Converted to CGI/trying to resolve hg weirdness testJam
authorpuhley
Thu, 03 May 2012 13:48:05 -0700
branchtestJam
changeset 36 b8f4e6a8c488
parent 35 7659e798cbc2 (current diff)
parent 32 64c4e567b377 (diff)
child 37 5d921418dedc
Converted to CGI/trying to resolve hg weirdness
tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js
tests/cors/submitted/webkit/access-control-basic-allow-star.js
tests/cors/submitted/webkit/access-control-basic-allow.js
tests/cors/submitted/webkit/access-control-basic-denied.js
tests/cors/submitted/webkit/cors-tests.html
tests/cors/submitted/webkit/log.js
tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.php
tests/cors/submitted/webkit/resources/access-control-basic-allow-star.php
tests/cors/submitted/webkit/resources/access-control-basic-allow.php
tests/cors/submitted/webkit/resources/access-control-basic-denied.php
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/access-control-basic-allow-access-control-origin-header.js	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,25 @@
+var accessControlBasicAllowAccessControlOriginHeader = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-access-control-origin-header.php", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    try {
+        xhr.send();
+	assert_true(true);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+
+test(accessControlBasicAllowAccessControlOriginHeader, "access-control-basic-allow-access-control-origin-header")
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/access-control-basic-allow-star.js	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,27 @@
+var accessControlBasicAllowStar = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-star.php", false);
+
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        return;
+    }
+
+    try {
+        xhr.send();
+        console.log(xhr.responseText);
+        assert_equals(xhr.responseText,"PASS: Cross-domain access allowed.", "test for cross domain" );
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+
+test(accessControlBasicAllowStar, "access-control-basic-allow-star")
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/access-control-basic-allow.js	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,28 @@
+var accessControlBasicAllow = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow.php", false);
+
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    try {
+        xhr.send();
+        console.log(xhr.responseText);
+        assert_equals(xhr.responseText,"PASS: Cross-domain access allowed.", "test for cross domain" );
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    //log(xhr.responseText);
+};
+
+test(accessControlBasicAllow, "access-control-basic-allow")
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/access-control-basic-denied.js	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,25 @@
+var accessControlBasicDenied = function() {
+    var xhr = new XMLHttpRequest;
+    var path = "/webappsec/tests/cors/submitted/webkit";
+
+    try {
+        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-denied.php", false);
+    } catch(e) {
+        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
+        assert_true(false);
+        return;
+    }
+
+    try {
+        xhr.send();
+        assert_true(false);
+    } catch(e) {
+        assert_true(true);
+        //log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
+        return;
+    }
+
+    log(xhr.responseText);
+};
+
+test(accessControlBasicDenied, "access-control-basic-denied")
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/cors-tests.html	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,17 @@
+<html>
+<body>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+<pre id='console'></pre>
+ <script src="/webappsec/tests/cors/submitted/webkit/log.js"></script>
+<h2>W3C WebAppSec Cross-Origin Resource Sharing</h2>
+<a href="http://www.w3.org/TR/cors"> http://www.w3.org/TR/cors/</a>
+<!-- <h3>Test suite compliant with working draft 3 April 2012</h3> -->
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-star.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-denied.js"></script>
+ <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js"></script>
+<div  id=log></div>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/log.js	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,5 @@
+function log(message)
+{
+    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/resources/access-control-basic-allow-access-control-origin-header.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,7 @@
+<?php
+header("Content-Type: text/plain");
+header("Cache-Control: no-cache, no-store\n");
+header("Access-Control-Allow-Origin: *\n\n");
+echo "PASS: Cross-domain access allowed.";
+echo "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
+?>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/resources/access-control-basic-allow-star.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,5 @@
+<?php
+header("Content-Type: text/plain");
+header("Access-Control-Allow-Origin: *\n\n");
+echo "PASS: Cross-domain access allowed.";
+?>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/resources/access-control-basic-allow.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,6 @@
+<?php
+header("Content-Type: text/plain");
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Origin: http://www.w3c-test.org\n\n");
+echo "PASS: Cross-domain access allowed.";
+?>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/cors/submitted/cors1.0/resources/access-control-basic-denied.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,4 @@
+<?php
+header("Content-Type: text/plain");
+echo "FAIL: Cross-domain access allowed.";
+?>
\ No newline at end of file
--- a/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-var accessControlBasicAllowAccessControlOriginHeader = function() {
-    var xhr = new XMLHttpRequest;
-    var path = "/webappsec/tests/cors/submitted/webkit";
-
-    try {
-        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-access-control-origin-header.php", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        assert_true(false);
-        return;
-    }
-
-    try {
-        xhr.send();
-	assert_true(true);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        assert_true(false);
-        return;
-    }
-
-    //log(xhr.responseText);
-};
-
-test(accessControlBasicAllowAccessControlOriginHeader, "access-control-basic-allow-access-control-origin-header")
--- a/tests/cors/submitted/webkit/access-control-basic-allow-star.js	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-var accessControlBasicAllowStar = function() {
-    var xhr = new XMLHttpRequest;
-    var path = "/webappsec/tests/cors/submitted/webkit";
-
-    try {
-        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow-star.php", false);
-
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        return;
-    }
-
-    try {
-        xhr.send();
-        console.log(xhr.responseText);
-        assert_equals(xhr.responseText,"PASS: Cross-domain access allowed.", "test for cross domain" );
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        assert_true(false);
-        return;
-    }
-
-    //log(xhr.responseText);
-};
-
-test(accessControlBasicAllowStar, "access-control-basic-allow-star")
-
--- a/tests/cors/submitted/webkit/access-control-basic-allow.js	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-var accessControlBasicAllow = function() {
-    var xhr = new XMLHttpRequest;
-    var path = "/webappsec/tests/cors/submitted/webkit";
-
-    try {
-        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-allow.php", false);
-
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        assert_true(false);
-        return;
-    }
-
-    try {
-        xhr.send();
-        console.log(xhr.responseText);
-        assert_equals(xhr.responseText,"PASS: Cross-domain access allowed.", "test for cross domain" );
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'send'. [" + e.message + "].");
-        assert_true(false);
-        return;
-    }
-
-    //log(xhr.responseText);
-};
-
-test(accessControlBasicAllow, "access-control-basic-allow")
-
--- a/tests/cors/submitted/webkit/access-control-basic-denied.js	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-var accessControlBasicDenied = function() {
-    var xhr = new XMLHttpRequest;
-    var path = "/webappsec/tests/cors/submitted/webkit";
-
-    try {
-        xhr.open("GET", "http://www1.w3c-test.org" + path + "/resources/access-control-basic-denied.php", false);
-    } catch(e) {
-        log("FAIL: Exception thrown. Cross-domain access is not allowed in 'open'. [" + e.message + "].");
-        assert_true(false);
-        return;
-    }
-
-    try {
-        xhr.send();
-        assert_true(false);
-    } catch(e) {
-        assert_true(true);
-        //log("PASS: Exception thrown. Cross-domain access was denied in 'send'. [" + e.message + "].");
-        return;
-    }
-
-    log(xhr.responseText);
-};
-
-test(accessControlBasicDenied, "access-control-basic-denied")
--- a/tests/cors/submitted/webkit/cors-tests.html	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-<html>
-<body>
- <script src="/resources/testharness.js"></script>
- <script src="/resources/testharnessreport.js"></script>
-
-<pre id='console'></pre>
- <script src="/webappsec/tests/cors/submitted/webkit/log.js"></script>
-<h2>W3C WebAppSec Cross-Origin Resource Sharing</h2>
-<a href="http://www.w3.org/TR/cors"> http://www.w3.org/TR/cors/</a>
-<!-- <h3>Test suite compliant with working draft 3 April 2012</h3> -->
- <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow.js"></script>
- <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-star.js"></script>
- <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-denied.js"></script>
- <script src="/webappsec/tests/cors/submitted/webkit/access-control-basic-allow-access-control-origin-header.js"></script>
-<div  id=log></div>
-</body>
-</html>
--- a/tests/cors/submitted/webkit/log.js	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-function log(message)
-{
-    document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
-}
-
--- a/tests/cors/submitted/webkit/resources/access-control-basic-allow-access-control-origin-header.php	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-<?php
-header("Content-Type: text/plain");
-header("Cache-Control: no-cache, no-store\n");
-header("Access-Control-Allow-Origin: *\n\n");
-echo "PASS: Cross-domain access allowed.";
-echo "HTTP_ORIGIN: " . $ENV{"HTTP_ORIGIN"} . "\n";
-?>
\ No newline at end of file
--- a/tests/cors/submitted/webkit/resources/access-control-basic-allow-star.php	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-<?php
-header("Content-Type: text/plain");
-header("Access-Control-Allow-Origin: *\n\n");
-echo "PASS: Cross-domain access allowed.";
-?>
\ No newline at end of file
--- a/tests/cors/submitted/webkit/resources/access-control-basic-allow.php	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-<?php
-header("Content-Type: text/plain");
-header("Access-Control-Allow-Credentials: true");
-header("Access-Control-Allow-Origin: http://www.w3c-test.org\n\n");
-echo "PASS: Cross-domain access allowed.";
-?>
\ No newline at end of file
--- a/tests/cors/submitted/webkit/resources/access-control-basic-denied.php	Thu May 03 13:38:05 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
-<?php
-header("Content-Type: text/plain");
-echo "FAIL: Cross-domain access allowed.";
-?>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/mozilla/csp-inline-script.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,14 @@
+<?php
+header("X-WebKit-CSP: script-src 'self'");
+header("X-Content-Seucurity-Policy: script-src 'self'");
+header("Content-Seucurity-Policy: script-src 'self'");
+?>
+
+<html>
+<head>
+<title> No line script </title>
+</head>
+
+<body>
+<script>alert(foo);</script>
+</body>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/webkit/CSP_default-src-inline-allowed.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,25 @@
+<?php
+header("Content-Security-Policy: default-src 'self' about: 'unsafe-inline'");
+header("X-Content-Security-Policy: default-src 'self' about: 'unsafe-inline'");
+header("X-WebKit-CSP: default-src 'self' about: 'unsafe-inline'");
+?>
+<!DOCTYPE html>
+<html>
+<head>
+<title>CSP Test: default-src 'self' about: 'unsafe-inline'</title>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+<meta descriptionn="Content-Security-Policy Test: default-src 'self' about: 'unsafe-inline'" />
+<link rel="author" title="abarth" />
+<script src="http://www.w3c-test.org/resources/testharness.js"></script>
+<script src="http://www.w3c-test.org/resources/testharnessreport.js"></script>
+</head>
+<div id="log"></div>
+<script>
+test(function() {assert_true(true)}, 'Inline scripts run (1 of 3)');
+</script>
+<iframe style="display:none" src="javascript:parent.test(function() {parent.assert_true(true)}, 'JavaScript URLs run (2 of 3)');"></iframe>
+<img style="display:none"
+     onerror="test(function() {assert_true(true)}, 'Inline event handlers run (3 of 3)')"
+     src="about:blank">
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/webkit/CSP_default-src-inline-blocked.php	Thu May 03 13:48:05 2012 -0700
@@ -0,0 +1,26 @@
+<?php
+header("Content-Security-Policy: default-src 'self'");
+header("X-Content-Security-Policy: default-src 'self'");
+header("X-WebKit-CSP: default-src 'self'");
+?>
+<!DOCTYPE html>
+<html>
+<head>
+<title>CSP Test: default-src 'self' about: 'unsafe-inline'</title>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+<meta descriptionn="Content-Security-Policy Test: default-src 'self' about: 'unsafe-inline'" />
+<link rel="author" title="abarth" />
+<script src="http://www.w3c-test.org/resources/testharness.js"></script>
+<script src="http://www.w3c-test.org/resources/testharnessreport.js"></script>
+</head>
+<div id="log"></div>
+<script src="resources/pass.js"></script>
+<script>
+test(function() {assert_true(false)}, 'Inline scripts run (1 of 3)');
+</script>
+<iframe style="display:none" src="javascript:parent.test(function() {parent.assert_true(false)}, 'JavaScript URLs run (2 of 3)');"></iframe>
+<img style="display:none"
+     onerror="test(function() {assert_true(false)}, 'Inline event handlers run (3 of 3)')"
+     src="about:blank">
+</body>
+</html>