes an insecure script that alerts "FAIL", but that script is blocked by CSP. +<script src="http://127.0.0.1:8080/security/contentSecurityPolicy/resources/alert-fail.js"></script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/multiple-iframe-plugin-test.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/multiple-iframe-plugin-test.js new file mode 100644 index 00000000000..0a6f0c5e1be --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/multiple-iframe-plugin-test.js @@ -0,0 +1,54 @@ +if (window.testRunner) { + testRunner.waitUntilDone(); + testRunner.dumpAsText(); + testRunner.dumpChildFramesAsText(); +} + +function testExperimentalPolicy() { + testImpl(true); +} + +function test() { + testImpl(false); +} + +function testImpl(experimental) { + if (tests.length === 0) + return finishTesting(); + var baseURL = "/security/contentSecurityPolicy/"; + var current = tests.shift(); + var iframe = document.createElement("iframe"); + iframe.src = baseURL + "resources/echo-object-data.pl?" + + "experimental=" + (experimental ? "true" : "false") + + "&csp=" + escape(current[1]); + + if (current[0]) + iframe.src += "&log=PASS."; + else + iframe.src += "&log=FAIL."; + + if (current[2]) + iframe.src += "&plugin=" + escape(current[2]); + else { + iframe.src += "&plugin=data:application/x-webkit-test-netscape,logifloaded"; + } + + if (current[3] !== undefined) + iframe.src += "&type=" + escape(current[3]); + else + iframe.src += "&type=application/x-webkit-test-netscape"; + + iframe.onload = function() { + if (window.internals) + internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(iframe); + testImpl(experimental); + }; + document.body.appendChild(iframe); +} + +function finishTesting() { + if (window.testRunner) { + setTimeout("testRunner.notifyDone()", 0); + } + return true; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/multiple-iframe-test.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/multiple-iframe-test.js new file mode 100644 index 00000000000..d5139dcd87a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/multiple-iframe-test.js @@ -0,0 +1,53 @@ +if (window.testRunner) { + testRunner.waitUntilDone(); + testRunner.dumpAsText(); + testRunner.dumpChildFramesAsText(); +} + +function testPreescapedPolicy() { + testImpl(false, true); +} + +function testExperimentalPolicy() { + testImpl(true, false); +} + +function test() { + testImpl(false, false); +} + +function testImpl(experimental, preescapedPolicy) { + if (tests.length === 0) + return finishTesting(); + + var baseURL = "/security/contentSecurityPolicy/"; + var current = tests.shift(); + var iframe = document.createElement("iframe"); + + var policy = current[1]; + if (!preescapedPolicy) + policy = encodeURIComponent(policy); + + var scriptToLoad = baseURL + encodeURIComponent(current[2]); + if (current[2].match(/^data:/) || current[2].match(/^https?:/)) + scriptToLoad = encodeURIComponent(current[2]); + + iframe.src = baseURL + "resources/echo-script-src.pl?" + + "experimental=" + (experimental ? "true" : "false") + + "&should_run=" + encodeURIComponent(current[0]) + + "&csp=" + policy + "&q=" + scriptToLoad; + if (current[3] !== undefined) + iframe.src += "&nonce=" + encodeURIComponent(current[3]); + + iframe.onload = function() { + testImpl(experimental, preescapedPolicy); + }; + document.body.appendChild(iframe); +} + +function finishTesting() { + if (window.testRunner) { + setTimeout("testRunner.notifyDone()", 0); + } + return true; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/object-src-param.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/object-src-param.js new file mode 100644 index 00000000000..ab449327dc9 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/object-src-param.js @@ -0,0 +1,29 @@ +if (window.testRunner) { + testRunner.dumpAsText(); + testRunner.waitUntilDone(); +} + +function appendObjectElement(type) { + window.onload = function() { + var o = document.createElement('object'); + o.setAttribute('type', 'application/x-webkit-test-netscape'); + o.addEventListener('load', function() { + console.log('FAIL: The object should have been blocked.'); + if (window.testRunner) + testRunner.notifyDone(); + }); + o.addEventListener('error', function() { + console.log('PASS: Error occurred, so load was correctly blocked.'); + if (window.testRunner) + testRunner.notifyDone(); + }); + + var p = document.createElement('param'); + p.setAttribute('value', 'http://127.0.0.1:8080/plugins/resources/mock-plugin.pl?' + type); + p.setAttribute('name', type); + + o.appendChild(p); + + document.body.appendChild(o); + }; +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/post-message.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/post-message.js new file mode 100644 index 00000000000..69daa31d2f1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/post-message.js @@ -0,0 +1 @@ +postMessage("importScripts allowed"); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/postmessage-fail.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/postmessage-fail.html new file mode 100644 index 00000000000..a0308ad98b4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/postmessage-fail.html @@ -0,0 +1,4 @@ +<script> + window.parent.postMessage('FAIL', '*'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/postmessage-pass.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/postmessage-pass.html new file mode 100644 index 00000000000..700167b5db8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/postmessage-pass.html @@ -0,0 +1,4 @@ +<script> + window.parent.postMessage('PASS', '*'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/referrer-test.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/referrer-test.js new file mode 100644 index 00000000000..7dafc9f9cf5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/referrer-test.js @@ -0,0 +1,62 @@ +var ReferrerTest = { + NO_REFERRER: "no-referrer", + NO_REFERRER_WHEN_DOWNGRADE: "no-referrer-when-downgrade", + ORIGIN: "origin", + ORIGIN_WHEN_CROSS_ORIGIN: "origin-when-cross-origin", + UNSAFE_URL: "unsafe-url", + + INVALID: "invalid", + EMPTY: "", + + HTTP: "http", + HTTPS: "https", + + bindHandler: function(func) { + window.addEventListener("message", function(e) { + ReferrerTest.referrerResult = undefined; + func(e.data); + finishJSTest(); + }); + }, + + base: function(scheme) { + return scheme == "http" ? "http://127.0.0.1:8000/" : "https://127.0.0.1:8443/"; + }, + + generateFrameURL: function(policy, from, to) { + return ReferrerTest.base(from) + "security/contentSecurityPolicy/resources/referrer-test.php?policy=" + policy + "&to=" + to; + }, + + injectFrame: function(policy, from, to) { + var iframe = document.createElement("iframe"); + iframe.src = ReferrerTest.generateFrameURL(policy, from, to); + document.body.appendChild(iframe); + } +}; + +function expectFullReferrer(policy, from, to) { + ReferrerTest.bindHandler(function(referrer) { + ReferrerTest.referrerResult = referrer; + shouldBeEqualToString("ReferrerTest.referrerResult", ReferrerTest.generateFrameURL(policy, from, to)); + }); + ReferrerTest.injectFrame(policy, from, to); +} + +function expectNoReferrer(policy, from, to) { + ReferrerTest.bindHandler(function(referrer) { + ReferrerTest.referrerResult = referrer; + shouldBeEqualToString("ReferrerTest.referrerResult", ""); + }); + ReferrerTest.injectFrame(policy, from, to); +} + +function expectOriginReferrer(policy, from, to) { + ReferrerTest.bindHandler(function(referrer) { + ReferrerTest.referrerResult = referrer; + shouldBeEqualToString("ReferrerTest.referrerResult", ReferrerTest.base(from)); + }); + ReferrerTest.injectFrame(policy, from, to); +} + +window.wasPostTestScriptParsed = true; +window.jsTestIsAsync = true; diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/reflected-xss-and-xss-protection.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/reflected-xss-and-xss-protection.js new file mode 100644 index 00000000000..a7ba8ebbd0c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/reflected-xss-and-xss-protection.js @@ -0,0 +1,41 @@ +if (window.testRunner) { + testRunner.dumpAsText(); + testRunner.dumpChildFramesAsText(); + testRunner.setXSSAuditorEnabled(true); + testRunner.waitUntilDone(); +} + +function testMixedHeader(csp, xssProtection) { + var params = [ + 'q=<script>alert_assert(String.fromCharCode(0x58,0x53,0x53))<' + '/script>' + ]; + if (csp != 'unset') + params.push('csp=' + csp); + + if (xssProtection == 'allow') + params.push('disable-protection=1'); + if (xssProtection == 'block') + params.push('enable-full-block=1'); + if (xssProtection == 'filter') + params.push('valid-header=2'); + if (xssProtection == 'invalid') + params.push('malformed-header=1'); + + var url = '/security/xssAuditor/resources/echo-intertag.pl?'; + url += params.join('&'); + + document.write('<p>Testing behavior when "reflected-xss" is set to ' + csp + ', and "X-XSS-Protection" is set to ' + xssProtection + '.'); + document.write('<iframe src="' + url + '"></iframe>'); +} + +function frameLoaded() { + var frame = document.querySelector('iframe'); + try { + alert_assert('Loaded ' + frame.contentWindow.location.href + ' into the IFrame.'); + } catch (e) { + alert_assert('Loaded cross-origin frame.'); + } + testRunner.notifyDone(); +} + +window.onload = frameLoaded; diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/script-src.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/script-src.html new file mode 100644 index 00000000000..e7f5a00e746 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/script-src.html @@ -0,0 +1,11 @@ +<!DOCTYPE html> +<html> + +<body> + <div id="result" text="PASS"> + FAIL + </div> + <script src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/script.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/script.js new file mode 100644 index 00000000000..54eaf530c59 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/script.js @@ -0,0 +1,2 @@ +var result = document.getElementById("result"); +result.firstChild.nodeValue = result.attributes.getNamedItem("text").value; diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/securitypolicy-tests-base.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/securitypolicy-tests-base.js new file mode 100644 index 00000000000..f403e52e62a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/securitypolicy-tests-base.js @@ -0,0 +1,18 @@ +if (window.testRunner) + testRunner.dumpAsText(); + +function log(msg) { + var txt = document.createTextNode(msg); + document.querySelector('body').appendChild(txt); + document.querySelector('body').appendChild(document.createElement('br')); +} + +function injectPolicy(policy) { + var meta = document.createElement('meta'); + meta.setAttribute('http-equiv', 'Content-Security-Policy'); + meta.setAttribute('content', policy); + document.head.appendChild(meta); +} + +if (!document.securityPolicy) + log('FAIL document.securityPolicy is not defined.') diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/securitypolicyviolation-test.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/securitypolicyviolation-test.js new file mode 100644 index 00000000000..cd16d94b3e0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/securitypolicyviolation-test.js @@ -0,0 +1,13 @@ +window.jsTestIsAsync = true; + +document.addEventListener('securitypolicyviolation', function handleEvent(e) { + window.e = e; + for (key in expectations) + shouldBe('window.e.' + key, JSON.stringify(expectations[key])); + finishJSTest(); +}); + +window.addEventListener('load', function() { + debug('Kicking off the tests:'); + run(); +}); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/set-cookie.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/set-cookie.js.sub.headers new file mode 100644 index 00000000000..1d5fbba1785 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/set-cookie.js.sub.headers @@ -0,0 +1 @@ +Set-Cookie: report-cookie=true
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.js new file mode 100644 index 00000000000..04e68d61b4f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.js @@ -0,0 +1,10 @@ +onconnect = function(event) { + var port = event.ports[0]; + try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/blue.css", true); + port.postMessage("xhr allowed"); + } catch (e) { + port.postMessage("xhr blocked"); + } +}; diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js new file mode 100644 index 00000000000..04e68d61b4f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js @@ -0,0 +1,10 @@ +onconnect = function(event) { + var port = event.ports[0]; + try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/blue.css", true); + port.postMessage("xhr allowed"); + } catch (e) { + port.postMessage("xhr blocked"); + } +}; diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js.sub.headers new file mode 100644 index 00000000000..ac7368c32ee --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: connect-src 'none'
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr.js new file mode 100644 index 00000000000..04e68d61b4f --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/shared-worker-make-xhr.js @@ -0,0 +1,10 @@ +onconnect = function(event) { + var port = event.ports[0]; + try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/blue.css", true); + port.postMessage("xhr allowed"); + } catch (e) { + port.postMessage("xhr blocked"); + } +}; diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/simple-event-stream b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/simple-event-stream new file mode 100644 index 00000000000..e467657bcb2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/simple-event-stream @@ -0,0 +1 @@ +data: hello diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/simple-event-stream.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/simple-event-stream.headers new file mode 100644 index 00000000000..9bb8badcad4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/simple-event-stream.headers @@ -0,0 +1 @@ +Content-Type: text/event-stream diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/style.xsl b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/style.xsl new file mode 100644 index 00000000000..6d83dfc059b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/style.xsl @@ -0,0 +1,20 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="2.0" + xmlns:xhtml="http://www.w3.org/1999/xhtml" + xmlns="http://www.w3.org/1999/xhtml" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + exclude-result-prefixes="xhtml xsl xs"> +<xsl:output method="xml" version="1.0" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.1//EN" doctype-system="http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" indent="yes"/> +<xsl:template match="@*|node()"> + <xsl:copy> + <xsl:apply-templates select="@*|node()"/> + </xsl:copy> +</xsl:template> +<xsl:template match="xhtml:div"> + <xsl:copy> + Style sheet applied. + <xsl:apply-templates select="@*|node()"/> + </xsl:copy> +</xsl:template> +</xsl:stylesheet> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/track.vtt b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/track.vtt new file mode 100644 index 00000000000..365e9ae150b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/track.vtt @@ -0,0 +1 @@ +Subtitles! diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/transform-to-img.xsl b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/transform-to-img.xsl new file mode 100644 index 00000000000..8d4ccf33487 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/transform-to-img.xsl @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + <xsl:template match="/"> + <html> + <head> + <script> +//<![CDATA[ +if (window.testRunner) + testRunner.dumpAsText(); +//]]> + </script> + </head> + <body> + Here is an image: + <img src="../resources/abe.png"/> + </body> + </html> + </xsl:template> +</xsl:stylesheet> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-eval.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-eval.js new file mode 100644 index 00000000000..9aa87129aee --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-eval.js @@ -0,0 +1,5 @@ +var id = 0; +try { + id = eval("1 + 2 + 3"); +} catch (e) {} +postMessage(id === 0 ? "eval blocked" : "eval allowed"); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-eval.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-eval.js.sub.headers new file mode 100644 index 00000000000..afdcc7c011b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-eval.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'unsafe-inline' diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-function-function.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-function-function.js new file mode 100644 index 00000000000..03d9bf4cbbc --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-function-function.js @@ -0,0 +1,7 @@ +var fn = function() { + postMessage('Function() function blocked'); +} +try { + fn = new Function("", "postMessage('Function() function allowed');"); +} catch (e) {} +fn(); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-function-function.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-function-function.js.sub.headers new file mode 100644 index 00000000000..afdcc7c011b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-function-function.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'unsafe-inline' diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-importscripts.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-importscripts.js new file mode 100644 index 00000000000..ca9f2eca48e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-importscripts.js @@ -0,0 +1,6 @@ +try { + importScripts("/content-security-policy/blink-contrib/resources/post-message.js"); + postMessage("importScripts allowed"); +} catch (e) { + postMessage("importScripts blocked: " + e); +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-importscripts.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-importscripts.js.sub.headers new file mode 100644 index 00000000000..57616b1fc2d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-importscripts.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'none' diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js new file mode 100644 index 00000000000..38e0c53e785 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js @@ -0,0 +1,7 @@ +try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true); + postMessage("xhr allowed"); +} catch (e) { + postMessage("xhr blocked"); +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js.sub.headers new file mode 100644 index 00000000000..ac7368c32ee --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: connect-src 'none'
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr.js new file mode 100644 index 00000000000..38e0c53e785 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-make-xhr.js @@ -0,0 +1,7 @@ +try { + var xhr = new XMLHttpRequest; + xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true); + postMessage("xhr allowed"); +} catch (e) { + postMessage("xhr blocked"); +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js new file mode 100644 index 00000000000..a16827eddfc --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js @@ -0,0 +1,5 @@ +var id = 0; +try { + id = setTimeout("postMessage('handler invoked')", 100); +} catch (e) {} +postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed"); diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js.sub.headers new file mode 100644 index 00000000000..57616b1fc2d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/resources/worker-set-timeout.js.sub.headers @@ -0,0 +1 @@ +Content-Security-Policy: script-src 'none' diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html new file mode 100644 index 00000000000..c755504b160 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html @@ -0,0 +1,3 @@ + +This test passes if it does alert pass. +<iframe src="data:text/html,<script>alert_assert('PASS');</script>"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html.sub.headers new file mode 100644 index 00000000000..4c79457285e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts-subframe.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: sandbox-allow-scripts-subframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: sandbox allow-scripts; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html new file mode 100644 index 00000000000..3bdaa12ea97 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html @@ -0,0 +1,6 @@ + +This test passes if it does alert pass. +<script> + alert_assert('PASS'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html.sub.headers new file mode 100644 index 00000000000..b6df57d1723 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-allow-scripts.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: sandbox-allow-scripts={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: sandbox allow-scripts; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html new file mode 100644 index 00000000000..5ddccfaa30b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html @@ -0,0 +1,3 @@ + +This test passes if it doesn't alert fail. +<iframe src="data:text/html,<script>alert_assert('FAIL');</script>"></iframe> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html.sub.headers new file mode 100644 index 00000000000..5287112d6cb --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty-subframe.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: sandbox-empty-subframe={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: sandbox; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty.sub.html new file mode 100644 index 00000000000..4e04e9875c2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty.sub.html @@ -0,0 +1,6 @@ + +This test passes if it doesn't alert fail. +<script> + alert_assert('FAIL'); + +</script> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty.sub.html.sub.headers new file mode 100644 index 00000000000..f7d31c95942 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/sandbox-empty.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: sandbox-empty={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: sandbox; script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html new file mode 100644 index 00000000000..cf4aab20189 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>script-src-overrides-default-src</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS 1 of 2","PASS 2 of 2"]'></script> + <!-- enforcing policy: +default-src about:; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; +--> +</head> + +<body onload="alert_assert('PASS 2 of 2')"> + <script> + alert_assert('PASS 1 of 2'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html.sub.headers new file mode 100644 index 00000000000..5d3456433f1 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/script-src-overrides-default-src.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: script-src-overrides-default-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: default-src about:; script-src 'self' 'unsafe-inline'; style-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html new file mode 100644 index 00000000000..17ec12b883b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>shared-worker-connect-src-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["xhr allowed"]'></script> + <!-- enforcing policy: +connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; +--> + +</head> + +<body> + <script> + try { + var worker = new SharedWorker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-allowed.js'); + worker.port.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..eefff95c671 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: shared-worker-connect-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' http://www1.{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html new file mode 100644 index 00000000000..d2a8c18c7a2 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>shared-worker-connect-src-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["xhr blocked"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; +--> + +</head> + +<body> + <script> + try { + var worker = new SharedWorker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/shared-worker-make-xhr-blocked.js'); + worker.port.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..6654b121c9d --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/shared-worker-connect-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: shared-worker-connect-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html new file mode 100644 index 00000000000..b60eccb9ba9 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>source-list-parsing-paths-03</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline' example.com/js/; connect-src 'self'; +--> +</head> + +<body> + <p>This test passes if the source expression does not throw an "invalid source" error.</p> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html.sub.headers new file mode 100644 index 00000000000..58e7a22df39 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/source-list-parsing-paths-03.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: source-list-parsing-paths-03={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-inline' example.com/js/; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html new file mode 100644 index 00000000000..50b76688fa3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>srcdoc-doesnt-bypass-script-src</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/alertAssert.sub.js?alerts=%5B%5D"></script> + <!-- enforcing policy: +script-src 'self'; connect-src 'self'; +--> +</head> + +<body> + This test passes if it doesn't alert fail. + <iframe srcdoc="<script>window.parent.alert_assert('FAIL')</script>"></iframe> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=script-src%20'self'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html.sub.headers new file mode 100644 index 00000000000..e2ffd11854b --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: srcdoc-doesnt-bypass-script-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-allowed.sub.html new file mode 100644 index 00000000000..176a8e3eff3 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-allowed.sub.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>style-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> + <link rel="stylesheet" href="resources/blue.css"> +</head> + +<body> + <script> + log(document.styleSheets.length > 0 ? 'PASS' : 'FAIL'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..cdf39454879 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: style-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src *; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-blocked.sub.html new file mode 100644 index 00000000000..847e05b6ac6 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-blocked.sub.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>style-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["PASS"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> + <link rel="stylesheet" href="resources/blue.css"> +</head> + +<body> + <script> + log(document.styleSheets.length > 0 ? 'FAIL' : 'PASS'); + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=style-src%20'none'"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..54c3272a382 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/style-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: style-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: style-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html new file mode 100644 index 00000000000..24c9e9fad20 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-connect-src-allowed</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["xhr allowed"]'></script> + <!-- enforcing policy: +connect-src 'self' http://{{host}}:{{ports[http][0]}}; script-src 'self' 'unsafe-inline'; +--> + +</head> + +<body> + <script> + try { + var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-make-xhr.js'); + worker.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html.sub.headers new file mode 100644 index 00000000000..92ef91f0d8e --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-connect-src-allowed={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html new file mode 100644 index 00000000000..fd05da32888 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-connect-src-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["xhr blocked"]'></script> + <!-- enforcing policy: +connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; +--> + +</head> + +<body> + <script> + try { + var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-make-xhr-blocked.js'); + worker.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..9a7d0e88b59 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-connect-src-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-connect-src-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: connect-src 'self' 'none'; script-src 'self' 'unsafe-inline'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html new file mode 100644 index 00000000000..013f09c3f20 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-eval-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["eval blocked"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'self'; connect-src 'self'; +--> +</head> + +<body> + <script> + try { + var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-eval.js'); + worker.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..8a982d40e69 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-eval-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-eval-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html new file mode 100644 index 00000000000..cd1b92e59a5 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-function-function-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["Function() function blocked"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + try { + var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-function-function.js'); + worker.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..b012518ece4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-function-function-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-function-function-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html new file mode 100644 index 00000000000..d3240e385de --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html @@ -0,0 +1,43 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-importscripts-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script> + <script src="../support/alertAssert.sub.js?alerts=[]"></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 127.0.0.1:8000; connect-src 'self'; +--> + <script></script> +</head> + +<body> + <script> + window.wasPostTestScriptParsed = true; + var result = ''; + try { + var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-importscripts.js'); + worker.onmessage = function(event) { + result = event.data; + test(function() { + assert_equals(result, 'importScripts blocked: NetworkError: Failed to execute \'importScripts\' on \'WorkerGlobalScope\': The script at \'http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/post-message.js\' failed to load.') + }); + log("TEST COMPLETE"); + }; + } catch (e) { + result = e; + test(function() { + assert_equals(result, 'importScripts blocked') + }); + log("TEST COMPLETE"); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..04de51d1400 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-importscripts-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-importscripts-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-script-src.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-script-src.sub.html new file mode 100644 index 00000000000..9c524e715e7 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-script-src.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-script-src</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["PASS"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + try { + var foo = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/post-message.js'); + foo.onmessage = function(event) { + alert_assert("PASS"); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-script-src.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-script-src.sub.html.sub.headers new file mode 100644 index 00000000000..76e5a3ba202 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-script-src.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-script-src={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html new file mode 100644 index 00000000000..119121ca51c --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-set-timeout-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["setTimeout blocked"]'></script> + <!-- enforcing policy: +script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline'; connect-src 'self'; +--> + +</head> + +<body> + <script> + try { + var worker = new Worker('http://{{host}}:{{ports[http][0]}}/content-security-policy/blink-contrib/resources/worker-set-timeout.js'); + worker.onmessage = function(event) { + alert_assert(event.data); + }; + } catch (e) { + alert_assert(e); + } + + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=false"></script> +</body> + +</html> diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html.sub.headers b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html.sub.headers new file mode 100644 index 00000000000..fb6b3d0a254 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/worker-set-timeout-blocked.sub.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: worker-set-timeout-blocked={{$id:uuid()}}; Path=/content-security-policy/blink-contrib +Content-Security-Policy: script-src 'self' 'unsafe-inline' 'self' 'unsafe-eval'; connect-src 'self'; report-uri /content-security-policy/support/report.py?op=put&reportID={{$id}} diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/xsl-blocked-expected.png b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/xsl-blocked-expected.png Binary files differnew file mode 100644 index 00000000000..b5daa8555e8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/xsl-blocked-expected.png diff --git a/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/xsl-unaffected-by-style-src-1-expected.png b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/xsl-unaffected-by-style-src-1-expected.png Binary files differnew file mode 100644 index 00000000000..b5daa8555e8 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/blink-contrib/xsl-unaffected-by-style-src-1-expected.png diff --git a/tests/wpt/web-platform-tests/content-security-policy/support/alert-pass.js b/tests/wpt/web-platform-tests/content-security-policy/support/alert-pass.js new file mode 100644 index 00000000000..d3f811ec1b0 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/support/alert-pass.js @@ -0,0 +1 @@ +alert_assert("PASS");
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/support/alertAssert.sub.js b/tests/wpt/web-platform-tests/content-security-policy/support/alertAssert.sub.js new file mode 100644 index 00000000000..1c1b430e017 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/support/alertAssert.sub.js @@ -0,0 +1,30 @@ +// note, this template substitution is XSS, but no way to avoid it in this framework +var expected_alerts = {{GET[alerts]}}; + +if(expected_alerts.length == 0) { + function alert_assert(msg) { + test(function () { assert_unreached(msg) }); + } +} else { + var t_alert = async_test('Expecting alerts: {{GET[alerts]}}'); + function alert_assert(msg) { + t_alert.step(function () { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_alert.done(); + } + for (var i = 0; i < expected_alerts.length; i++) { + if (expected_alerts[i] == msg) { + assert_true(expected_alerts[i] == msg); + expected_alerts.splice(i, 1); + if (expected_alerts.length == 0) { + t_alert.done(); + } + return; + } + } + assert_unreached('unexpected alert: ' + msg); + t_log.done(); + }); + } +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/support/checkReport.sub.js b/tests/wpt/web-platform-tests/content-security-policy/support/checkReport.sub.js index 023ce471910..571b854b4ab 100644 --- a/tests/wpt/web-platform-tests/content-security-policy/support/checkReport.sub.js +++ b/tests/wpt/web-platform-tests/content-security-policy/support/checkReport.sub.js @@ -12,6 +12,7 @@ var reportField = "{{GET[reportField]}}"; var reportValue = "{{GET[reportValue]}}"; var reportExists = "{{GET[reportExists]}}"; + var noCookies = "{{GET[noCookies]}}"; var location = window.location; var thisTestName = location.pathname.split('/')[location.pathname.split('/').length - 1].split('.')[0]; @@ -45,12 +46,19 @@ if (data.error) { assert_equals("false", reportExists, reportExists ? "Report sent in error" : "No report sent."); } else { + if(reportExists != "" && reportExists == "false" && data["csp-report"]) { + assert_unreached("CSP report sent, but not expecting one: " + JSON.stringify(data["csp-report"])); + } // Firefox expands 'self' or origins in a policy to the actual origin value // so "www.example.com" becomes "http://www.example.com:80". // Accomodate this by just testing that the correct directive name // is reported, not the details... - assert_true(data["csp-report"][reportField].indexOf(reportValue.split(" ")[0]) != -1, reportField + " value of \"" + data["csp-report"][reportField] + "\" did not match " + reportValue.split(" ")[0] + "."); + if(data["csp-report"] != undefined && data["csp-report"][reportField] != undefined) { + assert_true(data["csp-report"][reportField].indexOf(reportValue.split(" ")[0]) != -1, + reportField + " value of \"" + data["csp-report"][reportField] + "\" did not match " + + reportValue.split(" ")[0] + "."); + } } reportTest.done(); @@ -60,4 +68,17 @@ report.send(); }); + if (noCookies) { + var cookieTest = async_test("No cookies sent with report."); + var cookieReport = new XMLHttpRequest(); + cookieReport.onload = cookieTest.step_func(function () { + var data = JSON.parse(cookieReport.responseText); + assert_equals(data.reportCookies, "None"); + cookieTest.done(); + }); + var cReportLocation = location.protocol + "//" + location.host + "/content-security-policy/support/report.py?op=cookies&timeout=" + timeout + "&reportID=" + reportID; + cookieReport.open("GET", cReportLocation, true); + cookieReport.send(); + }; + })(); diff --git a/tests/wpt/web-platform-tests/content-security-policy/support/inject-image.js b/tests/wpt/web-platform-tests/content-security-policy/support/inject-image.js new file mode 100644 index 00000000000..cc5b60079b4 --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/support/inject-image.js @@ -0,0 +1,5 @@ +// This script block will trigger a violation report. +var i = document.createElement('img'); +i.src = '/content-security-policy/support/fail.png'; +document.body.appendChild(i); +log("TEST COMPLETE");
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/content-security-policy/support/logTest.sub.js b/tests/wpt/web-platform-tests/content-security-policy/support/logTest.sub.js new file mode 100644 index 00000000000..25ab221254a --- /dev/null +++ b/tests/wpt/web-platform-tests/content-security-policy/support/logTest.sub.js @@ -0,0 +1,30 @@ +// note, this template substitution is XSS, but no way to avoid it in this framework +var expected_logs = {{GET[logs]}}; + +if (expected_logs.length == 0) { + function log_assert(msg) { + test(function () { assert_unreached(msg) }); + } +} else { + var t_log = async_test('Expecting logs: {{GET[logs]}}'); + function log(msg) { + t_log.step(function () { + if (msg.match(/^FAIL/i)) { + assert_unreached(msg); + t_log.done(); + } + for (var i = 0; i < expected_logs.length; i++) { + if (expected_logs[i] == msg) { + assert_true(expected_logs[i] == msg); + expected_logs.splice(i, 1); + if (expected_logs.length == 0) { + t_log.done(); + } + return; + } + } + assert_unreached('unexpected log: ' + msg); + t_log.done(); + }); + } +} diff --git a/tests/wpt/web-platform-tests/content-security-policy/support/report.py b/tests/wpt/web-platform-tests/content-security-policy/support/report.py index 455d46c6d1d..193315fa07b 100644 --- a/tests/wpt/web-platform-tests/content-security-policy/support/report.py +++ b/tests/wpt/web-platform-tests/content-security-policy/support/report.py @@ -1,5 +1,6 @@ import time import json +import re def main(request, response): op = request.GET.first("op"); @@ -16,6 +17,16 @@ def main(request, response): return [("Content-Type", "application/json")], json.dumps({'error': 'No such report.' , 'guid' : key}) + if op == "cookies": + cval = request.server.stash.take(key=re.sub('^...', 'ccc', key)) + if cval is None: + cval = "\"None\"" + + return [("Content-Type", "application/json")], "{ \"reportCookies\" : " + cval + "}" + + if hasattr(request, 'Cookies'): + request.server.stash.put(key=re.sub('^...', 'ccc', key), value=request.Cookies) + report = request.body report.rstrip() request.server.stash.take(key=key) diff --git a/tests/wpt/web-platform-tests/cors/credentials-flag.htm b/tests/wpt/web-platform-tests/cors/credentials-flag.htm index e631f2bb4ca..e37234e318e 100644 --- a/tests/wpt/web-platform-tests/cors/credentials-flag.htm +++ b/tests/wpt/web-platform-tests/cors/credentials-flag.htm @@ -77,7 +77,6 @@ async_test(function () { client.open("GET", url + id, true) client.withCredentials = false client.onload = this.step_func(function() { - console.log(client.response + '_', client.response) assert_equals(client.response, "NO_COOKIE", "first"); /* Sets the cookie */ diff --git a/tests/wpt/web-platform-tests/cors/remote-origin.htm b/tests/wpt/web-platform-tests/cors/remote-origin.htm index a0a0d74cabf..07267751690 100644 --- a/tests/wpt/web-platform-tests/cors/remote-origin.htm +++ b/tests/wpt/web-platform-tests/cors/remote-origin.htm @@ -49,7 +49,6 @@ function reverseOrigin(expect_pass, origin) else { t.callback = t.step_func(function(e) { - if (e.response) console.log(e.response); assert_equals(e.state, "error"); assert_equals(e.response, ""); this.done(); diff --git a/tests/wpt/web-platform-tests/custom-elements/custom-element-lifecycle/types-of-callbacks/created-callback-invocation-test.html b/tests/wpt/web-platform-tests/custom-elements/custom-element-lifecycle/types-of-callbacks/created-callback-invocation-test.html index 186ec794355..32a68f048f6 100644 --- a/tests/wpt/web-platform-tests/custom-elements/custom-element-lifecycle/types-of-callbacks/created-callback-invocation-test.html +++ b/tests/wpt/web-platform-tests/custom-elements/custom-element-lifecycle/types-of-callbacks/created-callback-invocation-test.html @@ -99,7 +99,7 @@ testInIFrame('../../resources/x-element.html', function(doc) { testInIFrame('../../resources/register-and-create-custom-element.html', function(doc) { - assert_equals(doc.querySelector('#log').innerText, 'Created callback was called', + assert_equals(doc.querySelector('#log').textContent, 'Created callback was called', 'Callback created should be called'); }, 'Test created callback is called after custom element is registered and created. ' + 'Document has browsing context'); diff --git a/tests/wpt/web-platform-tests/custom-elements/resources/register-and-create-custom-element.html b/tests/wpt/web-platform-tests/custom-elements/resources/register-and-create-custom-element.html index c128cbf413c..3aabff24485 100644 --- a/tests/wpt/web-platform-tests/custom-elements/resources/register-and-create-custom-element.html +++ b/tests/wpt/web-platform-tests/custom-elements/resources/register-and-create-custom-element.html @@ -10,7 +10,7 @@ <script> var proto = Object.create(HTMLElement.prototype); proto.createdCallback = function() { - document.querySelector('#log').innerText = 'Created callback was called'; + document.querySelector('#log').textContent = 'Created callback was called'; }; document.registerElement('x-element', {prototype: proto}); </script> diff --git a/tests/wpt/web-platform-tests/docs/css-naming.md b/tests/wpt/web-platform-tests/docs/css-naming.md index 9652b0b9ce1..8fd8c4ccfbe 100644 --- a/tests/wpt/web-platform-tests/docs/css-naming.md +++ b/tests/wpt/web-platform-tests/docs/css-naming.md @@ -3,15 +3,17 @@ but not mandatory, style to use for other tests. ## File Name -The file name format is ```test-topic-###.ext``` where ```test- -topic``` somewhat describes the test and ### is a zero-filled number -used to keep the file names unique. +The file name format is ```test-topic-###.ext``` where `test-topic` +somewhat describes the test, `###` is a zero-filled number used to +keep the file names unique, and `ext` is typically either +`html` or `xht`. -**test-topic** +### test-topic -A short identifier that describes the test. The test-topic should -avoid conjunctions, articles, and prepositions. It is a file name, -not an English phrase: it should be as concise as possible. +`test-topic` is a short identifier that describes the test. The +`test-topic` should avoid conjunctions, articles, and prepositions. +It is a file name, not an English phrase: it should be as concise +as possible. Examples: ``` @@ -20,9 +22,9 @@ Examples: float-clear-###.ext ``` -**###** +### `###` -This is a zero-filled number used to keep the file names unique when +`###` is a zero-filled number used to keep the file names unique when files have the same test-topic name. Note: The number format is limited to 999 cases. If you go over this @@ -59,7 +61,8 @@ If ```bidi-004a``` and ```bidi-004b``` cover all aspects of ```bidi- 004``` (except their interaction), then bidi-004 should be given the combo flag. -**ext** +### ext -The file extension or format of the file, usually ```.xht``` for -test files. +`ext` is the file extension or format of the file. +For XHTML test files, it should be `xht`. +For HTML (non-XML) test files, it should be `html`. diff --git a/tests/wpt/web-platform-tests/docs/lint-tool.md b/tests/wpt/web-platform-tests/docs/lint-tool.md index d4b967d1d3d..56b2b489657 100644 --- a/tests/wpt/web-platform-tests/docs/lint-tool.md +++ b/tests/wpt/web-platform-tests/docs/lint-tool.md @@ -19,6 +19,10 @@ reason shouldn't prevent the test from being merged. In those cases you can [white-list test files](#updating-the-whiteslist) to suppress the errors. Otherwise, use the details in this section to fix all errors reported. +* **CONSOLE**: Test-file line has a `console.*(...)` call; **fix**: remove + the `console.*(...)` call (and in some cases, consider adding an + `assert_*` of some kind in place of it). + * **CR AT EOL**: Test-file line ends with CR (U+000D) character; **fix**: reformat file so each line just has LF (U+000A) line ending (standard, cross-platform "Unix" line endings instead of, e.g., DOS line endings). diff --git a/tests/wpt/web-platform-tests/docs/review-checklist.md b/tests/wpt/web-platform-tests/docs/review-checklist.md index f6d490d3d89..70ffb81bc3c 100644 --- a/tests/wpt/web-platform-tests/docs/review-checklist.md +++ b/tests/wpt/web-platform-tests/docs/review-checklist.md @@ -83,7 +83,7 @@ The test uses `idlharness.js` if it covers the use case. Tests in a single file are separated by one empty line. -## In depth Checklist +## In-depth Checklist <input type="checkbox"> A test does not use self-closing start tag ("/" (U+002F)) when using the @@ -105,6 +105,14 @@ lines). The test does not contain commented-out code. <input type="checkbox"> +The test does not use `console.*` methods for anything. The +[script test][scripttest] harness never relies on `console.*` methods in +any way, and so use of `console.*` methods in tests is usually just the +equivalent of extra `printf`s in production code; i.e., leftover debugging +that isn't actually useful to the next person running the test. It also +introduces useless overhead when running tests in automation. + +<input type="checkbox"> The test is placed in the relevant directory, based on the /TR latest version link if available. @@ -113,8 +121,6 @@ If the test needs code running on the server side, the server code must be written in python, and the python code must be reviewed carefully to ensure it isn't doing anything dangerous. - - [format]: ./test-format-guidelines.html [style]: ./test-style-guidelines.html [reftest]: ./reftests.html diff --git a/tests/wpt/web-platform-tests/docs/test-templates.md b/tests/wpt/web-platform-tests/docs/test-templates.md index e90060858b7..3738ebf13eb 100644 --- a/tests/wpt/web-platform-tests/docs/test-templates.md +++ b/tests/wpt/web-platform-tests/docs/test-templates.md @@ -7,8 +7,7 @@ Each template is given in two forms, one minimal and one including by CSS tests and optional for other tests. Templates for filenames are also given. In this case `{}` is used to -delimit text to be replaced `#` represents a digit and `ext` is a -filename extension. +delimit text to be replaced and `#` represents a digit. ## Reftests @@ -27,7 +26,7 @@ filename extension. </body> ``` -Filename: `{test-topic}-###.ext` +Filename: `{test-topic}-###.html` ### Reftest Including Metadata @@ -48,7 +47,7 @@ Filename: `{test-topic}-###.ext` </body> ``` -Filename: `{test-topic}-###.ext` +Filename: `{test-topic}-###.html` ### Minimal Reftest Reference: @@ -64,7 +63,7 @@ Filename: `{test-topic}-###.ext` </body> ``` -Filename: `{description}.ext` or `{test-topic}-###-ref.ext` +Filename: `{description}.html` or `{test-topic}-###-ref.html` ### Reference Including Metadata @@ -81,7 +80,7 @@ Filename: `{description}.ext` or `{test-topic}-###-ref.ext` </body> ``` -Filename: `{description}.ext` or `{test-topic}-###-ref.ext` +Filename: `{description}.html` or `{test-topic}-###-ref.html` ## testharness.js tests @@ -98,7 +97,7 @@ ${2:Test body} </script> ``` -Filename: `{test-topic}-###.ext` +Filename: `{test-topic}-###.html` ### Script Test With Metadata @@ -117,7 +116,7 @@ ${7:Test body} </script> ``` -Filename: `{test-topic}-###.ext` +Filename: `{test-topic}-###.html` ### Manual Test @@ -133,4 +132,4 @@ ${2:Test body} </script> ``` -Filename: `{test-topic}-###-manual.ext` +Filename: `{test-topic}-###-manual.html` diff --git a/tests/wpt/web-platform-tests/dom/nodes/ChildNode-after.html b/tests/wpt/web-platform-tests/dom/nodes/ChildNode-after.html new file mode 100644 index 00000000000..5c3f7db66ef --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/ChildNode-after.html @@ -0,0 +1,126 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>ChildNode.after</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-childnode-after"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_after(child, nodeName, innerHTML) { + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.after(); + assert_equals(parent.innerHTML, innerHTML); + }, nodeName + '.after() without any argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.after(null); + var expected = innerHTML + 'null'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with null as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.after(undefined); + var expected = innerHTML + 'undefined'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with undefined as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.after(''); + assert_equals(parent.lastChild.data, ''); + }, nodeName + '.after() with the empty string as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.after('text'); + var expected = innerHTML + 'text'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with only text as an argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + child.after(x); + var expected = innerHTML + '<x></x>'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with only one element as an argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + child.after(x, 'text'); + var expected = innerHTML + '<x></x>text'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with one element and text as arguments.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.after('text', child); + var expected = 'text' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with context object itself as the argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + var z = document.createElement('z'); + parent.appendChild(y); + parent.appendChild(child); + parent.appendChild(x); + child.after(x, y, z); + var expected = innerHTML + '<x></x><y></y><z></z>'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with all siblings of child as arguments.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + parent.appendChild(child); + parent.appendChild(x); + parent.appendChild(y); + child.after(y, x); + var expected = innerHTML + '<y></y><x></x>'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() when pre-insert behaves like append.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + parent.appendChild(child); + parent.appendChild(x); + parent.appendChild(document.createTextNode('1')); + parent.appendChild(y); + child.after(x, '2'); + var expected = innerHTML + '<x></x>12<y></y>'; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.after() with one sibling of child and text as arguments.'); + + test(function() { + var x = document.createElement('x'); + var y = document.createElement('y'); + x.after(y); + assert_equals(x.nextSibling, null); + }, nodeName + '.after() on a child without any parent.'); +} + +test_after(document.createComment('test'), 'Comment', '<!--test-->'); +test_after(document.createElement('test'), 'Element', '<test></test>'); +test_after(document.createTextNode('test'), 'Text', 'test'); + +</script> +</html> diff --git a/tests/wpt/web-platform-tests/dom/nodes/ChildNode-before.html b/tests/wpt/web-platform-tests/dom/nodes/ChildNode-before.html new file mode 100644 index 00000000000..3b3266d82db --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/ChildNode-before.html @@ -0,0 +1,126 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>ChildNode.before</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-childnode-before"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_before(child, nodeName, innerHTML) { + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.before(); + assert_equals(parent.innerHTML, innerHTML); + }, nodeName + '.before() without any argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.before(null); + var expected = 'null' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with null as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.before(undefined); + var expected = 'undefined' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with undefined as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.before(''); + assert_equals(parent.firstChild.data, ''); + }, nodeName + '.before() with the empty string as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.before('text'); + var expected = 'text' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with only text as an argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + child.before(x); + var expected = '<x></x>' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with only one element as an argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + child.before(x, 'text'); + var expected = '<x></x>text' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with one element and text as arguments.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.before('text', child); + var expected = 'text' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with context object itself as the argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + var z = document.createElement('z'); + parent.appendChild(y); + parent.appendChild(child); + parent.appendChild(x); + child.before(x, y, z); + var expected = '<x></x><y></y><z></z>' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with all siblings of child as arguments.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + parent.appendChild(x); + parent.appendChild(y); + parent.appendChild(child); + child.before(y, x); + var expected = '<y></y><x></x>' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() when pre-insert behaves like prepend.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(x); + parent.appendChild(document.createTextNode('1')); + var y = document.createElement('y'); + parent.appendChild(y); + parent.appendChild(child); + child.before(x, '2'); + var expected = '1<y></y><x></x>2' + innerHTML; + assert_equals(parent.innerHTML, expected); + }, nodeName + '.before() with one sibling of child and text as arguments.'); + + test(function() { + var x = document.createElement('x'); + var y = document.createElement('y'); + x.before(y); + assert_equals(x.previousSibling, null); + }, nodeName + '.before() on a child without any parent.'); +} + +test_before(document.createComment('test'), 'Comment', '<!--test-->'); +test_before(document.createElement('test'), 'Element', '<test></test>'); +test_before(document.createTextNode('test'), 'Text', 'test'); + +</script> +</html> diff --git a/tests/wpt/web-platform-tests/dom/nodes/ChildNode-replaceWith.html b/tests/wpt/web-platform-tests/dom/nodes/ChildNode-replaceWith.html new file mode 100644 index 00000000000..aab8b17f2a2 --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/ChildNode-replaceWith.html @@ -0,0 +1,110 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>ChildNode.replaceWith</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-childnode-replaceWith"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_replaceWith(child, nodeName, innerHTML) { + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.replaceWith(); + assert_equals(parent.innerHTML, ''); + }, nodeName + '.replaceWith() without any argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.replaceWith(null); + assert_equals(parent.innerHTML, 'null'); + }, nodeName + '.replaceWith() with null as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.replaceWith(undefined); + assert_equals(parent.innerHTML, 'undefined'); + }, nodeName + '.replaceWith() with undefined as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.replaceWith(''); + assert_equals(parent.innerHTML, ''); + }, nodeName + '.replaceWith() with empty string as an argument.'); + + test(function() { + var parent = document.createElement('div'); + parent.appendChild(child); + child.replaceWith('text'); + assert_equals(parent.innerHTML, 'text'); + }, nodeName + '.replaceWith() with only text as an argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + child.replaceWith(x); + assert_equals(parent.innerHTML, '<x></x>'); + }, nodeName + '.replaceWith() with only one element as an argument.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + var z = document.createElement('z'); + parent.appendChild(y); + parent.appendChild(child); + parent.appendChild(x); + child.replaceWith(x, y, z); + assert_equals(parent.innerHTML, '<x></x><y></y><z></z>'); + }, nodeName + '.replaceWith() with sibling of child as arguments.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + parent.appendChild(x); + parent.appendChild(document.createTextNode('1')); + child.replaceWith(x, '2'); + assert_equals(parent.innerHTML, '<x></x>21'); + }, nodeName + '.replaceWith() with one sibling of child and text as arguments.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + parent.appendChild(x); + parent.appendChild(document.createTextNode('text')); + child.replaceWith(x, child); + assert_equals(parent.innerHTML, '<x></x>' + innerHTML + 'text'); + }, nodeName + '.replaceWith() with one sibling of child and child itself as arguments.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + parent.appendChild(child); + child.replaceWith(x, 'text'); + assert_equals(parent.innerHTML, '<x></x>text'); + }, nodeName + '.replaceWith() with one element and text as arguments.'); + + test(function() { + var parent = document.createElement('div'); + var x = document.createElement('x'); + var y = document.createElement('y'); + parent.appendChild(x); + parent.appendChild(y); + child.replaceWith(x, y); + assert_equals(parent.innerHTML, '<x></x><y></y>'); + }, nodeName + '.replaceWith() on a parentless child with two elements as arguments.'); +} + +test_replaceWith(document.createComment('test'), 'Comment', '<!--test-->'); +test_replaceWith(document.createElement('test'), 'Element', '<test></test>'); +test_replaceWith(document.createTextNode('test'), 'Text', 'test'); + +</script> +</html> diff --git a/tests/wpt/web-platform-tests/dom/nodes/ParentNode-append.html b/tests/wpt/web-platform-tests/dom/nodes/ParentNode-append.html new file mode 100644 index 00000000000..dcc398f3f58 --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/ParentNode-append.html @@ -0,0 +1,66 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>ParentNode.append</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-parentnode-append"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_append(node, nodeName) { + + test(function() { + var parent = node.cloneNode(); + parent.append(); + assert_array_equals(parent.childNodes, []); + }, nodeName + '.append() without any argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + parent.append(null); + assert_equals(parent.childNodes[0].textContent, 'null'); + }, nodeName + '.append() with null as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + parent.append(undefined); + assert_equals(parent.childNodes[0].textContent, 'undefined'); + }, nodeName + '.append() with undefined as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + parent.append('text'); + assert_equals(parent.childNodes[0].textContent, 'text'); + }, nodeName + '.append() with only text as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + parent.append(x); + assert_array_equals(parent.childNodes, [x]); + }, nodeName + '.append() with only one element as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + var child = document.createElement('test'); + parent.appendChild(child); + parent.append(null); + assert_equals(parent.childNodes[0], child); + assert_equals(parent.childNodes[1].textContent, 'null'); + }, nodeName + '.append() with null as an argument, on a parent having a child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + var child = document.createElement('test'); + parent.appendChild(child); + parent.append(x, 'text'); + assert_equals(parent.childNodes[0], child); + assert_equals(parent.childNodes[1], x); + assert_equals(parent.childNodes[2].textContent, 'text'); + }, nodeName + '.append() with one element and text as argument, on a parent having a child.'); +} + +test_append(document.createElement('div'), 'Element'); +test_append(document.createDocumentFragment(), 'DocumentFrgment'); +</script> +</html> diff --git a/tests/wpt/web-platform-tests/dom/nodes/ParentNode-prepend.html b/tests/wpt/web-platform-tests/dom/nodes/ParentNode-prepend.html new file mode 100644 index 00000000000..644693ffe6d --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/ParentNode-prepend.html @@ -0,0 +1,66 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>ParentNode.prepend</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-parentnode-prepend"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_prepend(node, nodeName) { + + test(function() { + var parent = node.cloneNode(); + parent.prepend(); + assert_array_equals(parent.childNodes, []); + }, nodeName + '.prepend() without any argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + parent.prepend(null); + assert_equals(parent.childNodes[0].textContent, 'null'); + }, nodeName + '.prepend() with null as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + parent.prepend(undefined); + assert_equals(parent.childNodes[0].textContent, 'undefined'); + }, nodeName + '.prepend() with undefined as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + parent.prepend('text'); + assert_equals(parent.childNodes[0].textContent, 'text'); + }, nodeName + '.prepend() with only text as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + parent.prepend(x); + assert_array_equals(parent.childNodes, [x]); + }, nodeName + '.prepend() with only one element as an argument, on a parent having no child.'); + + test(function() { + var parent = node.cloneNode(); + var child = document.createElement('test'); + parent.appendChild(child); + parent.prepend(null); + assert_equals(parent.childNodes[0].textContent, 'null'); + assert_equals(parent.childNodes[1], child); + }, nodeName + '.prepend() with null as an argument, on a parent having a child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + var child = document.createElement('test'); + parent.appendChild(child); + parent.prepend(x, 'text'); + assert_equals(parent.childNodes[0], x); + assert_equals(parent.childNodes[1].textContent, 'text'); + assert_equals(parent.childNodes[2], child); + }, nodeName + '.prepend() with one element and text as argument, on a parent having a child.'); +} + +test_prepend(document.createElement('div'), 'Element'); +test_prepend(document.createDocumentFragment(), 'DocumentFrgment'); +</script> +</html> diff --git a/tests/wpt/web-platform-tests/dom/nodes/ParentNode-querySelector-All.js b/tests/wpt/web-platform-tests/dom/nodes/ParentNode-querySelector-All.js index 064c1dcc7b2..4c93be2d93a 100644 --- a/tests/wpt/web-platform-tests/dom/nodes/ParentNode-querySelector-All.js +++ b/tests/wpt/web-platform-tests/dom/nodes/ParentNode-querySelector-All.js @@ -160,7 +160,7 @@ function runValidSelectorTest(type, root, selectors, testType, docType) { nodeType = "fragment"; break; default: - console.log("Reached unreachable code path."); + assert_unreached(); nodeType = "unknown"; // This should never happen. } @@ -172,7 +172,6 @@ function runValidSelectorTest(type, root, selectors, testType, docType) { if ((!s["exclude"] || (s["exclude"].indexOf(nodeType) === -1 && s["exclude"].indexOf(docType) === -1)) && (s["testType"] & testType) ) { - //console.log("Running tests " + nodeType + ": " + s["testType"] + "&" + testType + "=" + (s["testType"] & testType) + ": " + JSON.stringify(s)) var foundall, found; test(function() { @@ -199,8 +198,6 @@ function runValidSelectorTest(type, root, selectors, testType, docType) { assert_equals(found, null, "The method should not match anything."); } }, type + ".querySelector: " + n + ": " + q); - } else { - //console.log("Excluding for " + nodeType + ": " + s["testType"] + "&" + testType + "=" + (s["testType"] & testType) + ": " + JSON.stringify(s)) } } } @@ -249,7 +246,7 @@ function getNodeType(node) { case Node.DOCUMENT_FRAGMENT_NODE: return "fragment"; default: - console.log("Reached unreachable code path."); + assert_unreached(); return "unknown"; // This should never happen. } } diff --git a/tests/wpt/web-platform-tests/dom/nodes/append-on-Document.html b/tests/wpt/web-platform-tests/dom/nodes/append-on-Document.html new file mode 100644 index 00000000000..8d9ce2e3ff6 --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/append-on-Document.html @@ -0,0 +1,53 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>DocumentType.append</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-parentnode-append"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_append_on_Document() { + + var node = document.implementation.createDocument(null, null); + test(function() { + var parent = node.cloneNode(); + parent.append(); + assert_array_equals(parent.childNodes, []); + }, 'Document.append() without any argument, on a Document having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + parent.append(x); + assert_array_equals(parent.childNodes, [x]); + }, 'Document.append() with only one element as an argument, on a Document having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + var y = document.createElement('y'); + parent.appendChild(x); + assert_throws('HierarchyRequestError', function() { parent.append(y); }); + assert_array_equals(parent.childNodes, [x]); + }, 'Document.append() with only one element as an argument, on a Document having one child.'); + + test(function() { + var parent = node.cloneNode(); + assert_throws('HierarchyRequestError', function() { parent.append('text'); }); + assert_array_equals(parent.childNodes, []); + }, 'Document.append() with text as an argument, on a Document having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + var y = document.createElement('y'); + assert_throws('HierarchyRequestError', function() { parent.append(x, y); }); + assert_array_equals(parent.childNodes, []); + }, 'Document.append() with two elements as the argument, on a Document having no child.'); + +} + +test_append_on_Document(); + +</script> +</html> diff --git a/tests/wpt/web-platform-tests/dom/nodes/prepend-on-Document.html b/tests/wpt/web-platform-tests/dom/nodes/prepend-on-Document.html new file mode 100644 index 00000000000..ccc56894d0a --- /dev/null +++ b/tests/wpt/web-platform-tests/dom/nodes/prepend-on-Document.html @@ -0,0 +1,53 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<title>DocumentType.prepend</title> +<link rel=help href="https://dom.spec.whatwg.org/#dom-parentnode-prepend"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script> + +function test_prepend_on_Document() { + + var node = document.implementation.createDocument(null, null); + test(function() { + var parent = node.cloneNode(); + parent.prepend(); + assert_array_equals(parent.childNodes, []); + }, 'Document.prepend() without any argument, on a Document having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + parent.prepend(x); + assert_array_equals(parent.childNodes, [x]); + }, 'Document.prepend() with only one element as an argument, on a Document having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + var y = document.createElement('y'); + parent.appendChild(x); + assert_throws('HierarchyRequestError', function() { parent.prepend(y); }); + assert_array_equals(parent.childNodes, [x]); + }, 'Document.append() with only one element as an argument, on a Document having one child.'); + + test(function() { + var parent = node.cloneNode(); + assert_throws('HierarchyRequestError', function() { parent.prepend('text'); }); + assert_array_equals(parent.childNodes, []); + }, 'Document.prepend() with text as an argument, on a Document having no child.'); + + test(function() { + var parent = node.cloneNode(); + var x = document.createElement('x'); + var y = document.createElement('y'); + assert_throws('HierarchyRequestError', function() { parent.prepend(x, y); }); + assert_array_equals(parent.childNodes, []); + }, 'Document.prepend() with two elements as the argument, on a Document having no child.'); + +} + +test_prepend_on_Document(); + +</script> +</html> diff --git a/tests/wpt/web-platform-tests/html-imports/fetching/already-in-import-map.html b/tests/wpt/web-platform-tests/html-imports/fetching/already-in-import-map.html index b721faed98f..7fe9f14510c 100644 --- a/tests/wpt/web-platform-tests/html-imports/fetching/already-in-import-map.html +++ b/tests/wpt/web-platform-tests/html-imports/fetching/already-in-import-map.html @@ -20,7 +20,6 @@ test(function() { }, 'If LOCATION is already in the import map, let IMPORT be the imported document for LOCATION and stop. (1)'); test(function() { - console.log(window.parentOfFirst); assert_true(window.first.import === window.parentOfFirst.import.getElementById('child').import); }, 'If LOCATION is already in the import map, let IMPORT be the imported document for LOCATION and stop. (2)'); </script> diff --git a/tests/wpt/web-platform-tests/html/infrastructure/urls/terminology-0/document-base-url.html b/tests/wpt/web-platform-tests/html/infrastructure/urls/terminology-0/document-base-url.html index 8f37873caea..0af0c313eae 100644 --- a/tests/wpt/web-platform-tests/html/infrastructure/urls/terminology-0/document-base-url.html +++ b/tests/wpt/web-platform-tests/html/infrastructure/urls/terminology-0/document-base-url.html @@ -10,6 +10,14 @@ <body onload="on_load()"> <div id="log"></div> <script> + function assert_resolve_url(doc, base) { + var img = doc.createElement("img"); + img.src = "foo"; + var actual = img.src; + var expected = base + "/foo"; + assert_equals(actual, expected, "img src should resolve correctly"); + } + var t1 = async_test("The document base URL of a document containing one or more base elements with href attributes is the frozen base URL of the first base element in the document that has an href attribute, in tree order."); function on_load() { @@ -17,6 +25,7 @@ var base = document.createElement("base"); base.setAttribute("href", "/foo/bar"); document.head.appendChild(base); + assert_resolve_url(document, location.href.replace(location.pathname, "/foo")); assert_equals(document.baseURI, base.href, "The document base URL should be URL of the first base element that has an href attribute."); }); t1.done(); @@ -25,6 +34,7 @@ async_test(function() { var iframe = document.createElement("iframe"); iframe.onload = this.step_func_done(function () { + assert_resolve_url(iframe.contentDocument, location.href.replace(location.pathname, "/common")); assert_equals(iframe.contentDocument.baseURI, iframe.contentDocument.location.href, "The document base URL should be the document's address."); }); iframe.setAttribute("src", "/common/blank.html"); @@ -34,6 +44,7 @@ async_test(function () { var iframe = document.createElement("iframe"); iframe.onload = this.step_func_done(function () { + assert_resolve_url(iframe.contentDocument, location.href.replace("/document-base-url.html", "")); assert_equals(iframe.contentDocument.baseURI, document.baseURI, "The document base URL should be the creator document's base URL."); }); iframe.setAttribute("src", "about:blank"); @@ -43,6 +54,20 @@ async_test(function () { var iframe = document.createElement("iframe"); iframe.onload = this.step_func_done(function () { + var doc = iframe.contentDocument; + var base = doc.body.appendChild(document.createElement("base")); + base.href = "sub/"; + assert_resolve_url(doc, location.href.replace("/document-base-url.html", "/sub")); + assert_equals(doc.baseURI, document.baseURI); + }); + iframe.setAttribute("src", "about:blank"); + document.body.appendChild(iframe); + }, "about:blank with a base element."); + + async_test(function () { + var iframe = document.createElement("iframe"); + iframe.onload = this.step_func_done(function () { + assert_resolve_url(iframe.contentDocument, location.href.replace("/document-base-url.html", "")); assert_equals(iframe.contentDocument.baseURI, document.baseURI, "The document base URL should be the containing document's base URL."); }); iframe.setAttribute("srcdoc", "<p>foobar</p>"); diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/testcommon.js b/tests/wpt/web-platform-tests/html/resources/common.js index 0f2bfb1e21a..0f2bfb1e21a 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/testcommon.js +++ b/tests/wpt/web-platform-tests/html/resources/common.js diff --git a/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html b/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html new file mode 100644 index 00000000000..37289fea2cb --- /dev/null +++ b/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-canvas-element/toBlob.jpeg.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! This test has been generated by tools/gentest.py. --> +<title>Canvas test: toBlob.jpeg</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/canvas-tests.js"></script> +<link rel="stylesheet" href="/common/canvas-tests.css"> +<body class="show_output"> + +<h1>toBlob.jpeg</h1> +<p class="desc">toBlob with image/jpeg returns a JPEG Blob</p> + + +<p class="output">Actual output:</p> +<canvas id="c" class="output" width="100" height="50"><p class="fallback">FAIL (fallback content)</p></canvas> + +<ul id="d"></ul> +<script> +var t = async_test("toBlob with image/jpeg returns a JPEG Blob"); +_addTest(function(canvas, ctx) { + +canvas.toBlob(function(data){ + _assertSame(data.type, "image/jpeg", "data.type", "\"image/jpeg\""); +}, 'image/jpeg'); + + +}); +</script> + diff --git a/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-canvas-element/toBlob.png.html b/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-canvas-element/toBlob.png.html new file mode 100644 index 00000000000..80bc16c5aa0 --- /dev/null +++ b/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-canvas-element/toBlob.png.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! This test has been generated by tools/gentest.py. --> +<title>Canvas test: toBlob.png</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/canvas-tests.js"></script> +<link rel="stylesheet" href="/common/canvas-tests.css"> +<body class="show_output"> + +<h1>toBlob.png</h1> +<p class="desc">toBlob with image/png returns a PNG Blob</p> + + +<p class="output">Actual output:</p> +<canvas id="c" class="output" width="100" height="50"><p class="fallback">FAIL (fallback content)</p></canvas> + +<ul id="d"></ul> +<script> +var t = async_test("toBlob with image/png returns a PNG Blob"); +_addTest(function(canvas, ctx) { + +canvas.toBlob(function(data){ + _assertSame(data.type, "image/png", "data.type", "\"image/png\""); +}, 'image/png'); + + +}); +</script> + diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/node-document.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/node-document.html index d3903738e27..88d3b22d3e1 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/node-document.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/node-document.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#parsing-xhtml-documents"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/template-child-nodes.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/template-child-nodes.html index a5a644af3ad..14fb680e8d0 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/template-child-nodes.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/template-child-nodes.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#parsing-xhtml-documents"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-serializing-xhtml-documents/outerhtml.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-serializing-xhtml-documents/outerhtml.html index 931c0fc9b40..081cb285ca7 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-serializing-xhtml-documents/outerhtml.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-serializing-xhtml-documents/outerhtml.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#serializing-xhtml-documents"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/template-clone-children.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/template-clone-children.html index 75725573412..e635154697d 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/template-clone-children.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/template-clone-children.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#node-clone-additions"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/templates-copy-document-owner.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/templates-copy-document-owner.html index 9d60e29be6a..dbaf2ed3ae7 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/templates-copy-document-owner.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/templates-copy-document-owner.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#node-clone-additions"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-document-type.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-document-type.html index 5f401892139..c229fbfe746 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-document-type.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-document-type.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#definitions"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-001.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-001.html index 2c8329f31bb..0cf23310b73 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-001.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-001.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#definitions"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-002.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-002.html index 49cfc8d0673..979b33ad689 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-002.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-002.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#definitions"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -21,7 +21,6 @@ testInIFrame(null, function(context) { var div = doc.createElement('div'); div.setAttribute('id', 'div1'); - div.innerText = 'Some text'; template.appendChild(div); diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents.html index a69c9c52dc2..7fcb783d97d 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#definitions"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/innerhtml-on-templates/innerhtml.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/innerhtml-on-templates/innerhtml.html index 7ae9c132591..4c96a9339b4 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/innerhtml-on-templates/innerhtml.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/innerhtml-on-templates/innerhtml.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#innerhtml-on-templates"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/serializing-html-templates/outerhtml.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/serializing-html-templates/outerhtml.html index 992152a7d0f..1ef5f690018 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/serializing-html-templates/outerhtml.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/serializing-html-templates/outerhtml.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#serializing-html-templates"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/content-attribute.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/content-attribute.html index 3541b385b96..58ee1dc0a6a 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/content-attribute.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/content-attribute.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/node-document-changes.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/node-document-changes.html index b44f4e611b1..2ee74270955 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/node-document-changes.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/node-document-changes.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-as-a-descendant.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-as-a-descendant.html index 42ba33e6a07..f540450efc5 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-as-a-descendant.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-as-a-descendant.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content-node-document.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content-node-document.html index 9aa69ce1b1f..064d5fd0028 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content-node-document.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content-node-document.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content.html index fca52730bb8..f64a72fe532 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-content.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-body.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-body.html index c45931cdae3..c3b105540e5 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-body.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-body.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-frameset.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-frameset.html index f3dbd7ebf67..8589f0baebd 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-frameset.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-frameset.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-head.html b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-head.html index 6b025e9abd8..1081fea8220 100644 --- a/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-head.html +++ b/tests/wpt/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-descendant-head.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#template-element"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../testcommon.js'></script> +<script src='/html/resources/common.js'></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/semantics/tabular-data/the-table-element/delete-caption.html b/tests/wpt/web-platform-tests/html/semantics/tabular-data/the-table-element/delete-caption.html new file mode 100644 index 00000000000..6183fa98b89 --- /dev/null +++ b/tests/wpt/web-platform-tests/html/semantics/tabular-data/the-table-element/delete-caption.html @@ -0,0 +1,94 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>deleteCaption()</title> + <link rel="author" title="Ben Boyle" href="mailto:benjamins.boyle@gmail.com"> + <link rel="help" href="https://html.spec.whatwg.org/multipage/#dom-table-deletecaption" /> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> +</head> +<body> + <table id="one-caption"> + <caption>Fixture table caption</caption> + </table> + + <table id="two-captions"> + <caption>Fixture table caption</caption> + <caption>A second caption element</caption> + </table> + + <table id="zero-captions"></table> + + <table id="descendent-caption"> + <tr> + <td> + <table> + <caption>Nested caption</caption> + </table> + </td> + </tr> + </table> + + <script> + // The deleteCaption() method must remove the first caption element child of the table element, if any. + // https://html.spec.whatwgorg/multipage/tables.html#dom-table-deletecaption + test(function() { + var table = document.getElementById('one-caption'); + + table.deleteCaption(); + assert_equals(table.getElementsByTagName('caption').length, 0, 'caption was removed'); + + }, 'deleteCaption() delete only caption on table'); + + test(function() { + var table = document.getElementById('one-caption'); + var result; + + result = table.deleteCaption(); + // does .deleteCaption() have a return value? + assert_equals(result, undefined, '.deleteCaption() returns undefined'); + }, 'deleteCaption() returns undefined'); + + test(function() { + var table = document.getElementById('two-captions'); + + table.deleteCaption(); + assert_equals(table.getElementsByTagName('caption').length, 1, '1 caption (of 2) was removed'); + assert_equals(table.getElementsByTagName('caption')[0].textContent, 'A second caption element', 'The first caption was removed'); + + // removing the only caption + table.deleteCaption(); + assert_equals(table.getElementsByTagName('caption').length, 0, 'last caption was removed'); + }, 'deleteCaption()'); + + test(function() { + var table = document.getElementById('zero-captions'); + // removing a caption when none exists + table.deleteCaption(); + + assert_equals(table.getElementsByTagName('caption').length, 0, 'no exceptions using .deleteCaption() on a table without any captions'); + + }, 'deleteCaption() does not throw any exceptions when called on a table without a caption'); + + test(function() { + var table = document.getElementById( 'descendent-caption' ); + table.deleteCaption(); + + assert_equals(table.getElementsByTagName('caption').length, 1, 'descendent caption was not deleted'); + }, 'deleteCaption() does not delete captions in descendent tables'); + + test(function() { + var table = document.getElementById('zero-captions'); + var caption; + + caption = document.createElementNS('http://www.w3.org/2000/svg', 'caption'); + table.insertBefore(caption, table.firstChild); + assert_equals(table.getElementsByTagName('caption').length, 1, 'SVG:caption is created'); + + table.deleteCaption(); + assert_equals(table.getElementsByTagName('caption').length, 1, 'SVG:caption is not deleted'); + + }, 'deleteCaption() handles captions from different namespaces'); +</script> +</body> +</html> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-a-foster-parent-element.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-a-foster-parent-element.html index 9deed5fd960..dfcaa8a037a 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-a-foster-parent-element.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-a-foster-parent-element.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#foster-parent-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-not-a-foster-parent-element.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-not-a-foster-parent-element.html index 2780edc8f89..9167ba89c40 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-not-a-foster-parent-element.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-foster-parenting/template-is-not-a-foster-parent-element.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#foster-parent-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/generating-of-implied-end-tags.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/generating-of-implied-end-tags.html index 6526b01bbec..56d5036ec3b 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/generating-of-implied-end-tags.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/generating-of-implied-end-tags.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -75,7 +75,7 @@ test(function () { var div = template.content.querySelector('#dv'); assert_not_equals( div, null, 'Template should contain DIV element'); - assert_equals(div.innerText, 'Div content', 'Wrong template content inner text'); + assert_equals(div.textContent, 'Div content', 'Wrong template content inner text'); }, 'Generating of implied end tags. Test some text and DIV element'); @@ -97,13 +97,13 @@ test(function () { assert_not_equals(template.content.querySelector('#dv'), null, 'Template should contain DIV element'); - assert_equals(template.content.querySelector('#dv').innerText, + assert_equals(template.content.querySelector('#dv').textContent, 'Div content', 'Wrong template content inner text'); }, 'Generating of implied end tags. Test wrong end tag'); -testInIFrame('../../resources/template-contents-table-no-end-tag.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-table-no-end-tag.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); @@ -120,7 +120,7 @@ testInIFrame('../../resources/template-contents-table-no-end-tag.html', function }, 'Generating of implied end tags. Test table elements. Loading of HTML document from a file'); -testInIFrame('../../resources/template-contents-div-no-end-tag.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-div-no-end-tag.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); @@ -129,7 +129,7 @@ testInIFrame('../../resources/template-contents-div-no-end-tag.html', function(c var div = template.content.querySelector('div'); assert_not_equals(div, null, 'Template should contain div element'); - assert_equals(div.innerText, 'Hello, template\n ', 'Invalid div contents'); + assert_equals(div.textContent, 'Hello, template\n ', 'Invalid div contents'); }, 'Generating of implied end tags. Test div element. Loading of HTML document from a file'); </script> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-body-token.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-body-token.html index 7985e148d4b..d0881b721ee 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-body-token.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-body-token.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -117,7 +117,7 @@ test(function() { + 'template\'s innerHTML'); -testInIFrame('../../resources/template-contents-body.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-body.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-frameset-token.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-frameset-token.html index 297b4d7e799..79c801d8c4e 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-frameset-token.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-frameset-token.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -112,7 +112,7 @@ test(function() { + 'Test FRAMESET tag inside template tag assigned to another template\'s innerHTML'); -testInIFrame('../../resources/template-contents-frameset.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-frameset.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-head-token.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-head-token.html index 28a499628d6..398e64a264c 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-head-token.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-head-token.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -115,7 +115,7 @@ test(function() { + 'Test HEAD tag inside template tag assigned to another template\'s innerHTML'); -testInIFrame('../../resources/template-contents-head.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-head.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-html-token.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-html-token.html index 80bf61ace90..0af1fe5ae32 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-html-token.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-html-token.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -144,7 +144,7 @@ test(function() { }, 'Ignore HTML token. Test valid element inside and between HTML and BODY elements'); -testInIFrame('../../resources/template-contents-html.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-html.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-body.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-body.html index 80a4b8dcdd1..ca34fa0223e 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-body.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-body.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-html.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-html.html index 7d3f47884eb..b0fc3958da3 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-html.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-html.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -18,7 +18,7 @@ // id attribute should be added to root <html> element // tabindex attribute should not be modified //class attribute should be ignored -testInIFrame('../../resources/html-start-tag.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/html-start-tag.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.body.querySelector('template'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/template-end-tag-without-start-one.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/template-end-tag-without-start-one.html index 0039783d95d..7ec099cf6b3 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/template-end-tag-without-start-one.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/template-end-tag-without-start-one.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-body-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -86,7 +86,7 @@ test(function () { + 'Test valid <template> element, <title> element and </template> tag after them'); -testInIFrame('../../resources/end-template-tag-in-body.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/end-template-tag-in-body.html', function(context) { var doc = context.iframes[0].contentDocument; assert_equals(doc.body.querySelector('template'), null, diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html index 2bc5b72a831..98e701e8d54 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html @@ -7,14 +7,14 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-head-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> <div id="log"></div> <script type="text/javascript"> -testInIFrame('../../resources/frameset-end-tag.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/frameset-end-tag.html', function(context) { var doc = context.iframes[0].contentDocument; var frameset = doc.querySelector('frameset'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/generating-of-implied-end-tags.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/generating-of-implied-end-tags.html index 7fc96301e55..218fea4d6a5 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/generating-of-implied-end-tags.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/generating-of-implied-end-tags.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-head-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -75,7 +75,7 @@ test(function () { var div = template.content.querySelector('#dv'); assert_not_equals( div, null, 'Template should contain DIV element'); - assert_equals(div.innerText, 'Div content', 'Wrong template content inner text'); + assert_equals(div.textContent, 'Div content', 'Wrong template content inner text'); }, 'Generating of implied end tags. Test some text and DIV element'); @@ -97,13 +97,13 @@ test(function () { assert_not_equals(template.content.querySelector('#dv'), null, 'Template should contain DIV element'); - assert_equals(template.content.querySelector('#dv').innerText, + assert_equals(template.content.querySelector('#dv').textContent, 'Div content', 'Wrong template content inner text'); }, 'Generating of implied end tags. Test wrong end tag'); -testInIFrame('../../resources/head-template-contents-table-no-end-tag.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/head-template-contents-table-no-end-tag.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.head.querySelector('template'); @@ -121,7 +121,7 @@ testInIFrame('../../resources/head-template-contents-table-no-end-tag.html', fun }, 'Generating of implied end tags. Test table elements. Load HTML document from file'); -testInIFrame('../../resources/head-template-contents-div-no-end-tag.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/head-template-contents-div-no-end-tag.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.head.querySelector('template'); @@ -130,7 +130,7 @@ testInIFrame('../../resources/head-template-contents-div-no-end-tag.html', funct var div = template.content.querySelector('div'); assert_not_equals(div, null, 'Template should contain div element'); - assert_equals(div.innerText, 'Hello, template\n ', 'Invalid div contents'); + assert_equals(div.textContent, 'Hello, template\n ', 'Invalid div contents'); }, 'Generating of implied end tags. Test div element. Load HTML document from file'); </script> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/template-end-tag-without-start-one.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/template-end-tag-without-start-one.html index b7e6009ab13..a23faec28dd 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/template-end-tag-without-start-one.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/template-end-tag-without-start-one.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-head-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -86,7 +86,7 @@ test(function () { + 'Test valid <template> element, <title> element and </template> tag after them'); -testInIFrame('../../resources/end-template-tag-in-head.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/end-template-tag-in-head.html', function(context) { var doc = context.iframes[0].contentDocument; assert_equals(doc.head.querySelector('template'), null, '</template> must be ignored'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/end-tag-table.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/end-tag-table.html index 76ab5c444ec..cc1dd0b3d62 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/end-tag-table.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/additions-to-the-in-table-insertion-mode/end-tag-table.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#in-table-addition"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/appending-to-a-template/template-child-nodes.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/appending-to-a-template/template-child-nodes.html index 6c68cde500d..2465bbdb841 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/appending-to-a-template/template-child-nodes.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/appending-to-a-template/template-child-nodes.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#appending-to-a-template"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -77,7 +77,7 @@ test(function () { -testInIFrame('../../resources/template-contents.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.querySelector('template'); @@ -91,7 +91,7 @@ testInIFrame('../../resources/template-contents.html', function(context) { + 'Load HTML document from a file'); -testInIFrame('../../resources/template-contents-nested.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-nested.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.querySelector('template'); diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-body-context.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-body-context.html index e510028db8a..266c312638e 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-body-context.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-body-context.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#clearing-the-stack"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-context.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-context.html index 7c6a609ed7e..f3f4b1ef0b8 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-context.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-context.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#clearing-the-stack"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-row-context.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-row-context.html index 7525e0b11c9..91c492f0776 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-row-context.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/clearing-the-stack-back-to-a-given-context/clearing-stack-back-to-a-table-row-context.html @@ -7,7 +7,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#clearing-the-stack"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> diff --git a/tests/wpt/web-platform-tests/html/syntax/parsing/template/creating-an-element-for-the-token/template-owner-document.html b/tests/wpt/web-platform-tests/html/syntax/parsing/template/creating-an-element-for-the-token/template-owner-document.html index c7a65483148..ce435fdc4fc 100644 --- a/tests/wpt/web-platform-tests/html/syntax/parsing/template/creating-an-element-for-the-token/template-owner-document.html +++ b/tests/wpt/web-platform-tests/html/syntax/parsing/template/creating-an-element-for-the-token/template-owner-document.html @@ -8,7 +8,7 @@ <link rel="help" href="http://www.w3.org/TR/2013/WD-html-templates-20130214/#creating-an-element-for-a-token"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<script src='../../testcommon.js'></script> +<script src="/html/resources/common.js"></script> <link rel="stylesheet" href="/resources/testharness.css"> </head> <body> @@ -107,7 +107,7 @@ test(function () { -testInIFrame('../../resources/template-contents.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.querySelector('template'); @@ -122,7 +122,7 @@ testInIFrame('../../resources/template-contents.html', function(context) { -testInIFrame('../../resources/template-contents-nested.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/template-contents-nested.html', function(context) { var doc = context.iframes[0].contentDocument; var template = doc.querySelector('template'); @@ -142,7 +142,7 @@ testInIFrame('../../resources/template-contents-nested.html', function(context) -testInIFrame('../../resources/two-templates.html', function(context) { +testInIFrame('/html/semantics/scripting-1/the-template-element/resources/two-templates.html', function(context) { var doc = context.iframes[0].contentDocument; var template1 = doc.querySelector('#template1'); diff --git a/tests/wpt/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/get-navigatorlanguage-manual.html b/tests/wpt/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/get-navigatorlanguage-manual.html new file mode 100644 index 00000000000..8198df6f0a9 --- /dev/null +++ b/tests/wpt/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/get-navigatorlanguage-manual.html @@ -0,0 +1,16 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>NavigatorLanguage: navigator.language returns the user's preferred language</title> +<link rel="author" title="Intel" href="http://www.intel.com"> +<link rel="help" href="https://html.spec.whatwg.org/multipage/webappapis.html#navigatorlanguage"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<h2>Precondition</h2> +<p>The user agent's preferred language is set as English (en).</p> +<div id="log"></div> +<script> + test(function() { + assert_equals(navigator.language, "en"); + }); +</script> + diff --git a/tests/wpt/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/navigatorlanguage.html b/tests/wpt/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/navigatorlanguage.html new file mode 100644 index 00000000000..72503f7505e --- /dev/null +++ b/tests/wpt/web-platform-tests/html/webappapis/system-state-and-capabilities/the-navigator-object/navigatorlanguage.html @@ -0,0 +1,19 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>NavigatorLanguage: the most preferred language is the one returned by navigator.language</title> +<link rel="author" title="Intel" href="http://www.intel.com"> +<link rel="help" href="https://html.spec.whatwg.org/multipage/webappapis.html#navigatorlanguage"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<div id="log"></div> +<script> + test(function() { + assert_true("language" in navigator); + assert_true("languages" in navigator); + + assert_equals(navigator.languages[0], navigator.language, + "navigator.languages is the most preferred language first"); + + }); +</script> + diff --git a/tests/wpt/web-platform-tests/mediacapture-streams/stream-api/mediastream/mediastream-removetrack.html b/tests/wpt/web-platform-tests/mediacapture-streams/stream-api/mediastream/mediastream-removetrack.html index 7d684cde2c2..13c4554b384 100644 --- a/tests/wpt/web-platform-tests/mediacapture-streams/stream-api/mediastream/mediastream-removetrack.html +++ b/tests/wpt/web-platform-tests/mediacapture-streams/stream-api/mediastream/mediastream-removetrack.html @@ -27,9 +27,7 @@ t.step(function () { } function gotVideo(stream) { - console.log(stream); var video = stream; - console.log(video); video.onremovetrack = function () { assert_unreached("onremovetrack is not triggered when removal of track is triggered by the script itself"); }; diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..0f7b9cdf8f7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..aacf82bea18 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..93a02452cee --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..b21770be3b3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..6f551bef74a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..6f00a97c23c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..dd96415dce3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..0b627378b1a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..c1f35d39a74 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..46251b244b8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..4a502ef111d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..d9761930854 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..69d69d3a73c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..e482ae3500e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..0bc7b32d141 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..412894cc620 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..8c1400c0979 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..bb40013c9c8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..e7a11db559f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..b94f116e47f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..48d4a288667 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..bd00bd6324e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..7f772955e24 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..620ec69295e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..7994c9c9a4f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..968a1961dff --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/http-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..420d1505a8c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..51fb3a591e6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..fc4c0869503 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..6a5650251a4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..7cedf27a751 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..7b61d3cdd26 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..8ff7c5427d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..727c13ac86b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..fd0f5781633 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..97fd7c54678 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..47ce1138658 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..dfe4c0d2b96 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..890c5a068e0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..ef20ab3dd20 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..7947998f3b1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..259edb91093 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..e2ad2c00a11 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..c1fbed161ac --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..ea646752bc6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/form-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..fb7626fcfb8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..e0e31ce25e1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..3732ca0c34b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..cd098fcc6bc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/img-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..98dc8f5b8b0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..2cf47e953ac --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..ff96861c443 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..a590f6a0013 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..90eeccc4346 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..59c4b5b27e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/object-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..fa4e129441e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..cb0c1c27c1c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..964ef1f74c4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..1f63f808b60 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/script-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..a27066a3de4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..19a05ae3f2b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/video-tag/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..7e0fb6d0420 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..7176f33e09a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/worker-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html new file mode 100644 index 00000000000..109dd139400 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/keep-scheme-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html new file mode 100644 index 00000000000..d7725fd0f27 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/allowed/no-opt-in/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Allowed content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of allowed content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Allowed content</h1> + <h2>Test behavior of allowed content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-https + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-https", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..539754e8d07 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3b2e413efec --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..d135154c8f7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..d239302da25 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..b4742c92b8b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..be3c57b5905 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..7d8b398b0a6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..c89b2df2bba --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..919be4b5bd8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..cf64424bece --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..d5bcff9defa --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..29b7c7d6150 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..2563337805f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..a3fb49fdc6f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..fa599d1c9e8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..00d7cd5127a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..6712dfda071 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..d2c14742359 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..bf7ef43097c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..b3d6c9eef0b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..643daa0c202 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..77d1f3e6ff3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..1f2cf69ab3e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..bf8eaef23d9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..76d3dddf51e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..6c227ca5f8c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..18e2fbfc73f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..bf6576a67f6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..91d1a3f1265 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3cacff2de7d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/fetch-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..eb2b540f545 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..c94668ad726 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3f74ebf7bc5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/form-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..a3d5fddcb1c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e8c3c209671 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..8a1708b4e0a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/iframe-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..c5dde9eaa3f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..da5b01e6b1f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..b852778af0c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/link-css-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3045cec23d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e13d6d25b37 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..974e6b771da --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/object-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e45e810791e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..32d1c139e43 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..6dbd29b3e05 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/picture-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..ef2583c98f5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..7e9799a483e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e2341178abf --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/script-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..741ac1d2337 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..f17779c3a86 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..f05454aaa7f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/worker-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..bbeb517dd65 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..272556d9822 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..11edffe12af --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/http-csp/same-host-http/xhr-request/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..a320a2ad190 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..c02e468a94e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..0f4c63bfe92 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..98dd2c36fe2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..956d09f91b0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..6f2a7c1b14e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3a8e8aefc5c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..52f49cc0950 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..68a41936b77 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..065f3322f7f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..21195e63b87 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..9d9ae1a5b11 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..c692dddfda4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..0b74f62647f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3a086d69def --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..45028df06e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..48d69822c97 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..08215b4aecc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..7719e757c7d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..0c9cc94d746 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..5bef9697f3c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..fa08dd71aff --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..073e4c1b261 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..971bbfccd73 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..1f01aade06f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..8eca3a1b2eb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..fd5a0e86605 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..cc5e4864e4b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..7091e351662 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..98d50834796 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..0335c8ecc47 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..f50f0aa5db2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..d61c4c8ad65 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..15dba41092a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..0846e19e785 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..8d3684a05c5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..8327609cb0b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..0d043a69002 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..9d56544f27d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..b536c01465e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..da677d1a301 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..da62f80f75c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..64b05b0fcee --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..fe1c2531791 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..d719df447bd --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/cross-origin-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..f09de3a87c2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..c97f703f5c4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..a83aa353695 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/fetch-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: fetch-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "fetch-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..6c5e403c488 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..20651d5552f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..4a7fc77ae4c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/form-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: form-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "form-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..352f5af16ce --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..37c55c40dfc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..75f0e6f543d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/iframe-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: iframe-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "iframe-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..a9b3c3001bc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..094ea4f0dd4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..efad36e8b4c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/link-css-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-css-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-css-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..0670e6ac299 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..09fc02e5234 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..6ff553e4f3f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/object-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: object-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "object-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..bbf3a5d6c24 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..51d6568f63f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..86771b07327 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/picture-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: picture-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "picture-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..465f68eb4c8 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..546e32f28ee --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..40ab7e08358 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/script-tag/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: script-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "script-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..f21e6a1f205 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..3cee8fc6a31 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..34ce2e6b7c0 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/worker-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: worker-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "worker-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..de05e8f9e74 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/keep-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..be1c31bebdf --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/no-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html new file mode 100644 index 00000000000..ed2d3e2834d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/blockable/no-opt-in/same-host-http/xhr-request/top-level/swap-scheme-redirect/no-opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of blockable content."> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Blockable content</h1> + <h2>Test behavior of blockable content.</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: xhr-request + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "xhr-request", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/common.js b/tests/wpt/web-platform-tests/mixed-content/generic/common.js new file mode 100644 index 00000000000..d500f7ef52a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/common.js @@ -0,0 +1,360 @@ +/** + * @fileoverview Utilities for mixed-content in Web Platform Tests. + * @author burnik@google.com (Kristijan Burnik) + * Disclaimer: Some methods of other authors are annotated in the corresponding + * method's JSDoc. + */ + +/** + * Normalizes the target port for use in a URL. For default ports, this is the + * empty string (omitted port), otherwise it's a colon followed by the port + * number. Ports 80, 443 and an empty string are regarded as default ports. + * @param {number} targetPort The port to use + * @return {string} The port portion for using as part of a URL. + */ +function getNormalizedPort(targetPort) { + return ([80, 443, ""].indexOf(targetPort) >= 0) ? "" : ":" + targetPort; +} + +/** + * Creates a GUID. + * See: https://en.wikipedia.org/wiki/Globally_unique_identifier + * Original author: broofa (http://www.broofa.com/) + * Sourced from: http://stackoverflow.com/a/2117523/4949715 + * @return {string} A pseudo-random GUID. + */ +function guid() { + return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { + var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8); + return v.toString(16); + }); +} + +/** + * Initiates a new XHR via GET. + * @param {string} url The endpoint URL for the XHR. + * @param {string} responseType Optional - how should the response be parsed. + * Default is "json". + * See: https://xhr.spec.whatwg.org/#dom-xmlhttprequest-responsetype + * @return {Promise} A promise wrapping the success and error events. + */ +function xhrRequest(url, responseType) { + return new Promise(function(resolve, reject) { + var xhr = new XMLHttpRequest(); + xhr.open('GET', url, true); + xhr.responseType = responseType || "json"; + + xhr.addEventListener("error", function() { + reject(Error("Network Error")); + }); + + xhr.addEventListener("load", function() { + if (xhr.status != 200) + return reject(Error(xhr.statusText)); + + resolve(xhr.response); + }); + + xhr.send(); + }); +} + +/** + * Sets attributes on a given DOM element. + * @param {DOMElement} element The element on which to set the attributes. + * @param {object} An object with keys (serving as attribute names) and values. + */ +function setAttributes(el, attrs) { + attrs = attrs || {} + for (var attr in attrs) + el.setAttribute(attr, attrs[attr]); +} + + +/** + * Binds to success and error events of an object wrapping them into a promise + * available through {@code element.eventPromise}. The success event + * resolves and error event rejects. + * @param {object} element An object supporting events on which to bind the + * promise. + * @param {string} resolveEventName [="load"] The event name to bind resolve to. + * @param {string} rejectEventName [="error"] The event name to bind reject to. + */ +function bindEvents(element, resolveEventName, rejectEventName) { + element.eventPromise = new Promise(function(resolve, reject) { + element.addEventListener(resolveEventName || "load", resolve); + element.addEventListener(rejectEventName || "error", reject); + }); +} + +/** + * Creates a new DOM element. + * @param {string} tagName The type of the DOM element. + * @param {object} attrs A JSON with attributes to apply to the element. + * @param {DOMElement} parent Optional - an existing DOM element to append to + * If not provided, the returned element will remain orphaned. + * @param {boolean} doBindEvents Optional - Whether to bind to load and error + * events and provide the promise wrapping the events via the element's + * {@code eventPromise} property. Default value evaluates to false. + * @return {DOMElement} The newly created DOM element. + */ +function createElement(tagName, attrs, parent, doBindEvents) { + var element = document.createElement(tagName); + + if (doBindEvents) + bindEvents(element); + + // We set the attributes after binding to events to catch any + // event-triggering attribute changes. E.g. form submission. + setAttributes(element, attrs); + + if (parent) + parent.appendChild(element); + + return element; +} + +function createRequestViaElement(tagName, attrs, parent) { + return createElement(tagName, attrs, parent, true).eventPromise; +} + +/** + * Creates a new empty iframe and appends it to {@code document.body} . + * @param {string} name The name and ID of the new iframe. + * @param {boolean} doBindEvents Whether to bind load and error events. + * @return {DOMElement} The newly created iframe. + */ +function createHelperIframe(name, doBindEvents) { + return createElement("iframe", + {"name": name, "id": name}, + document.body, + doBindEvents); +} + +/** + * Creates a new iframe, binds load and error events, sets the src attribute and + * appends it to {@code document.body} . + * @param {string} url The src for the iframe. + * @return {Promise} The promise for success/error events. + */ +function requestViaIframe(url) { + return createRequestViaElement("iframe", {"src": url}, document.body); +} + +/** + * Creates a new image, binds load and error events, sets the src attribute and + * appends it to {@code document.body} . + * @param {string} url The src for the image. + * @return {Promise} The promise for success/error events. + */ +function requestViaImage(url) { + return createRequestViaElement("img", {"src": url}, document.body); +} + +/** + * Initiates a new XHR GET request to provided URL. + * @param {string} url The endpoint URL for the XHR. + * @return {Promise} The promise for success/error events. + */ +function requestViaXhr(url) { + return xhrRequest(url); +} + +/** + * Initiates a new GET request to provided URL via the Fetch API. + * @param {string} url The endpoint URL for the Fetch. + * @return {Promise} The promise for success/error events. + */ +function requestViaFetch(url) { + return fetch(url); +} + +/** + * Creates a new Worker, binds message and error events wrapping them into. + * {@code worker.eventPromise} and posts an empty string message to start + * the worker. + * @param {string} url The endpoint URL for the worker script. + * @return {Promise} The promise for success/error events. + */ +function requestViaWorker(url) { + var worker = new Worker(url); + bindEvents(worker, "message", "error"); + worker.postMessage(''); + + return worker.eventPromise; +} + +/** + * Sets the href attribute on a navigable DOM element and performs a navigation + * by clicking it. To avoid navigating away from the current execution + * context, a target attribute is set to point to a new helper iframe. + * @param {DOMElement} navigableElement The navigable DOMElement + * @param {string} url The href for the navigable element. + * @return {Promise} The promise for success/error events. + */ +function requestViaNavigable(navigableElement, url) { + var iframe = createHelperIframe(guid(), true); + setAttributes(navigableElement, + {"href": url, + "target": iframe.name}); + navigableElement.click(); + + return iframe.eventPromise; +} + +/** + * Creates a new anchor element, appends it to {@code document.body} and + * performs the navigation. + * @param {string} url The URL to navigate to. + * @return {Promise} The promise for success/error events. + */ +function requestViaAnchor(url) { + var a = createElement("a", {"innerHTML": "Link to resource"}, document.body); + + return requestViaNavigable(a, url); +} + +/** + * Creates a new area element, appends it to {@code document.body} and performs + * the navigation. + * @param {string} url The URL to navigate to. + * @return {Promise} The promise for success/error events. + */ +function requestViaArea(url) { + var area = createElement("area", {}, document.body); + + return requestViaNavigable(area, url); +} + +/** + * Creates a new script element, sets the src to url, and appends it to + * {@code document.body}. + * @param {string} url The src URL. + * @return {Promise} The promise for success/error events. + */ +function requestViaScript(url) { + return createRequestViaElement("script", {"src": url}, document.body); +} + +/** + * Creates a new form element, sets attributes, appends it to + * {@code document.body} and submits the form. + * @param {string} url The URL to submit to. + * @return {Promise} The promise for success/error events. + */ +function requestViaForm(url) { + var iframe = createHelperIframe(guid()); + var form = createElement("form", + {"action": url, + "method": "POST", + "target": iframe.name}, + document.body); + bindEvents(iframe); + form.submit(); + + return iframe.eventPromise; +} + +/** + * Creates a new link element for a stylesheet, binds load and error events, + * sets the href to url and appends it to {@code document.head}. + * @param {string} url The URL for a stylesheet. + * @return {Promise} The promise for success/error events. + */ +function requestViaLinkStylesheet(url) { + return createRequestViaElement("link", + {"rel": "stylesheet", "href": url}, + document.head); +} + +/** + * Creates a new link element for a prefetch, binds load and error events, sets + * the href to url and appends it to {@code document.head}. + * @param {string} url The URL of a resource to prefetch. + * @return {Promise} The promise for success/error events. + */ +function requestViaLinkPrefetch(url) { + // TODO(kristijanburnik): Check if prefetch should support load and error + // events. For now we assume it's not specified. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ + return createRequestViaElement("link", + {"rel": "prefetch", "href": url}, + document.head); +} + +/** + * Creates a new media element with a child source element, binds loadeddata and + * error events, sets attributes and appends to document.body. + * @param {string} type The type of the media element (audio/video/picture). + * @param {object} media_attrs The attributes for the media element. + * @param {object} source_attrs The attributes for the child source element. + * @return {DOMElement} The newly created media element. + */ +function createMediaElement(type, media_attrs, source_attrs) { + var mediaElement = createElement(type, {}); + var sourceElement = createElement("source", {}, mediaElement); + + mediaElement.eventPromise = new Promise(function(resolve, reject) { + mediaElement.addEventListener("loadeddata", resolve); + // Notice that the source element will raise the error. + sourceElement.addEventListener("error", reject); + }); + + setAttributes(mediaElement, media_attrs); + setAttributes(sourceElement, source_attrs); + document.body.appendChild(mediaElement); + + return mediaElement; +} + +/** + * Creates a new video element, binds loadeddata and error events, sets + * attributes and source URL and appends to {@code document.body}. + * @param {string} url The URL of the video. + * @return {Promise} The promise for success/error events. + */ +function requestViaVideo(url) { + return createMediaElement("video", + {}, + {type: "video/mp4", src: url}).eventPromise; +} + +/** + * Creates a new audio element, binds loadeddata and error events, sets + * attributes and source URL and appends to {@code document.body}. + * @param {string} url The URL of the audio. + * @return {Promise} The promise for success/error events. + */ +function requestViaAudio(url) { + return createMediaElement("audio", + {}, + {type: "audio/mpeg", src: url}).eventPromise; +} + +/** + * Creates a new picture element, binds loadeddata and error events, sets + * attributes and source URL and appends to {@code document.body}. Also + * creates new image element appending it to the picture + * @param {string} url The URL of the image for the source and image elements. + * @return {Promise} The promise for success/error events. + */ +function requestViaPicture(url) { + var picture = createMediaElement("picture", {}, {"srcset": url, + "type": "image/png"}); + return createRequestViaElement("img", {"src": url}, picture); +} + +/** + * Creates a new object element, binds load and error events, sets the data to + * url, and appends it to {@code document.body}. + * @param {string} url The data URL. + * @return {Promise} The promise for success/error events. + */ +function requestViaObject(url) { + return createRequestViaElement("object", {"data": url}, document.body); +} + +// SanityChecker does nothing in release mode. See sanity-checker.js for debug +// mode. +function SanityChecker() {} +SanityChecker.prototype.checkScenario = function() {}; diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/expect.py b/tests/wpt/web-platform-tests/mixed-content/generic/expect.py new file mode 100644 index 00000000000..b3c3932478a --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/expect.py @@ -0,0 +1,101 @@ +import json, os, urllib, urlparse + +def redirect(url, response): + response.add_required_headers = False + response.writer.write_status(301) + response.writer.write_header("access-control-allow-origin", "*") + response.writer.write_header("location", url) + response.writer.end_headers() + response.writer.write("") + +def create_redirect_url(request, swap_scheme = False): + parsed = urlparse.urlsplit(request.url) + destination_netloc = parsed.netloc + scheme = parsed.scheme + + if swap_scheme: + scheme = "http" if parsed.scheme == "https" else "https" + hostname = parsed.netloc.split(':')[0] + port = request.server.config["ports"][scheme][0] + destination_netloc = ":".join([hostname, str(port)]) + + # Remove "redirection" from query to avoid redirect loops. + parsed_query = dict(urlparse.parse_qsl(parsed.query)) + assert "redirection" in parsed_query + del parsed_query["redirection"] + + destination_url = urlparse.urlunsplit(urlparse.SplitResult( + scheme = scheme, + netloc = destination_netloc, + path = parsed.path, + query = urllib.urlencode(parsed_query), + fragment = None)) + + return destination_url + +def main(request, response): + if "redirection" in request.GET: + redirection = request.GET["redirection"] + if redirection == "no-redirect": + pass + elif redirection == "keep-scheme-redirect": + redirect(create_redirect_url(request, swap_scheme=False), response) + return + elif redirection == "swap-scheme-redirect": + redirect(create_redirect_url(request, swap_scheme=True), response) + return + else: + raise ValueError ("Invalid redirect type: %s" % redirection) + + content_type = "text/plain" + response_data = "" + + if "action" in request.GET: + action = request.GET["action"] + + if "content_type" in request.GET: + content_type = request.GET["content_type"] + + key = request.GET["key"] + stash = request.server.stash + + if action == "put": + value = request.GET["value"] + stash.take(key=key) + stash.put(key=key, value=value) + response_data = json.dumps({"status": "success", "result": key}) + elif action == "purge": + value = stash.take(key=key) + if content_type == "image/png": + response_data = open(os.path.join(request.doc_root, + "images", + "smiley.png")).read() + elif content_type == "audio/mpeg": + response_data = open(os.path.join(request.doc_root, + "media", + "sound_5.oga")).read() + elif content_type == "video/mp4": + response_data = open(os.path.join(request.doc_root, + "media", + "movie_5.mp4")).read() + elif content_type == "application/javascript": + response_data = open(os.path.join(request.doc_root, + "mixed-content", + "generic", + "worker.js")).read() + else: + response_data = "/* purged */" + elif action == "take": + value = stash.take(key=key) + if value is None: + status = "allowed" + else: + status = "blocked" + response_data = json.dumps({"status": status, "result": value}) + + response.add_required_headers = False + response.writer.write_status(200) + response.writer.write_header("content-type", content_type) + response.writer.write_header("cache-control", "no-cache; must-revalidate") + response.writer.end_headers() + response.writer.write(response_data) diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/mixed-content-test-case.js b/tests/wpt/web-platform-tests/mixed-content/generic/mixed-content-test-case.js new file mode 100644 index 00000000000..df140c9c47b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/mixed-content-test-case.js @@ -0,0 +1,156 @@ +/** + * @fileoverview Test case for mixed-content in Web Platform Tests. + * @author burnik@google.com (Kristijan Burnik) + */ + +/** + * MixedContentTestCase exercises all the tests for checking browser behavior + * when resources regarded as mixed-content are requested. A single run covers + * only a single scenario. + * @param {object} scenario A JSON describing the test arrangement and + * expectation(s). Refer to /mixed-content/spec.src.json for details. + * @param {string} description The test scenario verbose description. + * @param {SanityChecker} sanityChecker Instance of an object used to check the + * running scenario. Useful in debug mode. See ./sanity-checker.js. + * Run {@code ./tools/generate.py -h} for info on test generating modes. + * @return {object} Object wrapping the start method used to run the test. + */ +function MixedContentTestCase(scenario, description, sanityChecker) { + var insecureProtocol = "http"; + var secureProtocol = "https"; + + var sameOriginHost = location.hostname; + var crossOriginHost = "{{domains[www1]}}"; + + // These values can evaluate to either empty strings or a ":port" string. + var insecurePort = getNormalizedPort(parseInt("{{ports[http][0]}}", 10)); + var securePort = getNormalizedPort(parseInt("{{ports[https][0]}}", 10)); + + var resourcePath = "/mixed-content/generic/expect.py"; + + // Map all endpoints to scenario for use in the test. + var endpoint = { + "same-origin": + location.origin + resourcePath, + "same-host-https": + secureProtocol + "://" + sameOriginHost + securePort + resourcePath, + "same-host-http": + insecureProtocol + "://" + sameOriginHost + insecurePort + resourcePath, + "cross-origin-https": + secureProtocol + "://" + crossOriginHost + securePort + resourcePath, + "cross-origin-http": + insecureProtocol + "://" + crossOriginHost + insecurePort + resourcePath + }; + + // Mapping all the resource requesting methods to the scenario. + var resourceMap = { + "a-tag": requestViaAnchor, + "area-tag": requestViaArea, + "fetch-request": requestViaFetch, + "form-tag": requestViaForm, + "iframe-tag": requestViaIframe, + "img-tag": requestViaImage, + "script-tag": requestViaScript, + "worker-request": requestViaWorker, + "xhr-request": requestViaXhr, + "audio-tag": requestViaAudio, + "video-tag": requestViaVideo, + "picture-tag": requestViaPicture, + "object-tag": requestViaObject, + "link-css-tag": requestViaLinkStylesheet, + "link-prefetch-tag": requestViaLinkPrefetch + }; + + sanityChecker.checkScenario(scenario, resourceMap); + + // Mapping all expected MIME types to the scenario. + var contentType = { + "a-tag": "text/html", + "area-tag": "text/html", + "fetch-request": "application/json", + "form-tag": "text/html", + "iframe-tag": "text/html", + "img-tag": "image/png", + "script-tag": "text/javascript", + "worker-request": "application/javascript", + "xhr-request": "application/json", + "audio-tag": "audio/mpeg", + "video-tag": "video/mp4", + "picture-tag": "image/png", + "object-tag": "text/html", + "link-css-tag": "text/css", + "link-prefetch-tag": "text/html" + }; + + var mixed_content_test = async_test(description); + + function runTest() { + var testCompleted = false; + + // Due to missing implementations, tests time out, so we fail them early. + // TODO(kristijanburnik): Once WPT rolled in: + // https://github.com/w3c/testharness.js/pull/127 + // Refactor to make use of step_timeout. + setTimeout(function() { + mixed_content_test.step(function() { + assert_true(testCompleted, "Expected test to complete."); + mixed_content_test.done(); + }) + }, 1000); + + var key = guid(); + var value = guid(); + var announceResourceRequestUrl = endpoint['same-origin'] + + "?action=put&key=" + key + + "&value=" + value; + var assertResourceRequestUrl = endpoint['same-origin'] + + "?action=take&key=" + key; + var resourceRequestUrl = endpoint[scenario.origin] + "?redirection=" + + scenario.redirection + "&action=purge&key=" + + key + "&content_type=" + + contentType[scenario.subresource]; + + xhrRequest(announceResourceRequestUrl) + .then(function(response) { + // Send out the real resource request. + // This should tear down the key if it's not blocked. + return resourceMap[scenario.subresource](resourceRequestUrl); + }) + .then(function() { + mixed_content_test.step(function() { + assert_equals("allowed", scenario.expectation, + "The triggered event should match '" + + scenario.expectation + "'."); + }, "Check if success event was triggered."); + + // Send request to check if the key has been torn down. + return xhrRequest(assertResourceRequestUrl); + }, function(error) { + mixed_content_test.step(function() { + assert_equals("blocked", scenario.expectation, + "The triggered event should match '" + + scenario.expectation + "'."); + // TODO(kristijanburnik): param "error" can be an event or error. + // Map assertion by resource. + // e.g.: assert_equals(e.type, "error"); + }, "Check if error event was triggered."); + + // When requestResource fails, we also check the key state. + return xhrRequest(assertResourceRequestUrl); + }) + .then(function(response) { + // Now check if the value has been torn down. If it's still there, + // we have blocked the request to mixed-content. + mixed_content_test.step(function() { + assert_equals(response.status, scenario.expectation, + "The resource request should be '" + scenario.expectation + + "'."); + }, "Check if request was sent."); + mixed_content_test.done(); + testCompleted = true; + }); + + } // runTest + + return {start: runTest}; +} // MixedContentTestCase diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/sanity-checker.js b/tests/wpt/web-platform-tests/mixed-content/generic/sanity-checker.js new file mode 100644 index 00000000000..c711e0ee236 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/sanity-checker.js @@ -0,0 +1,38 @@ +// The SanityChecker is used in debug mode to identify problems with the +// structure of the testsuite. In release mode it is mocked out to do nothing. + +function SanityChecker() {} + +SanityChecker.prototype.checkScenario = function(scenario, resourceInvoker) { + // Check if scenario is valid. + test(function() { + var expectedFields = SPEC_JSON["test_expansion_schema"]; + + for (var field in expectedFields) { + if (field == "expansion") + continue + + assert_own_property(scenario, field, + "The scenario should contain field '" + field + "'.") + + var expectedFieldList = expectedFields[field]; + if (!expectedFieldList.hasOwnProperty('length')) { + var expectedFieldList = []; + for (var key in expectedFields[field]) { + expectedFieldList = expectedFieldList.concat(expectedFields[field][key]) + } + } + assert_in_array(scenario[field], expectedFieldList, + "Scenario's " + field + " is one of: " + + expectedFieldList.join(", ")) + "." + } + + // Check if the protocol is matched. + assert_equals(scenario["source_scheme"] + ":", location.protocol, + "Protocol of the test page should match the scenario.") + + assert_own_property(resourceInvoker, scenario.subresource, + "Subresource should be supported"); + + }, "[MixedContentTestCase] The test scenario should be valid."); +} diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/template/disclaimer.template b/tests/wpt/web-platform-tests/mixed-content/generic/template/disclaimer.template new file mode 100644 index 00000000000..66c43ed6f21 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/template/disclaimer.template @@ -0,0 +1 @@ +<!-- DO NOT EDIT! Generated by %(generating_script_filename)s using %(html_template_filename)s. --> diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/template/spec_json.js.template b/tests/wpt/web-platform-tests/mixed-content/generic/template/spec_json.js.template new file mode 100644 index 00000000000..e4cbd034259 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/template/spec_json.js.template @@ -0,0 +1 @@ +var SPEC_JSON = %(spec_json)s; diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/template/test.debug.html.template b/tests/wpt/web-platform-tests/mixed-content/generic/template/test.debug.html.template new file mode 100644 index 00000000000..013bb625027 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/template/test.debug.html.template @@ -0,0 +1,31 @@ +<!DOCTYPE html> +%(generated_disclaimer)s +<html> + <head> + <title>Mixed-Content: %(spec_title)s</title> + <meta charset='utf-8'> + <meta name="description" content="%(spec_description)s"> + <meta name="assert" content="%(test_description)s">%(meta_opt_in)s + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>%(spec_title)s</h1> + <h2>%(spec_description)s</h2> + <pre>%(test_description)s</pre> + + <p>See <a href="%(spec_specification_url)s" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script>%(test_js)s</script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/template/test.js.template b/tests/wpt/web-platform-tests/mixed-content/generic/template/test.js.template new file mode 100644 index 00000000000..b8c0769fcfd --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/template/test.js.template @@ -0,0 +1,13 @@ +MixedContentTestCase( + { + "opt_in_method": "%(opt_in_method)s", + "origin": "%(origin)s", + "source_scheme": "%(source_scheme)s", + "context_nesting": "%(context_nesting)s", + "redirection": "%(redirection)s", + "subresource": "%(subresource)s", + "expectation": "%(expectation)s" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() +).start(); diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/template/test.release.html.template b/tests/wpt/web-platform-tests/mixed-content/generic/template/test.release.html.template new file mode 100644 index 00000000000..45473ad5ff1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/template/test.release.html.template @@ -0,0 +1,20 @@ +<!DOCTYPE html> +%(generated_disclaimer)s +<html> + <head> + <title>Mixed-Content: %(spec_title)s</title> + <meta charset='utf-8'> + <meta name="description" content="%(spec_description)s"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="%(spec_specification_url)s"> + <meta name="assert" content="%(test_description)s"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/mixed-content/generic/common.js"></script> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <script>%(test_js)s</script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/template/test_description.template b/tests/wpt/web-platform-tests/mixed-content/generic/template/test_description.template new file mode 100644 index 00000000000..33dbcaa05dd --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/template/test_description.template @@ -0,0 +1,7 @@ +opt_in_method: %(opt_in_method)s +origin: %(origin)s +source_scheme: %(source_scheme)s +context_nesting: %(context_nesting)s +redirection: %(redirection)s +subresource: %(subresource)s +expectation: %(expectation)s diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/tools/__init__.py b/tests/wpt/web-platform-tests/mixed-content/generic/tools/__init__.py new file mode 100644 index 00000000000..e69de29bb2d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/tools/__init__.py diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/tools/clean.py b/tests/wpt/web-platform-tests/mixed-content/generic/tools/clean.py new file mode 100755 index 00000000000..9416f0b5bd9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/tools/clean.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python + +import os, json +from common_paths import * +import spec_validator + +def rmtree(top): + top = os.path.abspath(top) + assert top != os.path.expanduser("~") + assert len(top) > len(os.path.expanduser("~")) + assert "web-platform-tests" in top + assert "mixed-content" in top + + for root, dirs, files in os.walk(top, topdown=False): + for name in files: + os.remove(os.path.join(root, name)) + for name in dirs: + os.rmdir(os.path.join(root, name)) + + os.rmdir(top) + +def main(): + spec_json = load_spec_json(); + spec_validator.assert_valid_spec_json(spec_json) + + for spec in spec_json['specification']: + generated_dir = os.path.join(spec_directory, spec["name"]) + if (os.path.isdir(generated_dir)): + rmtree(generated_dir) + + if (os.path.isfile(generated_spec_json_filename)): + os.remove(generated_spec_json_filename) + +if __name__ == '__main__': + main() diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/tools/common_paths.py b/tests/wpt/web-platform-tests/mixed-content/generic/tools/common_paths.py new file mode 100644 index 00000000000..19457475e52 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/tools/common_paths.py @@ -0,0 +1,58 @@ +import os, sys, json, re + +script_directory = os.path.dirname(os.path.abspath(__file__)) +generic_directory = os.path.abspath(os.path.join(script_directory, '..')) + +template_directory = os.path.abspath(os.path.join(script_directory, + '..', + 'template')) +spec_directory = os.path.abspath(os.path.join(script_directory, '..', '..')) +test_root_directory = os.path.abspath(os.path.join(script_directory, + '..', '..', '..')) + +spec_filename = os.path.join(spec_directory, "spec.src.json") +generated_spec_json_filename = os.path.join(spec_directory, "spec_json.js") + +selection_pattern = '%(opt_in_method)s/' + \ + '%(origin)s/' + \ + '%(subresource)s/' + \ + '%(context_nesting)s/' + \ + '%(redirection)s/' + +test_file_path_pattern = '%(spec_name)s/' + selection_pattern + \ + '%(name)s.%(source_scheme)s.html' + + +def get_template(basename): + with open(os.path.join(template_directory, basename)) as f: + return f.read() + + +def write_file(filename, contents): + with open(filename, "w") as f: + f.write(contents) + + +def read_nth_line(fp, line_number): + fp.seek(0) + for i, line in enumerate(fp): + if (i + 1) == line_number: + return line + + +def load_spec_json(path_to_spec = None): + if path_to_spec is None: + path_to_spec = spec_filename + + re_error_location = re.compile('line ([0-9]+) column ([0-9]+)') + with open(path_to_spec) as f: + try: + return json.load(f) + except ValueError, ex: + print ex.message + match = re_error_location.search(ex.message) + if match: + line_number, column = int(match.group(1)), int(match.group(2)) + print read_nth_line(f, line_number).rstrip() + print " " * (column - 1) + "^" + sys.exit(1) diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/tools/generate.py b/tests/wpt/web-platform-tests/mixed-content/generic/tools/generate.py new file mode 100755 index 00000000000..e27988b5734 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/tools/generate.py @@ -0,0 +1,157 @@ +#!/usr/bin/env python + +import os, sys, json +from common_paths import * +import spec_validator +import argparse + + +def expand_pattern(expansion_pattern, test_expansion_schema): + expansion = {} + for artifact_key in expansion_pattern: + artifact_value = expansion_pattern[artifact_key] + if artifact_value == '*': + expansion[artifact_key] = test_expansion_schema[artifact_key] + elif isinstance(artifact_value, list): + expansion[artifact_key] = artifact_value + elif isinstance(artifact_value, dict): + # Flattened expansion. + expansion[artifact_key] = [] + values_dict = expand_pattern(artifact_value, + test_expansion_schema[artifact_key]) + for sub_key in values_dict.keys(): + expansion[artifact_key] += values_dict[sub_key] + else: + expansion[artifact_key] = [artifact_value] + + return expansion + + +def permute_expansion(expansion, artifact_order, selection = {}, artifact_index = 0): + assert isinstance(artifact_order, list), "artifact_order should be a list" + + if artifact_index >= len(artifact_order): + yield selection + return + + artifact_key = artifact_order[artifact_index] + + for artifact_value in expansion[artifact_key]: + selection[artifact_key] = artifact_value + for next_selection in permute_expansion(expansion, + artifact_order, + selection, + artifact_index + 1): + yield next_selection + + +def generate_selection(selection, spec, test_html_template_basename): + selection['spec_name'] = spec['name'] + selection['spec_title'] = spec['title'] + selection['spec_description'] = spec['description'] + selection['spec_specification_url'] = spec['specification_url'] + + test_filename = test_file_path_pattern % selection + test_headers_filename = test_filename + ".headers" + test_directory = os.path.dirname(test_filename) + full_path = os.path.join(spec_directory, test_directory) + + test_html_template = get_template(test_html_template_basename) + test_js_template = get_template("test.js.template") + disclaimer_template = get_template('disclaimer.template') + test_description_template = get_template("test_description.template") + + html_template_filename = os.path.join(template_directory, + test_html_template_basename) + generated_disclaimer = disclaimer_template \ + % {'generating_script_filename': os.path.relpath(__file__, + test_root_directory), + 'html_template_filename': os.path.relpath(html_template_filename, + test_root_directory)} + + selection['generated_disclaimer'] = generated_disclaimer.rstrip() + test_description_template = \ + test_description_template.rstrip().replace("\n", "\n" + " " * 33) + selection['test_description'] = test_description_template % selection + + # Adjust the template for the test invoking JS. Indent it to look nice. + indent = "\n" + " " * 6; + test_js_template = indent + test_js_template.replace("\n", indent); + selection['test_js'] = test_js_template % selection + + # Directory for the test files. + try: + os.makedirs(full_path) + except: + pass + + # TODO(kristijanburnik): Implement the opt-in-method here. + opt_in_method = selection['opt_in_method'] + selection['meta_opt_in'] = '' + if opt_in_method == 'meta-csp': + selection['meta_opt_in'] = '<meta http-equiv="Content-Security-Policy" ' + \ + 'content="block-all-mixed-content">' + elif opt_in_method == 'http-csp': + opt_in_headers = "Content-Security-Policy: block-all-mixed-content\n" + write_file(test_headers_filename, opt_in_headers) + elif opt_in_method == 'no-opt-in': + pass + else: + raise ValueError("Invalid opt_in_method %s" % opt_in_method) + + # Write out the generated HTML file. + write_file(test_filename, test_html_template % selection) + +def generate_test_source_files(spec_json, target): + test_expansion_schema = spec_json['test_expansion_schema'] + specification = spec_json['specification'] + + spec_json_js_template = get_template('spec_json.js.template') + write_file(generated_spec_json_filename, + spec_json_js_template % {'spec_json': json.dumps(spec_json)}) + + # Choose a debug/release template depending on the target. + html_template = "test.%s.html.template" % target + + artifact_order = test_expansion_schema.keys() + ['name'] + + # Create list of excluded tests. + exclusion_dict = {} + for excluded_pattern in spec_json['excluded_tests']: + excluded_expansion = \ + expand_pattern(excluded_pattern, + test_expansion_schema) + for excluded_selection in permute_expansion(excluded_expansion, artifact_order): + excluded_selection_path = selection_pattern % excluded_selection + exclusion_dict[excluded_selection_path] = True + + for spec in specification: + for expansion_pattern in spec['test_expansion']: + expansion = expand_pattern(expansion_pattern, + test_expansion_schema) + for selection in permute_expansion(expansion, artifact_order): + selection_path = selection_pattern % selection + if not selection_path in exclusion_dict: + generate_selection(selection, + spec, + html_template) + else: + print 'Excluding selection:', selection_path + + +def main(target, spec_filename): + spec_json = load_spec_json(spec_filename); + spec_validator.assert_valid_spec_json(spec_json) + generate_test_source_files(spec_json, target) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Test suite generator utility') + parser.add_argument('-t', '--target', type = str, + choices = ("release", "debug"), default = "release", + help = 'Sets the appropriate template for generating tests') + parser.add_argument('-s', '--spec', type = str, default = None, + help = 'Specify a file used for describing and generating the tests') + # TODO(kristijanburnik): Add option for the spec_json file. + args = parser.parse_args() + main(args.target, args.spec) diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/tools/regenerate b/tests/wpt/web-platform-tests/mixed-content/generic/tools/regenerate new file mode 100755 index 00000000000..e6bd63519b3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/tools/regenerate @@ -0,0 +1,3 @@ +#!/bin/bash +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +python $DIR/clean.py && python $DIR/generate.py diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/tools/spec_validator.py b/tests/wpt/web-platform-tests/mixed-content/generic/tools/spec_validator.py new file mode 100755 index 00000000000..a6acc1040dd --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/tools/spec_validator.py @@ -0,0 +1,159 @@ +#!/usr/bin/env python + +import json, sys +from common_paths import * + +def assert_non_empty_string(obj, field): + assert field in obj, 'Missing field "%s"' % field + assert isinstance(obj[field], basestring), \ + 'Field "%s" must be a string' % field + assert len(obj[field]) > 0, 'Field "%s" must not be empty' % field + + +def assert_non_empty_list(obj, field): + assert isinstance(obj[field], list), \ + '%s must be a list' % field + assert len(obj[field]) > 0, \ + '%s list must not be empty' % field + + +def assert_non_empty_dict(obj, field): + assert isinstance(obj[field], dict), \ + '%s must be a dict' % field + assert len(obj[field]) > 0, \ + '%s dict must not be empty' % field + + +def assert_contains(obj, field): + assert field in obj, 'Must contain field "%s"' % field + + +def assert_string_from(obj, field, items): + assert obj[field] in items, \ + 'Field "%s" must be from: %s' % (field, str(items)) + + +def assert_string_or_list_items_from(obj, field, items): + if isinstance(obj[field], basestring): + assert_string_from(obj, field, items) + return + + assert isinstance(obj[field], list), "%s must be a list!" % field + for allowed_value in obj[field]: + assert allowed_value != '*', "Wildcard is not supported for lists!" + assert allowed_value in items, \ + 'Field "%s" must be from: %s' % (field, str(items)) + + +def assert_contains_only_fields(obj, expected_fields): + for expected_field in expected_fields: + assert_contains(obj, expected_field) + + for actual_field in obj: + assert actual_field in expected_fields, \ + 'Unexpected field "%s".' % actual_field + + +def assert_value_unique_in(value, used_values): + assert value not in used_values, 'Duplicate value "%s"!' % str(value) + used_values[value] = True + + +def assert_valid_artifact(exp_pattern, artifact_key, schema): + if isinstance(schema, list): + assert_string_or_list_items_from(exp_pattern, artifact_key, + ["*"] + schema) + return + + for sub_artifact_key, sub_schema in schema.iteritems(): + assert_valid_artifact(exp_pattern[artifact_key], sub_artifact_key, + sub_schema) + +def validate(spec_json, details): + """ Validates the json specification for generating tests. """ + + details['object'] = spec_json + assert_contains_only_fields(spec_json, ["specification", + "test_expansion_schema", + "excluded_tests"]) + assert_non_empty_list(spec_json, "specification") + assert_non_empty_dict(spec_json, "test_expansion_schema") + assert_non_empty_list(spec_json, "excluded_tests") + + specification = spec_json['specification'] + test_expansion_schema = spec_json['test_expansion_schema'] + excluded_tests = spec_json['excluded_tests'] + + valid_test_expansion_fields = ['name'] + test_expansion_schema.keys() + + # Validate each single spec. + for spec in specification: + details['object'] = spec + + # Validate required fields for a single spec. + assert_contains_only_fields(spec, ['name', + 'title', + 'description', + 'specification_url', + 'test_expansion']) + assert_non_empty_string(spec, 'name') + assert_non_empty_string(spec, 'title') + assert_non_empty_string(spec, 'description') + assert_non_empty_string(spec, 'specification_url') + assert_non_empty_list(spec, 'test_expansion') + + # Validate spec's test expansion. + used_spec_names = {} + + for spec_exp in spec['test_expansion']: + details['object'] = spec_exp + assert_non_empty_string(spec_exp, 'name') + # The name is unique in same expansion group. + assert_value_unique_in((spec_exp['expansion'], spec_exp['name']), + used_spec_names) + assert_contains_only_fields(spec_exp, valid_test_expansion_fields) + + for artifact in test_expansion_schema: + details['test_expansion_field'] = artifact + assert_valid_artifact(spec_exp, artifact, + test_expansion_schema[artifact]) + del details['test_expansion_field'] + + # Validate the test_expansion schema members. + details['object'] = test_expansion_schema + assert_contains_only_fields(test_expansion_schema, ['expansion', + 'source_scheme', + 'opt_in_method', + 'context_nesting', + 'redirection', + 'subresource', + 'origin', + 'expectation']) + # Validate excluded tests. + details['object'] = excluded_tests + for excluded_test_expansion in excluded_tests: + assert_contains_only_fields(excluded_test_expansion, + valid_test_expansion_fields) + + + del details['object'] + + +def assert_valid_spec_json(spec_json): + error_details = {} + try: + validate(spec_json, error_details) + except AssertionError, err: + print 'ERROR:', err.message + print json.dumps(error_details, indent=4) + sys.exit(1) + + +def main(): + spec_json = load_spec_json(); + assert_valid_spec_json(spec_json) + print "Spec JSON is valid." + + +if __name__ == '__main__': + main() diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/worker.js b/tests/wpt/web-platform-tests/mixed-content/generic/worker.js new file mode 100644 index 00000000000..7e2168bcc06 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/generic/worker.js @@ -0,0 +1 @@ +postMessage('done'); diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3cae7b1b2f2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..a6597f1f437 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..3b0dd9786c9 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..9a63f99ae00 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e0d760323b7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..aa689fad1a4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..a95ea4adfd2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..87338d7de57 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..f319137a7ca --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..767bbaa01e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..892c5f10d1f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..10513766f2e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/cross-origin-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..0562b6ed924 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..0246af6a961 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..57989fdbccc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/audio-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..d496ea5435f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..450b5556579 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..200d50cbec4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/img-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..fde66246b8e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..21f01e59b78 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..4e042058e5e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..532b9631902 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/keep-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e605a73136b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..e71c10ae4c3 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: blocked"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: http-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "http-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers new file mode 100644 index 00000000000..46e2255e388 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/http-csp/same-host-http/video-tag/top-level/swap-scheme-redirect/opt-in-blocks.https.html.headers @@ -0,0 +1 @@ +Content-Security-Policy: block-all-mixed-content diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..40b5cddbdde --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..7febc67f326 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..293be460d2f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..a4376a209f2 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..ade9c060d40 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..f4bc1bc74b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..29a5afc0c99 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html new file mode 100644 index 00000000000..4a098da56b4 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked"><meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: meta-csp + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: blocked</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "meta-csp", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "blocked" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..235dcab68a6 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..f0f024cf794 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..76724ecbf69 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..dccc6c8fad1 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..4c4933e919b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..f779562be89 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..67f09927adb --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..935d48e8a36 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..84c2eb421d7 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..7178e0fcf9d --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..6cc20ef2fdc --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..2e8225bc21e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/cross-origin-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: cross-origin-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "cross-origin-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..203f93f430c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..7d096f0be49 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..8af53520894 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/audio-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: audio-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "audio-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..355dc84511b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..90e3843733f --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..d8d2853b058 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/img-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: img-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "img-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..30969a0623e --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..6cf5133166c --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..8faeaa0e512 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/link-prefetch-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: link-prefetch-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "link-prefetch-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..139a87d3013 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/keep-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: keep-scheme-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "keep-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..847d2a7000b --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/no-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: no-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "no-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html new file mode 100644 index 00000000000..3deb905f760 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/optionally-blockable/no-opt-in/same-host-http/video-tag/top-level/swap-scheme-redirect/no-opt-in-allows.https.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by mixed-content/generic/tools/generate.py using mixed-content/generic/template/test.debug.html.template. --> +<html> + <head> + <title>Mixed-Content: Optionally-blockable content</title> + <meta charset='utf-8'> + <meta name="description" content="Test behavior of optionally-blockable content"> + <meta name="assert" content="opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: allowed"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Common global functions for mixed-content tests. --> + <script src="/mixed-content/generic/common.js"></script> + <!-- The original specification JSON for validating the scenario. --> + <script src="/mixed-content/spec_json.js"></script> + <!-- Internal checking of the tests --> + <script src="/mixed-content/generic/sanity-checker.js"></script> + <!-- Simple wrapper API for all mixed-content test cases. --> + <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script> + </head> + <body> + <h1>Optionally-blockable content</h1> + <h2>Test behavior of optionally-blockable content</h2> + <pre>opt_in_method: no-opt-in + origin: same-host-http + source_scheme: https + context_nesting: top-level + redirection: swap-scheme-redirect + subresource: video-tag + expectation: allowed</pre> + + <p>See <a href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable" target="_blank">specification</a> + details for this test.</p> + + <div id="log"></div> + <script> + MixedContentTestCase( + { + "opt_in_method": "no-opt-in", + "origin": "same-host-http", + "source_scheme": "https", + "context_nesting": "top-level", + "redirection": "swap-scheme-redirect", + "subresource": "video-tag", + "expectation": "allowed" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/mixed-content/spec.src.json b/tests/wpt/web-platform-tests/mixed-content/spec.src.json new file mode 100644 index 00000000000..94c61c03769 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/spec.src.json @@ -0,0 +1,206 @@ +{ + "specification": [ + { + "name": "optionally-blockable", + "title": "Optionally-blockable content", + "description": "Test behavior of optionally-blockable content", + "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", + "test_expansion": [ + { + "name": "opt-in-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": ["http-csp", "meta-csp"], + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": [], + "optionally-blockable": "*" + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "blocked" + }, + { + "name": "no-opt-in-allows", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "no-opt-in", + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": [], + "optionally-blockable": "*" + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "allowed" + } + ] + }, + { + "name": "blockable", + "title": "Blockable content", + "description": "Test behavior of blockable content.", + "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", + "test_expansion": [ + { + "name": "opt-in-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": ["http-csp", "meta-csp"], + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": "*", + "optionally-blockable": [] + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "blocked" + }, + { + "name": "no-opt-in-blocks", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "no-opt-in", + "context_nesting": "top-level", + "redirection": "*", + "subresource": { + "blockable": "*", + "optionally-blockable": [] + }, + "origin": ["cross-origin-http", "same-host-http"], + "expectation": "blocked" + } + ] + }, + { + "name": "allowed", + "title": "Allowed content", + "description": "Test behavior of allowed content.", + "specification_url": "http://www.w3.org/TR/mixed-content/", + "test_expansion": [ + { + "name": "allowed", + "expansion": "default", + "source_scheme": "https", + "opt_in_method": "*", + "context_nesting": "top-level", + "redirection": ["no-redirect", "keep-scheme-redirect"], + "subresource": { + "blockable": "*", + "optionally-blockable": "*" + }, + "origin": ["same-host-https"], + "expectation": "allowed" + } + ] + } + ], + + "excluded_tests": [ + { + "name": "TODO-subresources-not-supported", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": "*", + "context_nesting": "*", + "redirection": "*", + "subresource": { + "blockable": [ + "a-tag", + "websocket-request" + ], + "optionally-blockable": [] + }, + "origin": "*", + "expectation": "*" + }, + { + "name": "TODO-opt-in-method-img-cross-origin", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": "img-crossorigin", + "context_nesting": "*", + "redirection": "*", + "subresource": { + "blockable": "*", + "optionally-blockable": "*" + }, + "origin": "*", + "expectation": "*" + }, + { + "name": "Skip-redundant-for-opt-in-method", + "expansion": "*", + "source_scheme": "*", + "opt_in_method": [ + "meta-csp", + "img-crossorigin" + ], + "context_nesting": "*", + "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], + "subresource": { + "blockable": "*", + "optionally-blockable": "*" + }, + "origin": "*", + "expectation": "*" + } + ], + + "test_expansion_schema": { + "expansion": [ + "default", + "override" + ], + "source_scheme": [ + "http", + "https" + ], + "opt_in_method": [ + "no-opt-in", + "http-csp", + "meta-csp", + "img-crossorigin" + ], + "redirection": [ + "no-redirect", + "keep-scheme-redirect", + "swap-scheme-redirect" + ], + "context_nesting": [ + "top-level", + "sub-level" + ], + "origin": [ + "same-host-https", + "same-host-http", + "cross-origin-https", + "cross-origin-http" + ], + "subresource": { + "blockable": [ + "iframe-tag", + "script-tag", + "link-css-tag", + "form-tag", + "xhr-request", + "worker-request", + "fetch-request", + "a-tag", + "object-tag", + "picture-tag", + "websocket-request" + ], + "optionally-blockable": [ + "img-tag", + "audio-tag", + "video-tag", + "link-prefetch-tag" + ] + }, + "expectation": [ + "allowed", + "blocked" + ] + } +} diff --git a/tests/wpt/web-platform-tests/mixed-content/spec_json.js b/tests/wpt/web-platform-tests/mixed-content/spec_json.js new file mode 100644 index 00000000000..11d3ac1c254 --- /dev/null +++ b/tests/wpt/web-platform-tests/mixed-content/spec_json.js @@ -0,0 +1 @@ +var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "subresource": {"blockable": ["iframe-tag", "script-tag", "link-css-tag", "form-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag", "link-prefetch-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "TODO-subresources-not-supported", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag", "websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]}; diff --git a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/060.html b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/060.html index dba77146b82..669dd2a747f 100644 --- a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/060.html +++ b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/060.html @@ -1,6 +1,6 @@ <!DOCTYPE html> <html><head> - <title> scheduler: appending code to initially non-empty SCRIPT tag in DOM after setting innerText/innerHTML</title> + <title> scheduler: appending code to initially non-empty SCRIPT tag in DOM after setting textContent/innerHTML</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <script src="testlib/testlib.js"></script> @@ -14,7 +14,7 @@ var script=document.getElementsByTagName('script')[3]; script.innerHTML=''; script.appendChild( document.createTextNode('log("injected script code 1");') ); - script.innerText=''; + script.textContent=''; script.appendChild( document.createTextNode('log("injected script code 2");') ); log('end script #1'); </script> diff --git a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/083.html b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/083.html index f1dd567f3dc..b307041f832 100644 --- a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/083.html +++ b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/083.html @@ -18,7 +18,7 @@ } var doc = frames[0].document; doc.open('text/html'); - doc.write('<script>top.log("IFRAME script");top.document.addEventListener("foo", function(e){ console.log(e+ " "+top+" "+self.location.href); top.log("event: "+e.type); }, false)<\/script>'); + doc.write('<script>top.log("IFRAME script");top.document.addEventListener("foo", function(e){ top.log("event: "+e.type); }, false)<\/script>'); log('end script #1'); </script> <script> diff --git a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/094.html b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/094.html index 5fe0a005821..44fd7b55909 100644 --- a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/094.html +++ b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/094.html @@ -8,14 +8,16 @@ <body> <div id="log">FAILED (This TC requires JavaScript enabled)</div> + <iframe id="myFrame"></iframe> <script> var t = async_test(undefined, {timeout:3500}); onload = t.step_func(function() { - document.open(); - document.write("<title> scheduler: parser-created defer script after document load</title><script src='/resources/testharness.js'><\/script><script src='/resources/testharnessreport.js'><\/script><script src='testlib/testlib.js'><\/script><script>var t=async_test()<\/script><div id=log></div><script defer src='data:text/javascript,t.done();'><\/script>"); - document.close(); - setTimeout(t.step_func(function() {assert_unreached()}, 500)); + var doc = document.getElementById("myFrame").contentDocument; + var win = document.getElementById("myFrame").contentWindow; + doc.open(); + doc.write("<title> scheduler: parser-created defer script after document load</title><script src='/resources/testharness.js'><\/script><script src='/resources/testharnessreport.js'><\/script><script src='testlib/testlib.js'><\/script><script>var t=async_test()<\/script><div id=log></div><script defer src='data:text/javascript,parent.t.done();'><\/script>"); + doc.close(); }) </script> </body></html> diff --git a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/101.html b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/101.html index 23a9c36c6f0..92fe6081ad7 100644 --- a/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/101.html +++ b/tests/wpt/web-platform-tests/old-tests/submission/Opera/script_scheduling/101.html @@ -8,20 +8,23 @@ <body> <div id="log">FAILED (This TC requires JavaScript enabled)</div> + <iframe id="myFrame"></iframe> <script> var t = async_test(); onload = t.step_func( function() { - document.open(); - document.write("<title> scheduler: defer script after initial onload event</title><script src='/resources/testharness.js'><\/script><script src='/resources/testharnessreport.js'><\/script><script src='testlib/testlib.js'><\/script><div id='log'>document.written content</div><script>log('inline script #1'); t = async_test();<\/script><script src='scripts/include-1.js'><\/script><script defer src='scripts/include-2.js'><\/script>"); - document.close(); + var doc = document.getElementById("myFrame").contentDocument; + var win = document.getElementById("myFrame").contentWindow; + doc.open(); + doc.write("<title> scheduler: defer script after initial onload event</title><script src='/resources/testharness.js'><\/script><script src='/resources/testharnessreport.js'><\/script><script src='testlib/testlib.js'><\/script><div id='log'>document.written content</div><script>log('inline script #1'); t = async_test();<\/script><script src='scripts/include-1.js'><\/script><script defer src='scripts/include-2.js'><\/script>"); + doc.close(); //Note that the *window* object has changed but the *global scope* of the script has not. - window.setTimeout( + win.setTimeout( function() { window.t.step( function() { - window.assert_array_equals(window.eventOrder, ['inline script #1', 'external script #1', 'external script #2']); + window.assert_array_equals(win.eventOrder, ['inline script #1', 'external script #1', 'external script #2']); window.t.done(); })}, 1000); }); diff --git a/tests/wpt/web-platform-tests/referrer-policy/generic/subresource/image.py b/tests/wpt/web-platform-tests/referrer-policy/generic/subresource/image.py index 4ca5c118407..7d7a7a17be6 100644 --- a/tests/wpt/web-platform-tests/referrer-policy/generic/subresource/image.py +++ b/tests/wpt/web-platform-tests/referrer-policy/generic/subresource/image.py @@ -1,8 +1,64 @@ -import os, sys, array, Image, json, math, cStringIO +import os, sys, array, json, math, cStringIO sys.path.insert(0, os.path.dirname(os.path.abspath(__file__))) import subresource -def encode_string_as_png_image(string_data): +class Image: + """This class partially implements the interface of the PIL.Image.Image. + One day in the future WPT might support the PIL module or another imaging + library, so this hacky BMP implementation will no longer be required. + """ + def __init__(self, width, height): + self.width = width + self.height = height + self.img = bytearray([0 for i in range(3 * width * height)]) + + @staticmethod + def new(mode, size, color=0): + return Image(size[0], size[1]) + + def _int_to_bytes(self, number): + packed_bytes = [0, 0, 0, 0] + for i in range(4): + packed_bytes[i] = number & 0xFF + number >>= 8 + + return packed_bytes + + def putdata(self, color_data): + for y in range(self.height): + for x in range(self.width): + i = x + y * self.width + if i > len(color_data) - 1: + return + + self.img[i * 3: i * 3 + 3] = color_data[i][::-1] + + def save(self, f, type): + assert type == "BMP" + # 54 bytes of preambule + image color data. + filesize = 54 + 3 * self.width * self.height; + # 14 bytes of header. + bmpfileheader = bytearray(['B', 'M'] + self._int_to_bytes(filesize) + + [0, 0, 0, 0, 54, 0, 0, 0]) + # 40 bytes of info. + bmpinfoheader = bytearray([40, 0, 0, 0] + + self._int_to_bytes(self.width) + + self._int_to_bytes(self.height) + + [1, 0, 24] + (25 * [0])) + + padlength = (4 - (self.width * 3) % 4) % 4 + bmppad = bytearray([0, 0, 0]); + padding = bmppad[0 : padlength] + + f.write(bmpfileheader) + f.write(bmpinfoheader) + + for i in range(self.height): + offset = self.width * (self.height - i - 1) * 3 + f.write(self.img[offset : offset + 3 * self.width]) + f.write(padding) + +def encode_string_as_bmp_image(string_data): data_bytes = array.array("B", string_data) num_bytes = len(data_bytes) @@ -25,20 +81,20 @@ def encode_string_as_png_image(string_data): img = Image.new("RGB", (sqrt, sqrt), "black") img.putdata(color_data) - # Flush PNG to string. + # Flush image to string. f = cStringIO.StringIO() - img.save(f, "PNG") + img.save(f, "BMP") f.seek(0) return f.read() def generate_payload(server_data): data = ('{"headers": %(headers)s}') % server_data - return encode_string_as_png_image(data) + return encode_string_as_bmp_image(data) def main(request, response): subresource.respond(request, response, payload_generator = generate_payload, - content_type = "image/png", + content_type = "image/bmp", access_control_allow_origin = "*") diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..70700fd8a3d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 00000000000..d13a76dc5f0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..2b52511b229 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..17d2ca54b29 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 00000000000..5170a0d7e9d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..87efe93b20c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..edfedaa5a9c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 00000000000..e58021da843 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..eb45ef751c1 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..2146f49fad4 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 00000000000..1e2ad7eb451 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..c47f9a46ba1 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..be99596e392 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/http-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..c9befb5efb8 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 00000000000..d1ffd805537 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..b02439ee7b5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..6dc1017b41a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 00000000000..0c4143e48e3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..b59a88ebe69 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..5e96346c37c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 00000000000..4757e07ac70 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..bd587bcf42a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..b5e680310e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 00000000000..33dd19d0c63 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..53e40ebab41 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-csp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..ff0ddfca4b9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 00000000000..ab0ae60726e --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..4c31e88b0d6 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..6444a84732e --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 00000000000..f8772e6b765 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..9dcc2296730 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..f615b0df845 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 00000000000..61d08f475ee --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..96363a95d16 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 00000000000..96ace60e27e --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 00000000000..77e964f94d7 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 00000000000..984351f783b --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <meta name="referrer" content="no-referrer-when-downgrade"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..81a384e27cd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..94fd103d7cf --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..20c585ef46f --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..90bc865e172 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..c3d794c16e7 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..4f46e27dedd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..1a1a325cb49 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..bc6648b8458 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..1f05196d13a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..df09646ed78 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..450069242bf --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e1a797d3376 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..12b35216e53 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer no-referrer +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..4abee54112d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..e144fe1e9ce --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..fdce31cf738 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..95aecad277d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..a0694743a0b --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..80b8ad1249e --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..f5a2baff17d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..9dc58a91610 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..1a8c6c1b9b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..2cf82bc022f --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..3f5db224562 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..5994311fdb2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..17879187e2e --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..4364df15cf6 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..059f17992c7 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..ff8c910e034 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..83d4e509423 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..61e6a50c852 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..645aa27ad9d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..5d87fdffdd8 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..70760947204 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..5e8378a2f0d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..e020abb51f5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..40cab14c0f5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title> + <meta name="description" content="Check that sub-resource never gets the referrer URL."> + <meta name="referrer" content="no-referrer"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer"> + <meta name="assert" content="The referrer URL is omitted when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "omitted" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..700ec659d5d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..2a99bfb5bd7 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..d147b426231 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..467acd0baad --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..c2d9ffc3c2b --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..1d860b00e78 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..b5223624dd1 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..76829f7c3e1 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..7d068d18a49 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..a7aaa204833 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..7272acd46f6 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..dc69286cd35 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..a6e4b287561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..04be4a2e51c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..8be2bd62a2d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..bcbe1c080c3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..cc312919aa0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..80be669745c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e333b35193a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..b037ef98fda --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..9d55bdc5ac5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..ed8a8d9955b --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..988189839c1 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..f38507185aa --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..fa05c6aa625 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..329ba3cb8fb --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..a79b6e1d03d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..1cc9d16150c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..837f21c9ce3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..b222e5fa77e --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..4a0a9c44251 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..3b282b836ca --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..a3914583224 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..a33efc6eda0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..98d254f62b0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..7b0a406f476 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..30b9c02b0e4 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-only/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-only'</title> + <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL."> + <meta name="referrer" content="origin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html new file mode 100644 index 00000000000..f3361cadd73 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html new file mode 100644 index 00000000000..ae0c08d815c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html new file mode 100644 index 00000000000..434888c0bca --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html new file mode 100644 index 00000000000..9a631cfc95c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html new file mode 100644 index 00000000000..b0ea8f8d96b --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html new file mode 100644 index 00000000000..003bd504faa --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html new file mode 100644 index 00000000000..427d35277d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html new file mode 100644 index 00000000000..d2228b6c901 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html new file mode 100644 index 00000000000..be884fe8025 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html new file mode 100644 index 00000000000..8fcb93e60f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html new file mode 100644 index 00000000000..4050a48a4ae --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html new file mode 100644 index 00000000000..79b8f6a1931 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html new file mode 100644 index 00000000000..79b8f6a1931 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html new file mode 100644 index 00000000000..8fcb93e60f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html new file mode 100644 index 00000000000..4050a48a4ae --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html new file mode 100644 index 00000000000..79b8f6a1931 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..91913733b22 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/http-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer origin-when-crossorigin +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html new file mode 100644 index 00000000000..b4ea2501479 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html new file mode 100644 index 00000000000..7db129e0e7f --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html new file mode 100644 index 00000000000..6556c1909d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html new file mode 100644 index 00000000000..ab52ebdb09a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html new file mode 100644 index 00000000000..f95b04abf03 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html new file mode 100644 index 00000000000..854245d3914 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html new file mode 100644 index 00000000000..06e6b362e77 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html new file mode 100644 index 00000000000..9afb287d2bc --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html new file mode 100644 index 00000000000..7b4ea4978af --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html new file mode 100644 index 00000000000..188588ce2d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html new file mode 100644 index 00000000000..d6b873f6940 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e4b4e4646e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e4b4e4646e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html new file mode 100644 index 00000000000..188588ce2d0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html new file mode 100644 index 00000000000..d6b873f6940 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e4b4e4646e5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-csp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html new file mode 100644 index 00000000000..100d32b2855 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html new file mode 100644 index 00000000000..98025db1a07 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html new file mode 100644 index 00000000000..0f519f0c9d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html new file mode 100644 index 00000000000..294bd0b4cad --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html new file mode 100644 index 00000000000..f0f3c76ab02 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html new file mode 100644 index 00000000000..574b80551c3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html new file mode 100644 index 00000000000..fff017052da --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html new file mode 100644 index 00000000000..aa7713735e6 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html new file mode 100644 index 00000000000..beca5ef7333 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html new file mode 100644 index 00000000000..464d3ec193c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html new file mode 100644 index 00000000000..fae3d839b60 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html new file mode 100644 index 00000000000..ac971fcb4fd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html new file mode 100644 index 00000000000..ac971fcb4fd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html new file mode 100644 index 00000000000..464d3ec193c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html new file mode 100644 index 00000000000..fae3d839b60 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html new file mode 100644 index 00000000000..ac971fcb4fd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'origin-when-crossorigin'</title> + <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <meta name="referrer" content="origin-when-crossorigin"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "origin-when-crossorigin", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/spec.src.json b/tests/wpt/web-platform-tests/referrer-policy/spec.src.json index 99440573964..c97759ddae7 100644 --- a/tests/wpt/web-platform-tests/referrer-policy/spec.src.json +++ b/tests/wpt/web-platform-tests/referrer-policy/spec.src.json @@ -306,17 +306,6 @@ "origin": "*", "subresource": "*", "referrer_url": "*" - }, - { - "name": "temporarily-disable-images-until-found-alternative-for-pil", - "expansion": "*", - "source_protocol": "*", - "target_protocol": "*", - "delivery_method": "*", - "redirection": "*", - "origin": "*", - "subresource": "img-tag", - "referrer_url": "*" } ], diff --git a/tests/wpt/web-platform-tests/referrer-policy/spec_json.js b/tests/wpt/web-platform-tests/referrer-policy/spec_json.js index 212c6a70631..fc82f35563f 100644 --- a/tests/wpt/web-platform-tests/referrer-policy/spec_json.js +++ b/tests/wpt/web-platform-tests/referrer-policy/spec_json.js @@ -1 +1 @@ -var SPEC_JSON = {"subresource_path": {"img-tag": "/referrer-policy/generic/subresource/image.py", "fetch-request": "/referrer-policy/generic/subresource/xhr.py", "a-tag": "/referrer-policy/generic/subresource/document.py", "area-tag": "/referrer-policy/generic/subresource/document.py", "iframe-tag": "/referrer-policy/generic/subresource/document.py", "xhr-request": "/referrer-policy/generic/subresource/xhr.py", "worker-request": "/referrer-policy/generic/subresource/worker.py", "script-tag": "/referrer-policy/generic/subresource/script.py"}, "test_expansion_schema": {"origin": ["same-origin", "cross-origin"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr-request", "worker-request", "fetch-request"], "target_protocol": ["http", "https"], "expansion": ["default", "override"], "delivery_method": ["http-csp", "meta-referrer", "meta-csp", "attr-referrer", "rel-noreferrer"], "redirection": ["no-redirect", "keep-origin-redirect", "swap-origin-redirect"], "referrer_url": ["omitted", "origin", "stripped-referrer"], "source_protocol": ["http", "https"]}, "specification": [{"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states", "referrer_policy": null, "title": "Referrer Policy is not explicitly defined", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unset-referrer-policy", "description": "Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer", "referrer_policy": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "no-referrer", "description": "Check that sub-resource never gets the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade", "referrer_policy": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "no-referrer-when-downgrade", "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin", "referrer_policy": "origin", "title": "Referrer Policy is set to 'origin-only'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-only", "description": "Check that all subresources in all casses get only the origin portion of the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin", "referrer_policy": "origin-when-crossorigin", "title": "Referrer Policy is set to 'origin-when-crossorigin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-upgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-downgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-when-cross-origin", "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url", "referrer_policy": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unsafe-url", "description": "Check that all sub-resources get the stripped referrer URL."}], "referrer_policy_schema": [null, "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-crossorigin", "unsafe-url"], "excluded_tests": [{"origin": "cross-origin", "name": "cross-origin-workers", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "worker-request"}, {"origin": "*", "name": "upgraded-protocol-workers", "target_protocol": "https", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "http", "subresource": "worker-request"}, {"origin": "*", "name": "mixed-content-insecure-subresources", "target_protocol": "http", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "elements-not-supporting-attr-referrer-or-rel-noreferrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["attr-referrer", "rel-noreferrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["iframe-tag", "img-tag", "script-tag", "xhr-request", "worker-request", "fetch-request", "area-tag"]}, {"origin": "*", "name": "area-tag", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "area-tag"}, {"origin": "*", "name": "worker-requests-with-swap-origin-redirect", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "swap-origin-redirect", "referrer_url": "*", "source_protocol": "*", "subresource": ["worker-request"]}, {"origin": "*", "name": "overhead-for-redirection", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": ["keep-origin-redirect", "swap-origin-redirect"], "referrer_url": "*", "source_protocol": "*", "subresource": ["a-tag", "area-tag"]}, {"origin": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "temporarily-disable-images-until-found-alternative-for-pil", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "img-tag"}]}; +var SPEC_JSON = {"subresource_path": {"img-tag": "/referrer-policy/generic/subresource/image.py", "fetch-request": "/referrer-policy/generic/subresource/xhr.py", "a-tag": "/referrer-policy/generic/subresource/document.py", "area-tag": "/referrer-policy/generic/subresource/document.py", "iframe-tag": "/referrer-policy/generic/subresource/document.py", "xhr-request": "/referrer-policy/generic/subresource/xhr.py", "worker-request": "/referrer-policy/generic/subresource/worker.py", "script-tag": "/referrer-policy/generic/subresource/script.py"}, "test_expansion_schema": {"origin": ["same-origin", "cross-origin"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr-request", "worker-request", "fetch-request"], "target_protocol": ["http", "https"], "expansion": ["default", "override"], "delivery_method": ["http-csp", "meta-referrer", "meta-csp", "attr-referrer", "rel-noreferrer"], "redirection": ["no-redirect", "keep-origin-redirect", "swap-origin-redirect"], "referrer_url": ["omitted", "origin", "stripped-referrer"], "source_protocol": ["http", "https"]}, "specification": [{"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states", "referrer_policy": null, "title": "Referrer Policy is not explicitly defined", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unset-referrer-policy", "description": "Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer", "referrer_policy": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "no-referrer", "description": "Check that sub-resource never gets the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-no-referrer-when-downgrade", "referrer_policy": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "no-referrer-when-downgrade", "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin", "referrer_policy": "origin", "title": "Referrer Policy is set to 'origin-only'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-only", "description": "Check that all subresources in all casses get only the origin portion of the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin", "referrer_policy": "origin-when-crossorigin", "title": "Referrer Policy is set to 'origin-when-crossorigin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-upgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-downgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-when-cross-origin", "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url", "referrer_policy": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-csp", "meta-referrer", "meta-csp"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unsafe-url", "description": "Check that all sub-resources get the stripped referrer URL."}], "referrer_policy_schema": [null, "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-crossorigin", "unsafe-url"], "excluded_tests": [{"origin": "cross-origin", "name": "cross-origin-workers", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "worker-request"}, {"origin": "*", "name": "upgraded-protocol-workers", "target_protocol": "https", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "http", "subresource": "worker-request"}, {"origin": "*", "name": "mixed-content-insecure-subresources", "target_protocol": "http", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "elements-not-supporting-attr-referrer-or-rel-noreferrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["attr-referrer", "rel-noreferrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["iframe-tag", "img-tag", "script-tag", "xhr-request", "worker-request", "fetch-request", "area-tag"]}, {"origin": "*", "name": "area-tag", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "area-tag"}, {"origin": "*", "name": "worker-requests-with-swap-origin-redirect", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "swap-origin-redirect", "referrer_url": "*", "source_protocol": "*", "subresource": ["worker-request"]}, {"origin": "*", "name": "overhead-for-redirection", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": ["keep-origin-redirect", "swap-origin-redirect"], "referrer_url": "*", "source_protocol": "*", "subresource": ["a-tag", "area-tag"]}, {"origin": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}]}; diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..ce071da3965 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..7fab7d754a3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..bf45260a751 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..ec55e2b4bfe --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..b8aca4066ee --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..b7bdde97aeb --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..f95ad2c2819 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..c666b74dafd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..702bcbd9c54 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..8639ab230e3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..597cbb81611 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..79c6a210bf2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: CSP delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 00000000000..d54f93601f9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Content-Security-Policy: referrer unsafe-url +Access-Control-Allow-Origin: * diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..5c3f27b81b6 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..f1741d16485 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..65bdffb6ba8 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..e02b53fdca5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..9b357c617ea --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..5fd60e5c1d2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..1628a62a281 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..438c7c48147 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..30bc4864b86 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..8f4a6e953cf --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..1f1bf345ac5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..9d541cfbe5d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta http-equiv="Content-Security-Policy" content="referrer unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..f28b33e6104 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..2f7b79947e2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e0006f34874 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..ca440febc65 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..87b794116e9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..d41e34db692 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..742350b0561 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..3edd1472226 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..b22e11a4fe4 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..efeb71753b0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..ca43b368436 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..89fc3a0afdf --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <meta name="referrer" content="unsafe-url"> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..e7ec4470258 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..090dff968e4 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e73af767878 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..78979a7cd4c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..6130a9cbc99 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..96c30824292 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..141f0d05302 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..67e91e497ad --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..148480cc798 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..be69d2cb374 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..bea2e042449 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..195c4599efd --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/http-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "http-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..13170c073d3 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..2f482fa5dd5 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..c8a21013491 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..85fb730b635 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..24710b1d3f1 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..486f2a2d2f2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..341e9f9d8f0 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..33103d82393 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..6287ca436d9 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..a81b88fa35d --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..ab5e381e553 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..e29c15d8fd2 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-csp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-csp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-csp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..13086ec5107 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..99a52942727 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..228df082fbf --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..0caf0c1cc45 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..3a0735a515a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..4474bbe6b45 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..3698c1a5313 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..8af9a6e2f9a --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..7499d900596 --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 00000000000..d4dcfbd09bc --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 00000000000..31ed836001c --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 00000000000..4a5fa8af15b --- /dev/null +++ b/tests/wpt/web-platform-tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is not explicitly defined</title> + <meta name="description" content="Check that sub-resource gets the referrer URL when no explicit Referrer Policy is set."> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-states"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the meta-referrer + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": null, + "delivery_method": "meta-referrer", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/tests/wpt/web-platform-tests/resources/LICENSE b/tests/wpt/web-platform-tests/resources/LICENSE new file mode 100644 index 00000000000..45896e6be2b --- /dev/null +++ b/tests/wpt/web-platform-tests/resources/LICENSE @@ -0,0 +1,30 @@ +W3C 3-clause BSD License + +http://www.w3.org/Consortium/Legal/2008/03-bsd-license.html + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +* Redistributions of works must retain the original copyright notice, + this list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the original copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +* Neither the name of the W3C nor the names of its contributors may be + used to endorse or promote products derived from this work without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/tests/wpt/web-platform-tests/resources/apisample9.html b/tests/wpt/web-platform-tests/resources/apisample9.html deleted file mode 100644 index 269a6cf818f..00000000000 --- a/tests/wpt/web-platform-tests/resources/apisample9.html +++ /dev/null @@ -1,7 +0,0 @@ -<!DOCTYPE HTML> -<title>Example single page test with no asserts</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> -<script> -done(); -</script>
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/resources/docs/api.md b/tests/wpt/web-platform-tests/resources/docs/api.md Binary files differindex 78c00a957a1..6f25ad2a1fc 100644 --- a/tests/wpt/web-platform-tests/resources/docs/api.md +++ b/tests/wpt/web-platform-tests/resources/docs/api.md diff --git a/tests/wpt/web-platform-tests/resources/apisample-error-worker.js b/tests/wpt/web-platform-tests/resources/examples/apisample-error-worker.js index c0285c37d5a..9bfe0a6f343 100644 --- a/tests/wpt/web-platform-tests/resources/apisample-error-worker.js +++ b/tests/wpt/web-platform-tests/resources/examples/apisample-error-worker.js @@ -1,3 +1,3 @@ -importScripts("testharness.js"); +importScripts("../testharness.js"); throw new Error("This failure is expected."); diff --git a/tests/wpt/web-platform-tests/resources/apisample-worker.js b/tests/wpt/web-platform-tests/resources/examples/apisample-worker.js index 6fd1ceb5376..b1d086314cc 100644 --- a/tests/wpt/web-platform-tests/resources/apisample-worker.js +++ b/tests/wpt/web-platform-tests/resources/examples/apisample-worker.js @@ -1,4 +1,4 @@ -importScripts("testharness.js"); +importScripts("../testharness.js"); test( function(test) { diff --git a/tests/wpt/web-platform-tests/resources/apisample.htm b/tests/wpt/web-platform-tests/resources/examples/apisample.htm index 6eb3279f5f6..504a343acdb 100644 --- a/tests/wpt/web-platform-tests/resources/apisample.htm +++ b/tests/wpt/web-platform-tests/resources/examples/apisample.htm @@ -7,8 +7,8 @@ <body onload="load_test_attr.done()">
<h1>Sample HTML5 API Tests</h1>
<div id="log"></div>
-<script src="testharness.js"></script>
-<script src="testharnessreport.js"></script>
+<script src="../testharness.js"></script>
+<script src="../testharnessreport.js"></script>
<script>
setup_run = false;
setup(function() {
diff --git a/tests/wpt/web-platform-tests/resources/apisample10.html b/tests/wpt/web-platform-tests/resources/examples/apisample10.html index a1a7070fbfd..69810fe16cf 100644 --- a/tests/wpt/web-platform-tests/resources/apisample10.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample10.html @@ -7,8 +7,8 @@ <h1>Async Tests and Promises</h1> <p>This test assumes ECMAScript 6 Promise support. Some failures are expected.</p> <div id="log"></div> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> <script> test(function() { diff --git a/tests/wpt/web-platform-tests/resources/apisample11.html b/tests/wpt/web-platform-tests/resources/examples/apisample11.html index d33edd79db9..32e8984c3f1 100644 --- a/tests/wpt/web-platform-tests/resources/apisample11.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample11.html @@ -2,8 +2,8 @@ <html> <head> <title>Example with iframe that notifies containing document via callbacks</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> </head> <body onload="start_test_in_iframe()"> <h1>Callbacks From Tests Running In An IFRAME</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample12.html b/tests/wpt/web-platform-tests/resources/examples/apisample12.html index e16ebcf44e8..785d57b2ba5 100644 --- a/tests/wpt/web-platform-tests/resources/apisample12.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample12.html @@ -2,8 +2,8 @@ <html> <head> <title>Example with iframe that notifies containing document via cross document messaging</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> </head> <body> <h1>Notifications From Tests Running In An IFRAME</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample13.html b/tests/wpt/web-platform-tests/resources/examples/apisample13.html index cddd90fe508..f6cf0eec831 100644 --- a/tests/wpt/web-platform-tests/resources/apisample13.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample13.html @@ -8,8 +8,8 @@ <p>This test demonstrates the use of <tt>promise_test</tt>. Assumes ECMAScript 6 Promise support. Some failures are expected.</p> <div id="log"></div> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> <script> test( function() { diff --git a/tests/wpt/web-platform-tests/resources/apisample14.html b/tests/wpt/web-platform-tests/resources/examples/apisample14.html index 3d809f97e7f..89803f0bb6a 100644 --- a/tests/wpt/web-platform-tests/resources/apisample14.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample14.html @@ -2,8 +2,8 @@ <html> <head> <title>Dedicated Worker Tests</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> </head> <body> <h1>Dedicated Web Worker Tests</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample15.html b/tests/wpt/web-platform-tests/resources/examples/apisample15.html index 0785797d403..631d1922bac 100644 --- a/tests/wpt/web-platform-tests/resources/apisample15.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample15.html @@ -2,8 +2,8 @@ <html> <head> <title>Example with a shared worker</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> </head> <body> <h1>Shared Web Worker Tests</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample16.html b/tests/wpt/web-platform-tests/resources/examples/apisample16.html index 00be84c7530..d859d94bf6c 100644 --- a/tests/wpt/web-platform-tests/resources/apisample16.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample16.html @@ -2,8 +2,8 @@ <html> <head> <title>Example with a service worker</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> </head> <body> <h1>Service Worker Tests</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample2.htm b/tests/wpt/web-platform-tests/resources/examples/apisample2.htm index 49eed8d9de0..4a4c16b4dfa 100644 --- a/tests/wpt/web-platform-tests/resources/apisample2.htm +++ b/tests/wpt/web-platform-tests/resources/examples/apisample2.htm @@ -7,8 +7,8 @@ <h1>Sample HTML5 API Tests</h1> <p>There should be two results</p> <div id="log"></div> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> <script> setup({explicit_done:true}) test(function() {assert_true(true)}, "Test defined before onload"); diff --git a/tests/wpt/web-platform-tests/resources/apisample3.htm b/tests/wpt/web-platform-tests/resources/examples/apisample3.htm index 80a892b9dd7..4dbbf9a871b 100644 --- a/tests/wpt/web-platform-tests/resources/apisample3.htm +++ b/tests/wpt/web-platform-tests/resources/examples/apisample3.htm @@ -3,7 +3,7 @@ <head> <title>Sample HTML5 API Tests</title> </head> -<script src="testharness.js"></script> +<script src="../testharness.js"></script> <body onload="load_test_attr.done()"> <h1>Sample HTML5 API Tests</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample4.htm b/tests/wpt/web-platform-tests/resources/examples/apisample4.htm index 731a3cb678f..c8fbbded695 100644 --- a/tests/wpt/web-platform-tests/resources/apisample4.htm +++ b/tests/wpt/web-platform-tests/resources/examples/apisample4.htm @@ -3,7 +3,7 @@ <head> <title>Harness Handling Uncaught Exception</title> </head> -<script src="testharness.js"></script> +<script src="../testharness.js"></script> <body> <h1>Harness Handling Uncaught Exception</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample5.htm b/tests/wpt/web-platform-tests/resources/examples/apisample5.htm index 3853ccf421b..3edf602a1e6 100644 --- a/tests/wpt/web-platform-tests/resources/apisample5.htm +++ b/tests/wpt/web-platform-tests/resources/examples/apisample5.htm @@ -3,7 +3,7 @@ <head> <title>Harness Ignoring Uncaught Exception</title> </head> -<script src="testharness.js"></script> +<script src="../testharness.js"></script> <body> <h1>Harness Ignoring Uncaught Exception</h1> diff --git a/tests/wpt/web-platform-tests/resources/apisample6.html b/tests/wpt/web-platform-tests/resources/examples/apisample6.html index 526e4649d28..7459c54d572 100644 --- a/tests/wpt/web-platform-tests/resources/apisample6.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample6.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML> <title>Example with file_is_test</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> <script> onload = function() { assert_true(true); diff --git a/tests/wpt/web-platform-tests/resources/apisample7.html b/tests/wpt/web-platform-tests/resources/examples/apisample7.html index 03b20efdd1c..6885f52f8a5 100644 --- a/tests/wpt/web-platform-tests/resources/apisample7.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample7.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML> <title>Example with file_is_test (should fail)</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> <script> onload = function() { assert_true(false); diff --git a/tests/wpt/web-platform-tests/resources/apisample8.html b/tests/wpt/web-platform-tests/resources/examples/apisample8.html index 821320f4509..70853d9c6c5 100644 --- a/tests/wpt/web-platform-tests/resources/apisample8.html +++ b/tests/wpt/web-platform-tests/resources/examples/apisample8.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML> <title>Example single page test with no body</title> -<script src="testharness.js"></script> -<script src="testharnessreport.js"></script> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> <script> assert_true(true); done(); diff --git a/tests/wpt/web-platform-tests/resources/examples/apisample9.html b/tests/wpt/web-platform-tests/resources/examples/apisample9.html new file mode 100644 index 00000000000..f84433dd198 --- /dev/null +++ b/tests/wpt/web-platform-tests/resources/examples/apisample9.html @@ -0,0 +1,7 @@ +<!DOCTYPE HTML> +<title>Example single page test with no asserts</title> +<script src="../testharness.js"></script> +<script src="../testharnessreport.js"></script> +<script> +done(); +</script>
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/resources/testharness.js b/tests/wpt/web-platform-tests/resources/testharness.js index 9433d12bdb0..9ad4f9aa5c1 100644 --- a/tests/wpt/web-platform-tests/resources/testharness.js +++ b/tests/wpt/web-platform-tests/resources/testharness.js @@ -517,19 +517,27 @@ policies and contribution forms [3]. function promise_test(func, name, properties) { var test = async_test(name, properties); - Promise.resolve(test.step(func, test, test)) - .then( - function() { - test.done(); - }) - .catch(test.step_func( - function(value) { - if (value instanceof AssertionError) { - throw value; - } - assert(false, "promise_test", null, - "Unhandled rejection with value: ${value}", {value:value}); - })); + // If there is no promise tests queue make one. + test.step(function() { + if (!tests.promise_tests) { + tests.promise_tests = Promise.resolve(); + } + }); + tests.promise_tests = tests.promise_tests.then(function() { + return Promise.resolve(test.step(func, test, test)) + .then( + function() { + test.done(); + }) + .catch(test.step_func( + function(value) { + if (value instanceof AssertionError) { + throw value; + } + assert(false, "promise_test", null, + "Unhandled rejection with value: ${value}", {value:value}); + })); + }); } function promise_rejects(test, expected, promise) { @@ -2048,28 +2056,11 @@ policies and contribution forms [3]. log.removeChild(log.lastChild); } - var script_prefix = null; - var scripts = document.getElementsByTagName("script"); - for (var i = 0; i < scripts.length; i++) { - var src; - if (scripts[i].src) { - src = scripts[i].src; - } else if (scripts[i].href) { - //SVG case - src = scripts[i].href.baseVal; - } - - var matches = src && src.match(/^(.*\/|)testharness\.js$/); - if (matches) { - script_prefix = matches[1]; - break; - } - } - - if (script_prefix !== null) { + var harness_url = get_harness_url(); + if (harness_url !== null) { var stylesheet = output_document.createElementNS(xhtml_ns, "link"); stylesheet.setAttribute("rel", "stylesheet"); - stylesheet.setAttribute("href", script_prefix + "testharness.css"); + stylesheet.setAttribute("href", harness_url + "testharness.css"); var heads = output_document.getElementsByTagName("head"); if (heads.length) { heads[0].appendChild(stylesheet); @@ -2425,6 +2416,7 @@ policies and contribution forms [3]. AssertionError.prototype.get_stack = function() { var stack = new Error().stack; + // IE11 does not initialize 'Error.stack' until the object is thrown. if (!stack) { try { throw new Error(); @@ -2432,18 +2424,30 @@ policies and contribution forms [3]. stack = e.stack; } } + var lines = stack.split("\n"); - var rv = []; - var re = /\/resources\/testharness\.js/; + + // Create a pattern to match stack frames originating within testharness.js. These include the + // script URL, followed by the line/col (e.g., '/resources/testharness.js:120:21'). + var re = new RegExp((get_script_url() || "\\btestharness.js") + ":\\d+:\\d+"); + + // Some browsers include a preamble that specifies the type of the error object. Skip this by + // advancing until we find the first stack frame originating from testharness.js. var i = 0; - // Fire remove any preamble that doesn't match the regexp - while (!re.test(lines[i])) { - i++ + while (!re.test(lines[i]) && i < lines.length) { + i++; + } + + // Then skip the top frames originating from testharness.js to begin the stack at the test code. + while (re.test(lines[i]) && i < lines.length) { + i++; } - // Then remove top frames in testharness.js itself - while (re.test(lines[i])) { - i++ + + // Paranoid check that we didn't skip all frames. If so, return the original stack unmodified. + if (i >= lines.length) { + return stack; } + return lines.slice(i).join("\n"); } @@ -2491,7 +2495,7 @@ policies and contribution forms [3]. Array.prototype.push.apply(array, items); } - function forEach (array, callback, thisObj) + function forEach(array, callback, thisObj) { for (var i = 0; i < array.length; i++) { if (array.hasOwnProperty(i)) { @@ -2535,11 +2539,46 @@ policies and contribution forms [3]. } } + /** Returns the 'src' URL of the first <script> tag in the page to include the file 'testharness.js'. */ + function get_script_url() + { + if (!('document' in self)) { + return undefined; + } + + var scripts = document.getElementsByTagName("script"); + for (var i = 0; i < scripts.length; i++) { + var src; + if (scripts[i].src) { + src = scripts[i].src; + } else if (scripts[i].href) { + //SVG case + src = scripts[i].href.baseVal; + } + + var matches = src && src.match(/^(.*\/|)testharness\.js$/); + if (matches) { + return src; + } + } + return undefined; + } + + /** Returns the URL path at which the files for testharness.js are assumed to reside (e.g., '/resources/'). + The path is derived from inspecting the 'src' of the <script> tag that included 'testharness.js'. */ + function get_harness_url() + { + var script_url = get_script_url(); + + // Exclude the 'testharness.js' file from the returned path, but '+ 1' to include the trailing slash. + return script_url ? script_url.slice(0, script_url.lastIndexOf('/') + 1) : undefined; + } + function supports_post_message(w) { var supports; var type; - // Given IE implements postMessage across nested iframes but not across + // Given IE implements postMessage across nested iframes but not across // windows or tabs, you can't infer cross-origin communication from the presence // of postMessage on the current window object only. // diff --git a/tests/wpt/web-platform-tests/selectors-api/tests/submissions/Opera/ParentNode-query-queryAll.js b/tests/wpt/web-platform-tests/selectors-api/tests/submissions/Opera/ParentNode-query-queryAll.js index e55a0fb2ea8..9a330f4b8bd 100644 --- a/tests/wpt/web-platform-tests/selectors-api/tests/submissions/Opera/ParentNode-query-queryAll.js +++ b/tests/wpt/web-platform-tests/selectors-api/tests/submissions/Opera/ParentNode-query-queryAll.js @@ -109,7 +109,6 @@ function runValidSelectorTest(type, root, selectors, docType) { var ref = s["ref"]; if (!s["exclude"] || (s["exclude"].indexOf(nodeType) === -1 && s["exclude"].indexOf(docType) === -1)) { - //console.log("Running tests " + nodeType + ": " + s["testType"] + "&" + testType + "=" + (s["testType"] & testType) + ": " + JSON.stringify(s)) var foundall, found, context, refNodes, refArray; if (s["testType"] & TEST_FIND) { @@ -225,8 +224,6 @@ function runValidSelectorTest(type, root, selectors, docType) { }, type + ".query: " + n + " (with no refNodes): " + q); } } - } else { - //console.log("Excluding for " + nodeType + ": " + s["testType"] + "&" + testType + "=" + (s["testType"] & testType) + ": " + JSON.stringify(s)) } } } diff --git a/tests/wpt/web-platform-tests/shadow-dom/shadow-trees/upper-boundary-encapsulation/dom-tree-accessors-001.html b/tests/wpt/web-platform-tests/shadow-dom/shadow-trees/upper-boundary-encapsulation/dom-tree-accessors-001.html index c55a6091cfb..5c66ebf53dc 100644 --- a/tests/wpt/web-platform-tests/shadow-dom/shadow-trees/upper-boundary-encapsulation/dom-tree-accessors-001.html +++ b/tests/wpt/web-platform-tests/shadow-dom/shadow-trees/upper-boundary-encapsulation/dom-tree-accessors-001.html @@ -127,8 +127,8 @@ test(function () { // Replace the content of <title> to distinguish elements in a host // document and a shadow tree. - doc.getElementsByTagName('title')[0].innerText = 'Title of host document'; - shadowRoot.getElementsByTagName('title')[0].innerText = + doc.getElementsByTagName('title')[0].textContent = 'Title of host document'; + shadowRoot.getElementsByTagName('title')[0].textContent = 'Title of shadow tree'; assert_equals(doc.title, 'Title of host document'); diff --git a/tests/wpt/web-platform-tests/shadow-dom/testcommon.js b/tests/wpt/web-platform-tests/shadow-dom/testcommon.js index 4d01f57cd4c..397160e4d13 100644 --- a/tests/wpt/web-platform-tests/shadow-dom/testcommon.js +++ b/tests/wpt/web-platform-tests/shadow-dom/testcommon.js @@ -180,8 +180,6 @@ function unit(f) { var ctx = newContext(); try { f(ctx); - } catch(e) { - console.log(e.getMessage()); } finally { cleanContext(ctx); } diff --git a/tests/wpt/web-platform-tests/tools/runner/index.html b/tests/wpt/web-platform-tests/tools/runner/index.html index 45ae38c7edf..380c735583d 100644 --- a/tests/wpt/web-platform-tests/tools/runner/index.html +++ b/tests/wpt/web-platform-tests/tools/runner/index.html @@ -121,6 +121,7 @@ <th>Failed <th>Timeouts <th>Errors + <th>Not Run</th> </tr> </thead> <tbody> @@ -129,6 +130,7 @@ <td class='FAIL'>0 <td class='TIMEOUT'>0 <td class='ERROR'>0 + <td class='NOTRUN'>0 </tr> </tbody> </table> diff --git a/tests/wpt/web-platform-tests/tools/runner/runner.css b/tests/wpt/web-platform-tests/tools/runner/runner.css index b24c8bd4232..86e8384186f 100644 --- a/tests/wpt/web-platform-tests/tools/runner/runner.css +++ b/tests/wpt/web-platform-tests/tools/runner/runner.css @@ -153,6 +153,10 @@ td.TIMEOUT { color: #f6bb42; } +td.NOTRUN { + color: #00c; +} + td.ERROR { color: #da4453; font-weight: bold; diff --git a/tests/wpt/web-platform-tests/tools/runner/runner.js b/tests/wpt/web-platform-tests/tools/runner/runner.js index 80dc5d5cef7..07fdbea7dc4 100644 --- a/tests/wpt/web-platform-tests/tools/runner/runner.js +++ b/tests/wpt/web-platform-tests/tools/runner/runner.js @@ -145,7 +145,8 @@ VisualOutput.prototype = { this.result_count = {"PASS":0, "FAIL":0, "ERROR":0, - "TIMEOUT":0}; + "TIMEOUT":0, + "NOTRUN":0}; for (var p in this.result_count) { if (this.result_count.hasOwnProperty(p)) { this.elem.querySelector("td." + p).textContent = 0; @@ -183,12 +184,19 @@ VisualOutput.prototype = { var subtest_pass_count = subtests.reduce(function(prev, current) { return (current.status === "PASS") ? prev + 1 : prev; }, 0); + + var subtest_notrun_count = subtests.reduce(function(prev, current) { + return (current.status === "NOTRUN") ? prev +1 : prev; + }, 0); + var subtests_count = subtests.length; var test_status; if (subtest_pass_count === subtests_count && (status == "OK" || status == "PASS")) { test_status = "PASS"; + } else if (subtest_notrun_count == subtests_count) { + test_status = "NOTRUN"; } else if (subtests_count > 0 && status === "OK") { test_status = "FAIL"; } else { @@ -225,7 +233,7 @@ VisualOutput.prototype = { } } - var status_arr = ["PASS", "FAIL", "ERROR", "TIMEOUT"]; + var status_arr = ["PASS", "FAIL", "ERROR", "TIMEOUT", "NOTRUN"]; for (var i = 0; i < status_arr.length; i++) { this.elem.querySelector("td." + status_arr[i]).textContent = this.result_count[status_arr[i]]; } @@ -707,7 +715,7 @@ function setup() { } window.completion_callback = function(tests, status) { - var harness_status_map = {0:"OK", 1:"ERROR", 2:"TIMEOUT"}; + var harness_status_map = {0:"OK", 1:"ERROR", 2:"TIMEOUT", 3:"NOTRUN"}; var subtest_status_map = {0:"PASS", 1:"FAIL", 2:"TIMEOUT", 3:"NOTRUN"}; // this ugly hack is because IE really insists on holding on to the objects it creates in diff --git a/tests/wpt/web-platform-tests/tools/serve/serve.py b/tests/wpt/web-platform-tests/tools/serve/serve.py index c232a412eda..41aaa8afac2 100644 --- a/tests/wpt/web-platform-tests/tools/serve/serve.py +++ b/tests/wpt/web-platform-tests/tools/serve/serve.py @@ -17,6 +17,7 @@ from .. import localpaths import sslutils from wptserve import server as wptserve, handlers +from wptserve import stash from wptserve.logger import set_logger from mod_pywebsocket import standalone as pywebsocket @@ -356,7 +357,6 @@ def get_ssl_config(config, external_domains, ssl_environment): "cert_path": cert_path, "encrypt_after_connect": config["ssl"]["encrypt_after_connect"]} - def start(config, ssl_environment, routes, **kwargs): host = config["host"] domains = get_subdomains(host) @@ -485,12 +485,13 @@ def main(): setup_logger(config["log_level"]) - with get_ssl_environment(config) as ssl_env: - config_, servers = start(config, ssl_env, default_routes(), **kwargs) + with stash.StashServer((config["host"], get_port()), authkey=str(uuid.uuid4())): + with get_ssl_environment(config) as ssl_env: + config_, servers = start(config, ssl_env, default_routes(), **kwargs) - try: - while any(item.is_alive() for item in iter_procs(servers)): - for item in iter_procs(servers): - item.join(1) - except KeyboardInterrupt: - logger.info("Shutting down") + try: + while any(item.is_alive() for item in iter_procs(servers)): + for item in iter_procs(servers): + item.join(1) + except KeyboardInterrupt: + logger.info("Shutting down") diff --git a/tests/wpt/web-platform-tests/tools/wptserve/LICENSE b/tests/wpt/web-platform-tests/tools/wptserve/LICENSE new file mode 100644 index 00000000000..45896e6be2b --- /dev/null +++ b/tests/wpt/web-platform-tests/tools/wptserve/LICENSE @@ -0,0 +1,30 @@ +W3C 3-clause BSD License + +http://www.w3.org/Consortium/Legal/2008/03-bsd-license.html + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +* Redistributions of works must retain the original copyright notice, + this list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the original copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +* Neither the name of the W3C nor the names of its contributors may be + used to endorse or promote products derived from this work without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py index 1cc2a3d14f9..0d4b4196cba 100644 --- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py +++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py @@ -1,6 +1,7 @@ import base64 import cgi import Cookie +import os import StringIO import tempfile import urlparse @@ -27,7 +28,15 @@ class Server(object): config = None def __init__(self, request): - self.stash = stash.Stash(request.url_parts.path) + self._stash = None + self._request = request + + @property + def stash(self): + if self._stash is None: + address, authkey = stash.load_env_config() + self._stash = stash.Stash(self._request.url_parts.path, address, authkey) + return self._stash class InputFile(object): diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/stash.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/stash.py index 39bde3d6926..b5461919322 100644 --- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/stash.py +++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/stash.py @@ -1,17 +1,76 @@ +import base64 +import json +import os import uuid +from multiprocessing import Process +from multiprocessing.managers import BaseManager, DictProxy + +class ServerDictManager(BaseManager): + shared_data = {} + +def _get_shared(): + return ServerDictManager.shared_data + +ServerDictManager.register("get_dict", + callable=_get_shared, + proxytype=DictProxy) + +class ClientDictManager(BaseManager): + pass + +ClientDictManager.register("get_dict") + +class StashServer(object): + def __init__(self, address=None, authkey=None): + self.address = address + self.authkey = authkey + self.manager = None + + def __enter__(self): + self.manager, self.address, self.authkey = start_server(self.address, self.authkey) + store_env_config(self.address, self.authkey) + + def __exit__(self, *args, **kwargs): + if self.manager is not None: + self.manager.shutdown() + +def load_env_config(): + address, authkey = json.loads(os.environ["WPT_STASH_CONFIG"]) + if isinstance(address, list): + address = tuple(address) + else: + address = str(address) + authkey = base64.decodestring(authkey) + return address, authkey + +def store_env_config(address, authkey): + authkey = base64.encodestring(authkey) + os.environ["WPT_STASH_CONFIG"] = json.dumps((address, authkey)) + +def start_server(address=None, authkey=None): + manager = ServerDictManager(address, authkey) + manager.start() + + return (manager, manager._address, manager._authkey) + #TODO: Consider expiring values after some fixed time for long-running #servers +# TODO(kristijanburnik): Provide shared Stash support for WebSockets. class Stash(object): - """Key-value store for persisting data across HTTP requests. + """Key-value store for persisting data across HTTP/S requests. + + This data store is specifically designed for persisting data across + HTTP and HTTPS requests. The synchronization model is usually done by using + the SyncManager from the multiprocessing module. - This data store specifically designed for persisting data across - HTTP requests. It is entirely in-memory so data will not be - persisted across server restarts. + Stash can be used interchangeably between HTTP and HTTPS requests as both + processes are accessing the same resource (e.g. a Manager.dict). + The WS and WSS servers are currently not supported. - This has several unusual properties. Keys are of the form (path, + The store has several unusual properties. Keys are of the form (path, uuid), where path is, by default, the path in the HTTP request and uuid is a unique id. In addition, the store is write-once, read-once, i.e. the value associated with a particular key cannot be changed once @@ -19,66 +78,66 @@ class Stash(object): these properties make it difficult for data to accidentally leak between different resources or different requests for the same resource. - """ - data = {} + _proxy = None - def __init__(self, default_path): + def __init__(self, default_path, address=None, authkey=None): self.default_path = default_path + self.data = self._get_proxy(address, authkey) + + def _get_proxy(self, address=None, authkey=None): + if address is None and authkey is None: + Stash._proxy = {} + + if Stash._proxy is None: + manager = ClientDictManager(address, authkey) + manager.connect() + Stash._proxy = manager.get_dict() + + return Stash._proxy + + def _wrap_key(self, key, path): + if path is None: + path = self.default_path + # This key format is required to support using the path. Since the data + # passed into the stash can be a DictProxy which wouldn't detect changes + # when writing to a subdict. + return (str(path), str(uuid.UUID(key))) def put(self, key, value, path=None): - """Place a value in the stash. + """Place a value in the shared stash. :param key: A UUID to use as the data's key. :param value: The data to store. This can be any python object. :param path: The path that has access to read the data (by default the current request path)""" - if path is None: - path = self.default_path - if path not in self.data: - self.data[path] = PathStash(path) - - self.data[path][key] = value + if value is None: + raise ValueError("SharedStash value may not be set to None") + internal_key = self._wrap_key(key, path) + if internal_key in self.data: + raise StashError("Tried to overwrite existing shared stash value " + "for key %s (old value was %s, new value is %s)" % + (internal_key, self[str(internal_key)], value)) + else: + self.data[internal_key] = value def take(self, key, path=None): - """Remove a value from the stash and return it. + """Remove a value from the shared stash and return it. :param key: A UUID to use as the data's key. :param path: The path that has access to read the data (by default the current request path)""" - if path is None: - path = self.default_path + internal_key = self._wrap_key(key, path) + value = self.data.get(internal_key, None) + if not value is None: + try: + self.data.pop(internal_key) + except KeyError: + # Silently continue when pop error occurs. + pass - if path in self.data: - value = self.data[path][key] - else: - value = None return value - -class PathStash(dict): - def __init__(self, path): - self.path = path - - def __setitem__(self, key, value): - key = uuid.UUID(key) - if value is None: - raise ValueError("Stash value may not be set to None") - if key in self: - raise StashError("Tried to overwrite existing stash value " - "for path %s and key %s (old value was %s, new value is %s)" % - (self.path, key, self[str(key)], value)) - else: - dict.__setitem__(self, key, value) - - def __getitem__(self, key): - key = uuid.UUID(key) - rv = dict.get(self, key, None) - if rv is not None: - del self[key] - return rv - - class StashError(Exception): pass diff --git a/tests/wpt/web-platform-tests/uievents/order-of-events/mouse-events/mouseevents-mousemove-manual.htm b/tests/wpt/web-platform-tests/uievents/order-of-events/mouse-events/mouseevents-mousemove-manual.htm new file mode 100644 index 00000000000..8ed9c1c2848 --- /dev/null +++ b/tests/wpt/web-platform-tests/uievents/order-of-events/mouse-events/mouseevents-mousemove-manual.htm @@ -0,0 +1,76 @@ +<!doctype html> + <head> + <meta charset=utf-8> + <title>MouseEvent - mousemove event order</title> + <style> + .testarea { margin: auto; width: 80%; height: 250px; border: 1px solid grey; position: relative; } + + #start,#end { background-color: red; border: 1px solid black; margin: 0; padding: 0; } + /* start/end layout */ + #start.green,#end.green { background-color: green; } + #start { position: absolute; left: 15%; top: 15%; width: 50%; height: 50%; } + #end { position: absolute; right: 15%; bottom: 15%; width: 50%; height: 50%; } + </style> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script> + setup({explicit_timeout: true}); + </script> + <script src="/uievents/resources/eventrecorder.js"></script> + </head> + <body> + <p><strong>Description</strong>: Verifies that mousemove events track the pointer position and transition from top-most + visible element to top-most visible element, changing targets + in the DOM along the way.</p> + + <p><strong>Instructions</strong>: </p> + <ol> + <li>Move the pointer to the upper-left red box and then move it directly toward and into the lower-right red box. + </ol> + <p><strong>Test Passes</strong> if both boxes turn green and the word 'PASS' appears below</p> + + <section class="testarea"> + <div id="end"></div> + <div id="start"></div> + </section> + + <script> + var start = document.getElementById("start"); + var end = document.getElementById("end"); + + EventRecorder.configure({ + mergeEventTypes: ["mousemove"], + objectMap: { + "div#start": start, + "div#end": end + } + }); + + + start.addRecordedEventListener('mousemove', function (e) { + e.stopPropagation(); + this.className = "green"; + }); + + end.addRecordedEventListener('mousemove', function (e) { + e.stopPropagation(); + this.className = "green"; + endTest(); + done(); + }); + + function endTest() { + EventRecorder.stop(); + var results = EventRecorder.getRecords(); + // Check results: + assert_equals(results.length, 2, "Two mousemove events"); + assert_equals(results[0].event.type, "mousemove", "First event is a mousemove event"); + assert_equals(results[1].event.type, "mousemove", "Second event is a mousemove event"); + assert_equals(results[0].event.target, "div#start", "First event targetted #start"); + assert_equals(results[1].event.target, "div#end", "Second event targetted #end"); + } + + EventRecorder.start(); + </script> + </body> +</html>
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/uievents/resources/eventrecorder.js b/tests/wpt/web-platform-tests/uievents/resources/eventrecorder.js new file mode 100644 index 00000000000..936b136d8b3 --- /dev/null +++ b/tests/wpt/web-platform-tests/uievents/resources/eventrecorder.js @@ -0,0 +1,283 @@ +// interface EventRecorder { +// static void start(); +// static void stop(); +// static void clearRecords(); +// static sequence<EventRecord> getRecords(); +// static void configure(EventRecorderOptions options); +// }; +// * getRecords +// * returns an array of EventRecord objects; the array represents the sequence of events captured at anytime after the last clear() +// call, between when the recorder was started and stopped (including multiple start/stop pairs) +// * configure +// * sets options that should apply to the recorder. If the recorder has any existing records, than this API throws an exception. +// * start +// * starts/un-pauses the recorder +// * stop +// * stops/pauses the recorder +// * clear +// * purges all recorded records + +// ---------------------- + +// dictionary EventRecorderOptions { +// sequence<SupportedEventTypes> mergeEventTypes; +// ObjectNamedMap objectMap; +// }; +// * mergeEventTypes +// * a list of event types that should be consolidated into one record when all of the following conditions are true: +// 1) The events are of the same type and follow each other chronologically +// 2) The events' currentTarget is the same +// * The default is an empty list (no event types are merged). +// * objectMap +// * Sets up a series + +// dictionary ObjectNamedMap { +// //<keys will be 'targetTestID' names, with values of the objects which they label> +// }; +// * targetTestID = the string identifier that the associated target object should be known as (for purposes of unique identification. This +// need not be the same as the Node's id attribute if it has one. If no 'targetTestID' string mapping is provided via this +// map, but is encountered later when recording specific events, a generic targetTestID of 'UNKNOWN_OBJECT' is used. + +// ---------------------- + +// dictionary EventRecord { +// unsigned long chronologicalOrder; +// unsigned long sequentialOccurrences; +// sequence<EventRecord>? nestedEvents; +// DOMString interfaceType; +// EventRecordDetails event; +// }; +// * chronologicalOrder +// * Since some events may be dispatched re-entrantly (e.g., while existing events are being dispatched), and others may be merged +// given the 'mergeEventTypes' option in the EventRecorder, this value is the actual chronological order that the event fired +// * sequentialOccurrences +// * If this event was fired multiple times in a row (see the 'mergeEventTypes' option), this value is the count of occurrences. +// A value of 1 means this was the only occurrence of this event (that no events were merged with it). A value greater than 1 +// indicates that the event occurred that many times in a row. +// * nestedEvents +// * The holds all the events that were sequentially dispatched synchronously while the current event was still being dispatched +// (e.g., between the time that this event listener was triggered and when it returned). +// * Has the value null if no nested events were recorded during the invocation of this listener. +// * interfaceType +// * The string indicating which Event object (or derived Event object type) the recorded event object instance is based on. +// * event +// * Access to the recorded event properties for the event instance (not the actual event instance itself). A snapshot of the +// enumerable properties of the event object instance at the moment the listener was first triggered. + +// ---------------------- + +// dictionary EventRecordDetails { +// //<recorded property names with their values for all enumerable properties of the event object instance> +// }; +// * EventRecordDetails +// * For records with 'sequentialOccurrences' > 1, only the first occurence is recorded (subsequent event details are dropped). +// * Object reference values (e.g., event.target, event.currentTarget, etc.) are replaced with their mapped 'targetTestID' string. +// If no 'targetTestID' string mapping is available for a particular object, the value 'UNKNOWN_OBJECT' is returned. + +// ---------------------- + +// [NoInterfaceObject] +// interface EventRecorderRegistration { +// void addRecordedEventListener(SupportedEventTypes type, EventListener? handler, optional boolean capturePhase = false); +// void removeRecordedEventListener(SupportedEventTypes type, EventListener? handler, optional boolean capturePhase = false); +// }; +// Node implements EventRecorderRegistration; +// +// enum SupportedEventTypes = { +// "mousemove", +// etc... +// }; +// * addRecordedEventListener +// * handler = pass null if you want only a default recording of the event (and don't need any other special handling). Otherwise, +// the handler will be invoked normally as part of the event's dispatch. +// * <other params> are the same as those defined on addEventListener/removeEventListenter APIs (see DOM4) +// * Use this API *instead of* addEventListener to record your events for testing purposes. + +(function EventRecorderScope(global) { + "use strict"; + + if (global.EventRecorder) + return; // Already initialized. + + // WeakMap polyfill + if (!global.WeakMap) { + throw new Error("EventRecorder depends on WeakMap! Please polyfill for completeness to run in this user agent!"); + } + + // Globally applicable variables + var allRecords = []; + var recording = false; + var rawOrder = 1; + var mergeTypesTruthMap = {}; // format of { eventType: true, ... } + var eventsInScope = []; // Tracks synchronous event dispatches + var handlerMap = new WeakMap(); // Keeps original handlers (so that they can be used to un-register for events. + + // Find all Event Object Constructors on the global and add them to the map along with their name (sans 'Event') + var eventConstructorsNameMap = new WeakMap(); // format of key: hostObject, value: alias to use. + var regex = /[A-Z][A-Za-z0-9]+Event$/; + Object.getOwnPropertyNames(global).forEach(function (propName) { + if (regex.test(propName)) + eventConstructorsNameMap.set(global[propName], propName); + }); + var knownObjectsMap = eventConstructorsNameMap; + + Object.defineProperty(global, "EventRecorder", { + writable: true, + configurable: true, + value: Object.create(null, { + start: { + enumerable: true, configurable: true, writable: true, value: function start() { recording = true; } + }, + stop: { + enumerable: true, configurable: true, writable: true, value: function stop() { recording = false; } + }, + clearRecords: { + enumerable: true, configurable: true, writable: true, value: function clearRecords() { + rawOrder = 1; + allRecords = []; + } + }, + getRecords: { + enumerable: true, configurable: true, writable: true, value: function getRecords() { return allRecords; } + }, + configure: { + enumerable: true, configurable: true, writable: true, value: function configure(options) { + if (allRecords.length > 0) + throw new Error("Wrong time to call me: EventRecorder.configure must only be called when no recorded events are present. Try 'clearRecords' first."); + + // Un-configure existing options by calling again with no options set... + mergeTypesTruthMap = {}; + knownObjectsMap = eventConstructorsNameMap; + + if (!(options instanceof Object)) + return; + // Sanitize the passed object (tease-out getter functions) + var sanitizedOptions = {}; + for (var x in options) { + sanitizedOptions[x] = options[x]; + } + if (sanitizedOptions.mergeEventTypes && Array.isArray(sanitizedOptions.mergeEventTypes)) { + sanitizedOptions.mergeEventTypes.forEach(function (eventType) { + if (typeof eventType == "string") + mergeTypesTruthMap[eventType] = true; + }); + } + if (sanitizedOptions.objectMap && (sanitizedOptions.objectMap instanceof Object)) { + for (var y in sanitizedOptions.objectMap) { + knownObjectsMap.set(sanitizedOptions.objectMap[y], y); + } + } + } + } + }) + }); + + function EventRecord(rawEvent) { + this.chronologicalOrder = rawOrder++; + this.sequentialOccurrences = 1; + this.nestedEvents = null; // potentially a [] + this.interfaceType = knownObjectsMap.get(rawEvent.constructor); + if (!this.interfaceType) // In case (somehow) this event's constructor is not named something with an 'Event' suffix... + this.interfaceType = rawEvent.constructor.toString(); + this.event = new CloneObjectLike(rawEvent); + } + + // Only enumerable props including prototype-chain (non-recursive), w/no functions. + function CloneObjectLike(object) { + for (var prop in object) { + var val = object[prop]; + if (Array.isArray(val)) + this[prop] = CloneArray(val); + else if (typeof val == "function") + continue; + else if ((typeof val == "object") && (val != null)) { + this[prop] = knownObjectsMap.get(val); + if (this[prop] === undefined) + this[prop] = "UNKNOWN_OBJECT (" + val.toString() + ")"; + } + else + this[prop] = val; + } + } + + function CloneArray(array) { + var dup = []; + for (var i = 0, len = array.length; i < len; i++) { + var val = array[i] + if (typeof val == "undefined") + throw new Error("Ugg. Sparce arrays are not supported. Sorry!"); + else if (Array.isArray(val)) + dup[i] = "UNKNOWN_ARRAY"; + else if (typeof val == "function") + dup[i] = "UNKNOWN_FUNCTION"; + else if ((typeof val == "object") && (val != null)) { + dup[i] = knownObjectsMap.get(val); + if (dup[i] === undefined) + dup[i] = "UNKNOWN_OBJECT (" + val.toString() + ")"; + } + else + dup[i] = val; + } + return dup; + } + + function generateRecordedEventHandlerWithCallback(callback) { + return function(e) { + if (recording) { + // Setup the scope for any synchronous events + eventsInScope.push(recordEvent(e)); + callback.call(this, e); + eventsInScope.pop(); + } + } + } + + function recordedEventHandler(e) { + if (recording) + recordEvent(e); + } + + function recordEvent(e) { + var record = new EventRecord(e); + var recordList = allRecords; + // Adjust which sequential list to use depending on scope + if (eventsInScope.length > 0) { + recordList = eventsInScope[eventsInScope.length - 1].nestedEvents; + if (recordList == null) // This top-of-stack event record hasn't had any nested events yet. + recordList = eventsInScope[eventsInScope.length - 1].nestedEvents = []; + } + if (mergeTypesTruthMap[e.type] && (recordList.length > 0)) { + var tail = recordList[recordList.length-1]; + // Same type and currentTarget? + if ((tail.event.type == record.event.type) && (tail.event.currentTarget == record.event.currentTarget)) { + tail.sequentialOccurrences++; + return; + } + } + recordList.push(record); + return record; + } + + Object.defineProperties(Node.prototype, { + addRecordedEventListener: { + enumerable: true, writable: true, configurable: true, + value: function addRecordedEventListener(type, handler, capture) { + if (handler == null) + this.addEventListener(type, recordedEventHandler, capture); + else { + var subvertedHandler = generateRecordedEventHandlerWithCallback(handler); + handlerMap.set(handler, subvertedHandler); + this.addEventListener(type, subvertedHandler, capture); + } + } + }, + removeRecordedEventListener: { + enumerable: true, writable: true, configurable: true, + value: function addRecordedEventListener(type, handler, capture) { + var alternateHandlerUsed = handlerMap.get(handler); + this.removeEventListenter(type, alternateHandlerUsed ? alternateHandlerUsed : recordedEventHandler, capture); + } + } + }); + +})(window);
\ No newline at end of file diff --git a/tests/wpt/web-platform-tests/url/urltestdata.txt b/tests/wpt/web-platform-tests/url/urltestdata.txt index fe7a5baa112..1e0fe490195 100644 --- a/tests/wpt/web-platform-tests/url/urltestdata.txt +++ b/tests/wpt/web-platform-tests/url/urltestdata.txt @@ -319,9 +319,8 @@ http://%25 http://hello%00 # Escaped numbers should be treated like IP addresses if they are. -# No special handling for IPv4 or IPv4-like URLs -http://%30%78%63%30%2e%30%32%35%30.01 s:http p:/ h:192.168.0.1 -http://%30%78%63%30%2e%30%32%35%30.01%2e s:http p:/ h:0xc0.0250.01. +http://%30%78%63%30%2e%30%32%35%30.01 s:http h:192.168.0.1 p:/ +http://%30%78%63%30%2e%30%32%35%30.01%2e s:http h:192.168.0.1 p:/ http://192.168.0.257 # Invalid escaping should trigger the regular host error handling. diff --git a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-auto-y-hidden.html b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-auto-y-hidden.html index 96fd750a6b4..e9ce24c73c6 100644 --- a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-auto-y-hidden.html +++ b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-auto-y-hidden.html @@ -14,7 +14,7 @@ <body> <div id="over"> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').innerText='ok'">Click right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').textContent='ok'">Click right</a></div> </div> <div style="height: 5000px; width: 5000px;"> Right clicked: <span id="right-clicked"></span></br> @@ -22,9 +22,9 @@ Bottom-right clicked: <span id="bottom-right-clicked"></span></br> </div> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').innerText='ok'">Click bottom-right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').textContent='ok'">Click bottom-right</a></div> </div> - <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').innerText='ok'">Click bottom</a> + <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').textContent='ok'">Click bottom</a> </div> </body> </html> diff --git a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-auto.html b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-auto.html index 24dd1928306..22b5049ffd0 100644 --- a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-auto.html +++ b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-auto.html @@ -14,7 +14,7 @@ <body> <div id="over"> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').innerText='ok'">Click right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').textContent='ok'">Click right</a></div> </div> <div style="height: 5000px; width: 5000px;"> Right clicked: <span id="right-clicked"></span></br> @@ -22,9 +22,9 @@ Bottom-right clicked: <span id="bottom-right-clicked"></span></br> </div> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').innerText='ok'">Click bottom-right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').textContent='ok'">Click bottom-right</a></div> </div> - <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').innerText='ok'">Click bottom</a> + <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').textContent='ok'">Click bottom</a> </div> </body> </html> diff --git a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-hidden.html b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-hidden.html index cae566578f0..c26b48aea2f 100644 --- a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-hidden.html +++ b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-hidden.html @@ -14,7 +14,7 @@ <body> <div id="over"> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').innerText='ok'">Click right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').textContent='ok'">Click right</a></div> </div> <div style="height: 5000px; width: 5000px;"> Right clicked: <span id="right-clicked"></span></br> @@ -22,9 +22,9 @@ Bottom-right clicked: <span id="bottom-right-clicked"></span></br> </div> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').innerText='ok'">Click bottom-right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').textContent='ok'">Click bottom-right</a></div> </div> - <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').innerText='ok'">Click bottom</a> + <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').textContent='ok'">Click bottom</a> </div> </body> </html> diff --git a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-scroll.html b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-scroll.html index d4ffa3970fb..b98b79a7e1d 100644 --- a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-scroll.html +++ b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-hidden-y-scroll.html @@ -14,7 +14,7 @@ <body> <div id="over"> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').innerText='ok'">Click right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').textContent='ok'">Click right</a></div> </div> <div style="height: 5000px; width: 5000px;"> Right clicked: <span id="right-clicked"></span></br> @@ -22,9 +22,9 @@ Bottom-right clicked: <span id="bottom-right-clicked"></span></br> </div> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').innerText='ok'">Click bottom-right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').textContent='ok'">Click bottom-right</a></div> </div> - <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').innerText='ok'">Click bottom</a> + <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').textContent='ok'">Click bottom</a> </div> </body> </html> diff --git a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-scroll-y-hidden.html b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-scroll-y-hidden.html index 4a6ff595d3b..9348681acec 100644 --- a/tests/wpt/web-platform-tests/webdriver/element_state/res/x-scroll-y-hidden.html +++ b/tests/wpt/web-platform-tests/webdriver/element_state/res/x-scroll-y-hidden.html @@ -14,7 +14,7 @@ <body> <div id="over"> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').innerText='ok'">Click right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="right" onclick="document.getElementById('right-clicked').textContent='ok'">Click right</a></div> </div> <div style="height: 5000px; width: 5000px;"> Right clicked: <span id="right-clicked"></span></br> @@ -22,9 +22,9 @@ Bottom-right clicked: <span id="bottom-right-clicked"></span></br> </div> <div style="width: 5000px;"> - <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').innerText='ok'">Click bottom-right</a></div> + <div style="width: 100%; text-align: right;" ><a href="#" id="bottom-right" onclick="document.getElementById('bottom-right-clicked').textContent='ok'">Click bottom-right</a></div> </div> - <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').innerText='ok'">Click bottom</a> + <a href="#" id="bottom" onclick="document.getElementById('bottom-clicked').textContent='ok'">Click bottom</a> </div> </body> </html> diff --git a/tests/wpt/web-platform-tests/webmessaging/Channel_MessagePort_initial_disabled.htm b/tests/wpt/web-platform-tests/webmessaging/Channel_MessagePort_initial_disabled.htm deleted file mode 100644 index 2a91aecbd53..00000000000 --- a/tests/wpt/web-platform-tests/webmessaging/Channel_MessagePort_initial_disabled.htm +++ /dev/null @@ -1,36 +0,0 @@ -<!DOCTYPE html> -<html> -<head> -<title> MessageChannel: port message queue is initially disabled </title> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -</head> -<body> -<div id=log></div> -<script> - - var TestResult = true; - - var t = async_test("Test Description: A port message queue can be enabled or disabled, and is initially disabled."); - - var channel = new MessageChannel(); - - channel.port2.addEventListener("message", TestMessageEvent, true); - - channel.port1.postMessage("ping"); - - setTimeout(t.step_func(VerifyResult), 100); - - function TestMessageEvent(evt) - { - TestResult = false; - } - - function VerifyResult() - { - assert_true(TestResult, "Port message queue is initially disabled?"); - t.done(); - } -</script> -</body> -</html> diff --git a/tests/wpt/web-platform-tests/webmessaging/Channel_MessagePort_onmessage_start.htm b/tests/wpt/web-platform-tests/webmessaging/Channel_MessagePort_onmessage_start.htm deleted file mode 100644 index a1c0ed82de1..00000000000 --- a/tests/wpt/web-platform-tests/webmessaging/Channel_MessagePort_onmessage_start.htm +++ /dev/null @@ -1,38 +0,0 @@ -<!DOCTYPE html> -<html> -<head> -<title> MessageChannel: port.onmessage enables message queue </title> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -</head> -<body> -<div id=log></div> -<script> - - var TestResult = false; - var description = "The first time a MessagePort object's onmessage IDL attribute is set, the port's " - + "port message queue must be enabled, as if the start() method had been called."; - - var t = async_test("Test Description: " + description); - - var channel = new MessageChannel(); - - channel.port2.onmessage = TestMessageEvent; - - channel.port1.postMessage("ping"); - - setTimeout(t.step_func(VerifyResult), 100); - - function TestMessageEvent(evt) - { - TestResult = true; - } - - function VerifyResult() - { - assert_true(TestResult, "Port message queue is enabled?"); - t.done(); - } -</script> -</body> -</html> diff --git a/tests/wpt/web-platform-tests/workers/MessagePort_initial_disabled.htm b/tests/wpt/web-platform-tests/webmessaging/MessagePort_initial_disabled.htm index 453bfb522d1..58447dc2d6e 100644 --- a/tests/wpt/web-platform-tests/workers/MessagePort_initial_disabled.htm +++ b/tests/wpt/web-platform-tests/webmessaging/MessagePort_initial_disabled.htm @@ -1,5 +1,5 @@ <!DOCTYPE html> -<title> MessageChannel: port message queue is initially disabled </title> +<title>MessageChannel: port message queue is initially disabled</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <div id=log></div> diff --git a/tests/wpt/web-platform-tests/workers/MessagePort_onmessage_start.htm b/tests/wpt/web-platform-tests/webmessaging/MessagePort_onmessage_start.htm index fe2d7b7db39..dc4dc1e54b5 100644 --- a/tests/wpt/web-platform-tests/workers/MessagePort_onmessage_start.htm +++ b/tests/wpt/web-platform-tests/webmessaging/MessagePort_onmessage_start.htm @@ -1,5 +1,5 @@ <!DOCTYPE html> -<title> MessageChannel: port.onmessage enables message queue </title> +<title>MessageChannel: port.onmessage enables message queue</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <div id=log></div> diff --git a/tests/wpt/web-platform-tests/webstorage/eventTestHarness.js b/tests/wpt/web-platform-tests/webstorage/eventTestHarness.js index 82f8c3df02c..6d1eee9336c 100644 --- a/tests/wpt/web-platform-tests/webstorage/eventTestHarness.js +++ b/tests/wpt/web-platform-tests/webstorage/eventTestHarness.js @@ -1,12 +1,12 @@ iframe = document.createElement("IFRAME"); iframe.src = "about:blank"; document.body.appendChild(iframe); -iframe.contentWindow.document.body.innerText = "Nothing to see here."; +iframe.contentWindow.document.body.textContent = "Nothing to see here."; storageEventList = new Array(); -iframe.contentWindow.onstorage = function (e) { +iframe.contentWindow.addEventListener("storage", function(e) { window.parent.storageEventList.push(e); -} +}); function runAfterNStorageEvents(callback, expectedNumEvents) { @@ -35,19 +35,12 @@ function countStorageEvents(callback, expectedNumEvents, times) function testStorages(testCallback) { - // When we're done testing LocalStorage, this is run. - function allDone() - { - localStorage.clear(); - sessionStorage.clear(); - } - - // When we're done testing with SessionStorage, this is run. - function runLocalStorage() - { - testCallback("localStorage", allDone); - } - - // First run the test with SessionStorage. - testCallback("sessionStorage", runLocalStorage); + testCallback("sessionStorage"); + var hit = false; + add_result_callback(function() { + if (!hit) { + hit = true; + testCallback("localStorage"); + } + }); } diff --git a/tests/wpt/web-platform-tests/webstorage/event_basic.js b/tests/wpt/web-platform-tests/webstorage/event_basic.js index dbc113675e8..5dfbe032c87 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_basic.js +++ b/tests/wpt/web-platform-tests/webstorage/event_basic.js @@ -1,137 +1,100 @@ -test(function() { - var name ; - testStorages(runTest); - - function runTest(storageString, callback) - { - name = storageString; - window.completionCallback = callback; - +testStorages(function(storageString) { + async_test(function(t) { assert_true(storageString in window, storageString + " exist"); - window.storage = eval(storageString); + var storage = window[storageString]; + t.add_cleanup(function() { storage.clear() }); storageEventList = new Array(); storage.clear(); assert_equals(storage.length, 0, "storage.length"); - runAfterNStorageEvents(step1, 0); - } - - function step1(msg) - { - storageEventList = new Array(); - storage.setItem('FOO', 'BAR'); + runAfterNStorageEvents(t.step_func(step1), 0); - runAfterNStorageEvents(step2, 1); - } + function step1(msg) + { + storageEventList = new Array(); + storage.setItem('FOO', 'BAR'); - function shouldBeEqualToString(express, expectValue) { - assert_equals(typeof express, "string"); - assert_equals(express, expectValue); - } + runAfterNStorageEvents(t.step_func(step2), 1); + } - function step2(msg) - { - test(function() { + function step2(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 1); - shouldBeEqualToString(storageEventList[0].key, "FOO"); + assert_equals(storageEventList[0].key, "FOO"); assert_equals(storageEventList[0].oldValue, null); - shouldBeEqualToString(storageEventList[0].newValue, "BAR"); - }, name + ": the first storage event properties"); + assert_equals(storageEventList[0].newValue, "BAR"); - storage.setItem('FU', 'BAR'); - storage.setItem('a', '1'); - storage.setItem('b', '2'); - storage.setItem('b', '3'); + storage.setItem('FU', 'BAR'); + storage.setItem('a', '1'); + storage.setItem('b', '2'); + storage.setItem('b', '3'); - runAfterNStorageEvents(step3, 5); - } + runAfterNStorageEvents(t.step_func(step3), 5); + } - function step3(msg) - { - test(function() { + function step3(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 5); - shouldBeEqualToString(storageEventList[1].key, "FU"); + assert_equals(storageEventList[1].key, "FU"); assert_equals(storageEventList[1].oldValue, null); - shouldBeEqualToString(storageEventList[1].newValue, "BAR"); - }, name + ": the second storage event properties"); + assert_equals(storageEventList[1].newValue, "BAR"); - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[2].key, "a"); + assert_equals(storageEventList[2].key, "a"); assert_equals(storageEventList[2].oldValue, null); - shouldBeEqualToString(storageEventList[2].newValue, "1"); - }, name + ": the third storage event properties"); + assert_equals(storageEventList[2].newValue, "1"); - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[3].key, "b"); + assert_equals(storageEventList[3].key, "b"); assert_equals(storageEventList[3].oldValue, null); - shouldBeEqualToString(storageEventList[3].newValue, "2"); - }, name + ": the fourth storage event properties"); - - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[4].key, "b"); - shouldBeEqualToString(storageEventList[4].oldValue, "2"); - shouldBeEqualToString(storageEventList[4].newValue, "3"); - }, name + ": the fifth storage event properties"); + assert_equals(storageEventList[3].newValue, "2"); + assert_equals(storageEventList[4].key, "b"); + assert_equals(storageEventList[4].oldValue, "2"); + assert_equals(storageEventList[4].newValue, "3"); - storage.removeItem('FOO'); + storage.removeItem('FOO'); - runAfterNStorageEvents(step4, 6); - } + runAfterNStorageEvents(t.step_func(step4), 6); + } - function step4(msg) - { - test(function() { + function step4(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 6); - shouldBeEqualToString(storageEventList[5].key, "FOO"); - shouldBeEqualToString(storageEventList[5].oldValue, "BAR"); + assert_equals(storageEventList[5].key, "FOO"); + assert_equals(storageEventList[5].oldValue, "BAR"); assert_equals(storageEventList[5].newValue, null); - }, name + ": the sixth storage event properties"); - storage.removeItem('FU'); + storage.removeItem('FU'); - runAfterNStorageEvents(step5, 7); - } + runAfterNStorageEvents(t.step_func(step5), 7); + } - function step5(msg) - { - test(function() { + function step5(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 7); - shouldBeEqualToString(storageEventList[6].key, "FU"); - shouldBeEqualToString(storageEventList[6].oldValue, "BAR"); + assert_equals(storageEventList[6].key, "FU"); + assert_equals(storageEventList[6].oldValue, "BAR"); assert_equals(storageEventList[6].newValue, null); - }, name + ": the seventh storage event properties"); - storage.clear(); + storage.clear(); - runAfterNStorageEvents(step6, 8); - } + runAfterNStorageEvents(t.step_func(step6), 8); + } - function step6(msg) - { - test(function() { + function step6(msg) + { if(msg != undefined) { assert_unreached(msg); } @@ -139,10 +102,9 @@ test(function() { assert_equals(storageEventList[7].key, null); assert_equals(storageEventList[7].oldValue, null); assert_equals(storageEventList[7].newValue, null); - }, name + ": the eighth storage event properties"); - - completionCallback(); - } -}, "DOM Storage mutations fire StorageEvents that are caught by the event listener set via window.onstorage."); + t.done(); + } + }, storageString + " mutations fire StorageEvents that are caught by the event listener set via window.onstorage."); +}); diff --git a/tests/wpt/web-platform-tests/webstorage/event_body_attribute.js b/tests/wpt/web-platform-tests/webstorage/event_body_attribute.js index 5c976740c6c..8220349f83b 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_body_attribute.js +++ b/tests/wpt/web-platform-tests/webstorage/event_body_attribute.js @@ -1,137 +1,100 @@ -test(function() { - var name ; - testStorages(runTest); - - function runTest(storageString, callback) - { - name = storageString; - window.completionCallback = callback; - +testStorages(function(storageString) { + async_test(function(t) { assert_true(storageString in window, storageString + " exist"); - window.storage = eval(storageString); + var storage = window[storageString]; + t.add_cleanup(function() { storage.clear() }); storage.clear(); assert_equals(storage.length, 0, "storage.length"); - iframe.onload = step1; - iframe.src = "iframe/event_body_handler.html"; - } - - function step1(msg) - { - storageEventList = new Array(); - storage.setItem('FOO', 'BAR'); + iframe.onload = t.step_func(step1); + iframe.src = "resources/event_body_handler.html"; - runAfterNStorageEvents(step2, 1); - } + function step1(msg) + { + storageEventList = new Array(); + storage.setItem('FOO', 'BAR'); - function shouldBeEqualToString(express, expectValue) { - assert_equals(typeof express, "string"); - assert_equals(express, expectValue); - } + runAfterNStorageEvents(t.step_func(step2), 1); + } - function step2(msg) - { - test(function() { - if(msg != undefined) { + function step2(msg) + { + if (msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 1); - shouldBeEqualToString(storageEventList[0].key, "FOO"); + assert_equals(storageEventList[0].key, "FOO"); assert_equals(storageEventList[0].oldValue, null); - shouldBeEqualToString(storageEventList[0].newValue, "BAR"); - }, name + ": the first storage event properties"); + assert_equals(storageEventList[0].newValue, "BAR"); - storage.setItem('FU', 'BAR'); - storage.setItem('a', '1'); - storage.setItem('b', '2'); - storage.setItem('b', '3'); + storage.setItem('FU', 'BAR'); + storage.setItem('a', '1'); + storage.setItem('b', '2'); + storage.setItem('b', '3'); - runAfterNStorageEvents(step3, 5); - } + runAfterNStorageEvents(t.step_func(step3), 5); + } - function step3(msg) - { - test(function() { - if(msg != undefined) { + function step3(msg) + { + if (msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 5); - shouldBeEqualToString(storageEventList[1].key, "FU"); + assert_equals(storageEventList[1].key, "FU"); assert_equals(storageEventList[1].oldValue, null); - shouldBeEqualToString(storageEventList[1].newValue, "BAR"); - }, name + ": the second storage event properties"); + assert_equals(storageEventList[1].newValue, "BAR"); - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[2].key, "a"); + assert_equals(storageEventList[2].key, "a"); assert_equals(storageEventList[2].oldValue, null); - shouldBeEqualToString(storageEventList[2].newValue, "1"); - }, name + ": the third storage event properties"); + assert_equals(storageEventList[2].newValue, "1"); - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[3].key, "b"); + assert_equals(storageEventList[3].key, "b"); assert_equals(storageEventList[3].oldValue, null); - shouldBeEqualToString(storageEventList[3].newValue, "2"); - }, name + ": the fourth storage event properties"); - - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[4].key, "b"); - shouldBeEqualToString(storageEventList[4].oldValue, "2"); - shouldBeEqualToString(storageEventList[4].newValue, "3"); - }, name + ": the fifth storage event properties"); + assert_equals(storageEventList[3].newValue, "2"); + assert_equals(storageEventList[4].key, "b"); + assert_equals(storageEventList[4].oldValue, "2"); + assert_equals(storageEventList[4].newValue, "3"); - storage.removeItem('FOO'); + storage.removeItem('FOO'); - runAfterNStorageEvents(step4, 6); - } + runAfterNStorageEvents(t.step_func(step4), 6); + } - function step4(msg) - { - test(function() { + function step4(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 6); - shouldBeEqualToString(storageEventList[5].key, "FOO"); - shouldBeEqualToString(storageEventList[5].oldValue, "BAR"); + assert_equals(storageEventList[5].key, "FOO"); + assert_equals(storageEventList[5].oldValue, "BAR"); assert_equals(storageEventList[5].newValue, null); - }, name + ": the sixth storage event properties"); - storage.removeItem('FU'); + storage.removeItem('FU'); - runAfterNStorageEvents(step5, 7); - } + runAfterNStorageEvents(t.step_func(step5), 7); + } - function step5(msg) - { - test(function() { + function step5(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 7); - shouldBeEqualToString(storageEventList[6].key, "FU"); - shouldBeEqualToString(storageEventList[6].oldValue, "BAR"); + assert_equals(storageEventList[6].key, "FU"); + assert_equals(storageEventList[6].oldValue, "BAR"); assert_equals(storageEventList[6].newValue, null); - }, name + ": the seventh storage event properties"); - storage.clear(); + storage.clear(); - runAfterNStorageEvents(step6, 8); - } + runAfterNStorageEvents(t.step_func(step6), 8); + } - function step6(msg) - { - test(function() { + function step6(msg) + { if(msg != undefined) { assert_unreached(msg); } @@ -139,10 +102,9 @@ test(function() { assert_equals(storageEventList[7].key, null); assert_equals(storageEventList[7].oldValue, null); assert_equals(storageEventList[7].newValue, null); - }, name + ": the eighth storage event properties"); - - completionCallback(); - } -}, "DOM Storage mutations fire StorageEvents that are caught by the event listener specified as an attribute on the body."); + t.done(); + } + }, storageString + " mutations fire StorageEvents that are caught by the event listener specified as an attribute on the body."); +}); diff --git a/tests/wpt/web-platform-tests/webstorage/event_case_sensitive.js b/tests/wpt/web-platform-tests/webstorage/event_case_sensitive.js index 71be9049042..0b7a9b22a32 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_case_sensitive.js +++ b/tests/wpt/web-platform-tests/webstorage/event_case_sensitive.js @@ -1,54 +1,43 @@ -test(function() { - var name ; - testStorages(runTest); - - function runTest(storageString, callback) - { - name = storageString; - window.completionCallback = callback; - +testStorages(function(storageString) { + async_test(function(t) { assert_true(storageString in window, storageString + " exist"); - window.storage = eval(storageString); + var storage = window[storageString]; + t.add_cleanup(function() { storage.clear() }); storage.clear(); assert_equals(storage.length, 0, "storage.length"); storage.foo = "test"; - runAfterNStorageEvents(step1, 1); - } + runAfterNStorageEvents(t.step_func(step1), 1); - function step1(msg) - { - storageEventList = new Array(); - storage.foo = "test"; + function step1(msg) + { + storageEventList = new Array(); + storage.foo = "test"; - runAfterNStorageEvents(step2, 0); - } + runAfterNStorageEvents(t.step_func(step2), 0); + } - function step2(msg) - { - test(function() { + function step2(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 0); - }, name + ": The key/value does not change, the event is not fired."); - storage.foo = "TEST"; + storage.foo = "TEST"; - runAfterNStorageEvents(step3, 1); - } + runAfterNStorageEvents(t.step_func(step3), 1); + } - function step3(msg) - { - test(function() { + function step3(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 1); - }, name + ": The event is fired when the value case is changed."); - - completionCallback(); - } -}, "storage events fire even when only the case of the value changes."); + t.done(); + } + }, storageString + " storage events fire even when only the case of the value changes."); +}); diff --git a/tests/wpt/web-platform-tests/webstorage/event_local_key.html b/tests/wpt/web-platform-tests/webstorage/event_local_key.html index 44e089f8081..b2e89e25ad9 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_local_key.html +++ b/tests/wpt/web-platform-tests/webstorage/event_local_key.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/local_set_item_clear_iframe.html'); + el.setAttribute('src', 'resources/local_set_item_clear_iframe.html'); document.body.appendChild(el); }, "Local event is fired due to an invocation of the setItem(), clear() methods."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_local_newvalue.html b/tests/wpt/web-platform-tests/webstorage/event_local_newvalue.html index 2f015892e92..67a6a5d218c 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_local_newvalue.html +++ b/tests/wpt/web-platform-tests/webstorage/event_local_newvalue.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/local_change_item_iframe.html'); + el.setAttribute('src', 'resources/local_change_item_iframe.html'); document.body.appendChild(el); }, "Local event is fired due to an invocation of the setItem(), clear() methods."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_local_oldvalue.html b/tests/wpt/web-platform-tests/webstorage/event_local_oldvalue.html index 3d8997aa787..d84d9e0a6e5 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_local_oldvalue.html +++ b/tests/wpt/web-platform-tests/webstorage/event_local_oldvalue.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/local_change_item_iframe.html'); + el.setAttribute('src', 'resources/local_change_item_iframe.html'); document.body.appendChild(el); }, "Local event is fired due to an invocation of the setItem(), clear() methods."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_local_removeitem.html b/tests/wpt/web-platform-tests/webstorage/event_local_removeitem.html index 57d709f3c88..ba911254d59 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_local_removeitem.html +++ b/tests/wpt/web-platform-tests/webstorage/event_local_removeitem.html @@ -37,7 +37,7 @@ t.step(function() { var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/local_set_item_remove_iframe.html'); + el.setAttribute('src', 'resources/local_set_item_remove_iframe.html'); document.body.appendChild(el); }); diff --git a/tests/wpt/web-platform-tests/webstorage/event_local_storagearea.html b/tests/wpt/web-platform-tests/webstorage/event_local_storagearea.html index 4a0fed83186..33788de88a5 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_local_storagearea.html +++ b/tests/wpt/web-platform-tests/webstorage/event_local_storagearea.html @@ -36,7 +36,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/local_set_item_iframe.html'); + el.setAttribute('src', 'resources/local_set_item_iframe.html'); document.body.appendChild(el); }, "Local event is fired due to an invocation of the setItem() method."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_local_url.html b/tests/wpt/web-platform-tests/webstorage/event_local_url.html index a3eb73affff..ec2d04d0d99 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_local_url.html +++ b/tests/wpt/web-platform-tests/webstorage/event_local_url.html @@ -28,7 +28,7 @@ var pos = url.lastIndexOf("/"); if (pos != -1) { url = url.substr(0, pos + 1); - url = url + "iframe/local_set_item_iframe.html"; + url = url + "resources/local_set_item_iframe.html"; } assert_equals(event.url, url); @@ -40,7 +40,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/local_set_item_iframe.html'); + el.setAttribute('src', 'resources/local_set_item_iframe.html'); document.body.appendChild(el); }, "Local event is fired due to an invocation of the setItem() method."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_session_key.html b/tests/wpt/web-platform-tests/webstorage/event_session_key.html index 94482055799..7e628390ffd 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_session_key.html +++ b/tests/wpt/web-platform-tests/webstorage/event_session_key.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/session_set_item_clear_iframe.html'); + el.setAttribute('src', 'resources/session_set_item_clear_iframe.html'); document.body.appendChild(el); }, "Session event is fired due to an invocation of the setItem(), clear() methods."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_session_newvalue.html b/tests/wpt/web-platform-tests/webstorage/event_session_newvalue.html index 0d99168038d..a2824983f1f 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_session_newvalue.html +++ b/tests/wpt/web-platform-tests/webstorage/event_session_newvalue.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/session_change_item_iframe.html'); + el.setAttribute('src', 'resources/session_change_item_iframe.html'); document.body.appendChild(el); }, "Session event is fired due to an invocation of the setItem(), clear() methods."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_session_oldvalue.html b/tests/wpt/web-platform-tests/webstorage/event_session_oldvalue.html index a147da451bd..cd61b45fdcd 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_session_oldvalue.html +++ b/tests/wpt/web-platform-tests/webstorage/event_session_oldvalue.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/session_change_item_iframe.html'); + el.setAttribute('src', 'resources/session_change_item_iframe.html'); document.body.appendChild(el); }, "Session event is fired due to an invocation of the setItem(), clear() methods."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_session_removeitem.html b/tests/wpt/web-platform-tests/webstorage/event_session_removeitem.html index 8d69f2fe450..268cfeb42a0 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_session_removeitem.html +++ b/tests/wpt/web-platform-tests/webstorage/event_session_removeitem.html @@ -37,7 +37,7 @@ t.step(function() { var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/session_set_item_remove_iframe.html'); + el.setAttribute('src', 'resources/session_set_item_remove_iframe.html'); document.body.appendChild(el); }); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_session_storagearea.html b/tests/wpt/web-platform-tests/webstorage/event_session_storagearea.html index 50c16b6a164..023866218c2 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_session_storagearea.html +++ b/tests/wpt/web-platform-tests/webstorage/event_session_storagearea.html @@ -35,7 +35,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/session_set_item_iframe.html'); + el.setAttribute('src', 'resources/session_set_item_iframe.html'); document.body.appendChild(el); }, "Session event is fired due to an invocation of the setItem() method."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_session_url.html b/tests/wpt/web-platform-tests/webstorage/event_session_url.html index 8165cf3c609..9e312a882ee 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_session_url.html +++ b/tests/wpt/web-platform-tests/webstorage/event_session_url.html @@ -28,7 +28,7 @@ var pos = url.lastIndexOf("/"); if (pos != -1) { url = url.substr(0, pos + 1); - url = url + "iframe/session_set_item_iframe.html"; + url = url + "resources/session_set_item_iframe.html"; } assert_equals(event.url, url); @@ -40,7 +40,7 @@ var el = document.createElement("iframe"); el.setAttribute('id', 'ifrm'); - el.setAttribute('src', 'iframe/session_set_item_iframe.html'); + el.setAttribute('src', 'resources/session_set_item_iframe.html'); document.body.appendChild(el); }, "Session event is fired due to an invocation of the setItem() method."); </script> diff --git a/tests/wpt/web-platform-tests/webstorage/event_setattribute.js b/tests/wpt/web-platform-tests/webstorage/event_setattribute.js index 1a56504c1db..a143cd6b2ea 100644 --- a/tests/wpt/web-platform-tests/webstorage/event_setattribute.js +++ b/tests/wpt/web-platform-tests/webstorage/event_setattribute.js @@ -1,138 +1,101 @@ -test(function() { - var name ; - testStorages(runTest); - - function runTest(storageString, callback) - { - name = storageString; - window.completionCallback = callback; - +testStorages(function(storageString) { + async_test(function(t) { assert_true(storageString in window, storageString + " exist"); - window.storage = eval(storageString); + var storage = window[storageString]; + t.add_cleanup(function() { storage.clear() }); storageEventList = new Array(); storage.clear(); assert_equals(storage.length, 0, "storage.length"); - iframe.onload = step1; - iframe.src = "iframe/event_setattribute_handler.html"; - } - - function step1(msg) - { - storageEventList = new Array(); - storage.setItem('FOO', 'BAR'); + iframe.onload = t.step_func(step1); + iframe.src = "resources/event_setattribute_handler.html"; - runAfterNStorageEvents(step2, 1); - } + function step1(msg) + { + storageEventList = new Array(); + storage.setItem('FOO', 'BAR'); - function shouldBeEqualToString(express, expectValue) { - assert_equals(typeof express, "string"); - assert_equals(express, expectValue); - } + runAfterNStorageEvents(t.step_func(step2), 1); + } - function step2(msg) - { - test(function() { + function step2(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 1); - shouldBeEqualToString(storageEventList[0].key, "FOO"); + assert_equals(storageEventList[0].key, "FOO"); assert_equals(storageEventList[0].oldValue, null); - shouldBeEqualToString(storageEventList[0].newValue, "BAR"); - }, name + ": the first storage event properties"); + assert_equals(storageEventList[0].newValue, "BAR"); - storage.setItem('FU', 'BAR'); - storage.setItem('a', '1'); - storage.setItem('b', '2'); - storage.setItem('b', '3'); + storage.setItem('FU', 'BAR'); + storage.setItem('a', '1'); + storage.setItem('b', '2'); + storage.setItem('b', '3'); - runAfterNStorageEvents(step3, 5); - } + runAfterNStorageEvents(t.step_func(step3), 5); + } - function step3(msg) - { - test(function() { + function step3(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 5); - shouldBeEqualToString(storageEventList[1].key, "FU"); + assert_equals(storageEventList[1].key, "FU"); assert_equals(storageEventList[1].oldValue, null); - shouldBeEqualToString(storageEventList[1].newValue, "BAR"); - }, name + ": the second storage event properties"); + assert_equals(storageEventList[1].newValue, "BAR"); - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[2].key, "a"); + assert_equals(storageEventList[2].key, "a"); assert_equals(storageEventList[2].oldValue, null); - shouldBeEqualToString(storageEventList[2].newValue, "1"); - }, name + ": the third storage event properties"); + assert_equals(storageEventList[2].newValue, "1"); - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[3].key, "b"); + assert_equals(storageEventList[3].key, "b"); assert_equals(storageEventList[3].oldValue, null); - shouldBeEqualToString(storageEventList[3].newValue, "2"); - }, name + ": the forth storage event properties"); - - test(function() { - if(msg != undefined) { - assert_unreached(msg); - } - shouldBeEqualToString(storageEventList[4].key, "b"); - shouldBeEqualToString(storageEventList[4].oldValue, "2"); - shouldBeEqualToString(storageEventList[4].newValue, "3"); - }, name + ": the fifth storage event properties"); + assert_equals(storageEventList[3].newValue, "2"); + assert_equals(storageEventList[4].key, "b"); + assert_equals(storageEventList[4].oldValue, "2"); + assert_equals(storageEventList[4].newValue, "3"); - storage.removeItem('FOO'); + storage.removeItem('FOO'); - runAfterNStorageEvents(step4, 6); - } + runAfterNStorageEvents(t.step_func(step4), 6); + } - function step4(msg) - { - test(function() { + function step4(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 6); - shouldBeEqualToString(storageEventList[5].key, "FOO"); - shouldBeEqualToString(storageEventList[5].oldValue, "BAR"); + assert_equals(storageEventList[5].key, "FOO"); + assert_equals(storageEventList[5].oldValue, "BAR"); assert_equals(storageEventList[5].newValue, null); - }, name + ": the sixth storage event properties"); - storage.removeItem('FU'); + storage.removeItem('FU'); - runAfterNStorageEvents(step5, 7); - } + runAfterNStorageEvents(t.step_func(step5), 7); + } - function step5(msg) - { - test(function() { + function step5(msg) + { if(msg != undefined) { assert_unreached(msg); } assert_equals(storageEventList.length, 7); - shouldBeEqualToString(storageEventList[6].key, "FU"); - shouldBeEqualToString(storageEventList[6].oldValue, "BAR"); + assert_equals(storageEventList[6].key, "FU"); + assert_equals(storageEventList[6].oldValue, "BAR"); assert_equals(storageEventList[6].newValue, null); - }, name + ": the seventh storage event properties"); - storage.clear(); + storage.clear(); - runAfterNStorageEvents(step6, 8); - } + runAfterNStorageEvents(t.step_func(step6), 8); + } - function step6(msg) - { - test(function() { + function step6(msg) + { if(msg != undefined) { assert_unreached(msg); } @@ -140,10 +103,9 @@ test(function() { assert_equals(storageEventList[7].key, null); assert_equals(storageEventList[7].oldValue, null); assert_equals(storageEventList[7].newValue, null); - }, name + ": the eighth storage event properties"); - - completionCallback(); - } -}, "DOM Storage mutations fire StorageEvents that are caught by the event listener attached via setattribute."); + t.done(); + } + }, storageString + " mutations fire StorageEvents that are caught by the event listener attached via setattribute."); +}); diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/event_body_handler.html b/tests/wpt/web-platform-tests/webstorage/resources/event_body_handler.html index 1200f405e67..1200f405e67 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/event_body_handler.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/event_body_handler.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/event_setattribute_handler.html b/tests/wpt/web-platform-tests/webstorage/resources/event_setattribute_handler.html index f5d6f8a06ff..f5d6f8a06ff 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/event_setattribute_handler.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/event_setattribute_handler.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/local_change_item_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/local_change_item_iframe.html index 17be8fb26e0..17be8fb26e0 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/local_change_item_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/local_change_item_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/local_set_item_clear_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/local_set_item_clear_iframe.html index 742b7dad1a3..742b7dad1a3 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/local_set_item_clear_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/local_set_item_clear_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/local_set_item_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/local_set_item_iframe.html index 0693824e5db..0693824e5db 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/local_set_item_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/local_set_item_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/local_set_item_remove_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/local_set_item_remove_iframe.html index 7a4962f8e58..7a4962f8e58 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/local_set_item_remove_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/local_set_item_remove_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/session_change_item_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/session_change_item_iframe.html index 1e1867e51ec..1e1867e51ec 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/session_change_item_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/session_change_item_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/session_set_item_clear_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/session_set_item_clear_iframe.html index 7deaa9b17c5..7deaa9b17c5 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/session_set_item_clear_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/session_set_item_clear_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/session_set_item_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/session_set_item_iframe.html index de844cca453..de844cca453 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/session_set_item_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/session_set_item_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/iframe/session_set_item_remove_iframe.html b/tests/wpt/web-platform-tests/webstorage/resources/session_set_item_remove_iframe.html index d2cad3cd464..d2cad3cd464 100644 --- a/tests/wpt/web-platform-tests/webstorage/iframe/session_set_item_remove_iframe.html +++ b/tests/wpt/web-platform-tests/webstorage/resources/session_set_item_remove_iframe.html diff --git a/tests/wpt/web-platform-tests/webstorage/resources/storage_local_window_open_second.html b/tests/wpt/web-platform-tests/webstorage/resources/storage_local_window_open_second.html new file mode 100644 index 00000000000..3c8405adcf0 --- /dev/null +++ b/tests/wpt/web-platform-tests/webstorage/resources/storage_local_window_open_second.html @@ -0,0 +1,36 @@ +<!DOCTYPE HTML> +<html> +<head> +<title>WebStorage Test: localStorage - second page</title> +</head> +<body> +<script> + +var storage = window.localStorage; + +var assertions = []; + +assertions.push({ + actual: storage.getItem("FOO"), + expected: "BAR", + message: "storage.getItem('FOO')" +}); + +storage.setItem("FOO", "BAR-NEWWINDOW"); + +assertions.push({ + actual: storage.getItem("FOO"), + expected: "BAR-NEWWINDOW", + message: "value for FOO after changing" +}); +assertions.push({ + actual: window.opener.localStorage.getItem("FOO"), + expected: "BAR-NEWWINDOW", + message: "value for FOO in my opening window" +}); + +window.opener.postMessage(assertions, '*'); + +</script> +</body> +</html> diff --git a/tests/wpt/web-platform-tests/webstorage/resources/storage_session_window_open_second.html b/tests/wpt/web-platform-tests/webstorage/resources/storage_session_window_open_second.html new file mode 100644 index 00000000000..bc134af32b1 --- /dev/null +++ b/tests/wpt/web-platform-tests/webstorage/resources/storage_session_window_open_second.html @@ -0,0 +1,36 @@ +<!DOCTYPE HTML> +<html> +<head> +<title>WebStorage Test: sessionStorage - second page</title> +</head> +<body> +<script> + +var storage = window.sessionStorage; + +var assertions = []; + +assertions.push({ + actual: storage.getItem("FOO"), + expected: "BAR", + message: "storage.getItem('FOO')" +}); + +storage.setItem("FOO", "BAR-NEWWINDOW"); + +assertions.push({ + actual: storage.getItem("FOO"), + expected: "BAR-NEWWINDOW", + message: "value for FOO after changing" +}); +assertions.push({ + actual: window.opener.sessionStorage.getItem("FOO"), + expected: "BAR", + message: "value for FOO in my opening window" +}); + +window.opener.postMessage(assertions, '*'); + +</script> +</body> +</html> diff --git a/tests/wpt/web-platform-tests/webstorage/storage_functions_not_overwritten.html b/tests/wpt/web-platform-tests/webstorage/storage_functions_not_overwritten.html index dd67f17ac07..47608b9864f 100644 --- a/tests/wpt/web-platform-tests/webstorage/storage_functions_not_overwritten.html +++ b/tests/wpt/web-platform-tests/webstorage/storage_functions_not_overwritten.html @@ -23,20 +23,15 @@ storage.setItem("setItem", "true"); } - function shouldBeEqualToString(express, expectValue) { - assert_equals(typeof express, "string"); - assert_equals(express, expectValue); - } - function runTest() { doWedgeThySelf(); - shouldBeEqualToString(storage.getItem('clear'), "almost"); - shouldBeEqualToString(storage.getItem('key'), "too"); - shouldBeEqualToString(storage.getItem('getItem'), "funny"); - shouldBeEqualToString(storage.getItem('removeItem'), "to"); - shouldBeEqualToString(storage.getItem('length'), "be"); - shouldBeEqualToString(storage.getItem('setItem'), "true"); + assert_equals(storage.getItem('clear'), "almost"); + assert_equals(storage.getItem('key'), "too"); + assert_equals(storage.getItem('getItem'), "funny"); + assert_equals(storage.getItem('removeItem'), "to"); + assert_equals(storage.getItem('length'), "be"); + assert_equals(storage.getItem('setItem'), "true"); // Test to see if an exception is thrown for any of the built in // functions. diff --git a/tests/wpt/web-platform-tests/webstorage/storage_local_setitem_quotaexceedederr.html b/tests/wpt/web-platform-tests/webstorage/storage_local_setitem_quotaexceedederr.html index 8258a011542..b547f3046d1 100644 --- a/tests/wpt/web-platform-tests/webstorage/storage_local_setitem_quotaexceedederr.html +++ b/tests/wpt/web-platform-tests/webstorage/storage_local_setitem_quotaexceedederr.html @@ -15,12 +15,12 @@ var index = 0; var key = "name"; - var val = "user"; + var val = "x".repeat(1024); assert_throws("QUOTA_EXCEEDED_ERR", function() { while (true) { index++; - localStorage.setItem("" + key + index, "" + index); + localStorage.setItem("" + key + index, "" + val + index); } }); diff --git a/tests/wpt/web-platform-tests/webstorage/storage_local_window_open.html b/tests/wpt/web-platform-tests/webstorage/storage_local_window_open.html index e5625927bcd..867b3195911 100644 --- a/tests/wpt/web-platform-tests/webstorage/storage_local_window_open.html +++ b/tests/wpt/web-platform-tests/webstorage/storage_local_window_open.html @@ -9,19 +9,23 @@ <div id="log"></div> <script> - test(function() { - assert_true("localStorage" in window, "localStorage exist"); +async_test(function(t) { - var storage = window.localStorage; - storage.clear(); + var storage = window.localStorage; + storage.clear(); - storage.setItem("FOO", "BAR"); - assert_equals(storage.getItem("FOO"), "BAR", "storage.getItem('FOO')"); - window.open("storage_local_window_open_second.html"); + storage.setItem("FOO", "BAR"); + var win = window.open("resources/storage_local_window_open_second.html"); + window.addEventListener('message', t.step_func(function(e) { + e.data.forEach(t.step_func(function(assertion) { + assert_equals(assertion.actual, assertion.expected, assertion.message); + })); + win.close(); + t.done(); + })); - }, "A new window to make sure there is a copy of the previous window's localStorage, and that they diverge after a change"); +}, "A new window to make sure there is a copy of the previous window's localStorage, and that they do not diverge after a change"); </script> </body> </html> - diff --git a/tests/wpt/web-platform-tests/webstorage/storage_local_window_open_second.html b/tests/wpt/web-platform-tests/webstorage/storage_local_window_open_second.html deleted file mode 100644 index 15ce2f34e52..00000000000 --- a/tests/wpt/web-platform-tests/webstorage/storage_local_window_open_second.html +++ /dev/null @@ -1,27 +0,0 @@ -<!DOCTYPE HTML> -<html> -<head> -<title>WebStorage Test: localStorage - second page</title> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -</head> -<body> -<div id="log"></div> -<script> - test(function() { - assert_true("localStorage" in window, "localStorage exist"); - - var storage = window.localStorage; - - assert_equals(storage.getItem("FOO"), "BAR", "storage.getItem('FOO')"); - storage.setItem("FOO", "BAR-NEWWINDOW"); - assert_equals(storage.getItem("FOO"), "BAR-NEWWINDOW", "value for FOO after changing"); - - assert_equals(window.opener.localStorage.getItem("FOO"), "BAR-NEWWINDOW", "value for FOO in my opening window"); - - }, "A new window to make sure there is a copy of the previous window's localStorage, and that they diverge after a change"); - -</script> -</body> -</html> - diff --git a/tests/wpt/web-platform-tests/webstorage/storage_session_setitem_quotaexceedederr.html b/tests/wpt/web-platform-tests/webstorage/storage_session_setitem_quotaexceedederr.html index d78b29ebdc4..285a4bea2b5 100644 --- a/tests/wpt/web-platform-tests/webstorage/storage_session_setitem_quotaexceedederr.html +++ b/tests/wpt/web-platform-tests/webstorage/storage_session_setitem_quotaexceedederr.html @@ -15,12 +15,12 @@ var index = 0; var key = "name"; - var val = "user"; + var val = "x".repeat(1024); assert_throws("QUOTA_EXCEEDED_ERR", function() { while (true) { index++; - sessionStorage.setItem("" + key + index, "" + index); + sessionStorage.setItem("" + key + index, "" + val + index); } }); diff --git a/tests/wpt/web-platform-tests/webstorage/storage_session_window_open.html b/tests/wpt/web-platform-tests/webstorage/storage_session_window_open.html index d8016e91372..3dea721e9d0 100644 --- a/tests/wpt/web-platform-tests/webstorage/storage_session_window_open.html +++ b/tests/wpt/web-platform-tests/webstorage/storage_session_window_open.html @@ -9,18 +9,23 @@ <div id="log"></div> <script> - test(function() { - assert_true("sessionStorage" in window, "sessionStorage exist"); +async_test(function(t) { - var storage = window.sessionStorage; + var storage = window.sessionStorage; + storage.clear(); - storage.setItem("FOO", "BAR"); - assert_equals(storage.getItem("FOO"), "BAR", "storage.getItem('FOO')"); - window.open("storage_session_window_open_second.html"); + storage.setItem("FOO", "BAR"); + var win = window.open("resources/storage_session_window_open_second.html"); + window.addEventListener('message', t.step_func(function(e) { + e.data.forEach(t.step_func(function(assertion) { + assert_equals(assertion.actual, assertion.expected, assertion.message); + })); + win.close(); + t.done(); + })); - }, "A new window to make sure there is a copy of the previous window's sessionStorage, and that they diverge after a change"); +}, "A new window to make sure there is a copy of the previous window's sessionStorage, and that they diverge after a change"); </script> </body> </html> - diff --git a/tests/wpt/web-platform-tests/webstorage/storage_session_window_open_second.html b/tests/wpt/web-platform-tests/webstorage/storage_session_window_open_second.html deleted file mode 100644 index 3e241f4b3c2..00000000000 --- a/tests/wpt/web-platform-tests/webstorage/storage_session_window_open_second.html +++ /dev/null @@ -1,27 +0,0 @@ -<!DOCTYPE HTML> -<html> -<head> -<title>WebStorage Test: sessionStorage - second page</title> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -</head> -<body> -<div id="log"></div> -<script> - test(function() { - assert_true("sessionStorage" in window, "sessionStorage exist"); - - var storage = window.sessionStorage; - - assert_equals(storage.getItem("FOO"), "BAR", "storage.getItem('FOO')"); - storage.setItem("FOO", "BAR-NEWWINDOW"); - assert_equals(storage.getItem("FOO"), "BAR-NEWWINDOW", "value for FOO after changing"); - - assert_equals(window.opener.sessionStorage.getItem("FOO"), "BAR", "value for FOO in my opening window"); - - }, "A new window to make sure there is a copy of the previous window's sessionStorage, and that they diverge after a change"); - -</script> -</body> -</html> - diff --git a/tests/wpt/web-platform-tests/webstorage/storage_string_conversion.html b/tests/wpt/web-platform-tests/webstorage/storage_string_conversion.html index 66b7d90a66c..518b27521c4 100644 --- a/tests/wpt/web-platform-tests/webstorage/storage_string_conversion.html +++ b/tests/wpt/web-platform-tests/webstorage/storage_string_conversion.html @@ -17,31 +17,26 @@ assert_equals(storage.length, 0); - function shouldBeEqualToString(express, expectValue) { - assert_equals(typeof express, "string"); - assert_equals(express, expectValue); - } - storage.a = null; - shouldBeEqualToString(storage.a, "null"); + assert_equals(storage.a, "null"); storage.b = 0; - shouldBeEqualToString(storage.b, "0"); + assert_equals(storage.b, "0"); storage.c = function(){}; - shouldBeEqualToString(storage.c, "function (){}"); + assert_equals(storage.c, "function (){}"); storage.setItem('d', null); - shouldBeEqualToString(storage.d, "null"); + assert_equals(storage.d, "null"); storage.setItem('e', 0); - shouldBeEqualToString(storage.e, "0"); + assert_equals(storage.e, "0"); storage.setItem('f', function(){}); - shouldBeEqualToString(storage.f, "function (){}"); + assert_equals(storage.f, "function (){}"); storage['g'] = null; - shouldBeEqualToString(storage.g, "null"); + assert_equals(storage.g, "null"); storage['h'] = 0; - shouldBeEqualToString(storage.h, "0"); + assert_equals(storage.h, "0"); storage['i'] = function(){}; - shouldBeEqualToString(storage.f, "function (){}"); + assert_equals(storage.f, "function (){}"); }, name + " only stores strings"); }); |
