--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/mozilla/assertTrue.php Thu May 03 15:33:34 2012 -0700
@@ -0,0 +1,18 @@
+<?php
+
+//Prevent Caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+header("Content-Type: text/javascript");
+
+ print("(function () { if(typeof " . $_GET["varName"] . "=='undefined') {
+ test(function() {assert_true(true)}, \"assert_true with unsafeScript\");
+ } else{
+ test(function() {assert_true(" . $_GET["varName"] . ")}, \"assert_true with unsafeScript defined when it shouldn't be\");
+ } })();");
+
+?>
+
--- a/tests/csp/submitted/mozilla/csp-inline-script.php Thu May 03 15:30:50 2012 -0700
+++ b/tests/csp/submitted/mozilla/csp-inline-script.php Thu May 03 15:33:34 2012 -0700
@@ -1,14 +1,22 @@
<?php
-header("X-WebKit-CSP: script-src 'self'");
-header("X-Content-Seucurity-Policy: script-src 'self'");
-header("Content-Seucurity-Policy: script-src 'self'");
+ header("X-WebKit-CSP: default-src 'self'");
+ header("X-Content-Security-Policy: default-src 'self'");
+ header("Content-Security-Policy: default-src 'self'");
?>
-
<html>
<head>
-<title> No line script </title>
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+ <meta description="Content-Security-Policy Test: default-src: *" />
+ <link rel="author" title="tanvi@mozilla.com" />
+ <title> No inline script </title>
+ <script src="http://www.w3c-test.org/resources/testharness.js"></script>
+ <script src="http://www.w3c-test.org/resources/testharnessreport.js"></script>
</head>
<body>
-<script>alert(foo);</script>
+ <div id=log></div>
+ <script>
+ unsafeScript=false;
+ </script>
+ <script src="assertTrue.php?varName=unsafeScript"></script>
</body>