Mercurial > hg > webappsec / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset
had to manually merge during pull testJam
authorGopal Raghavan <gopal.raghavan@nokia.com>
Wed, 02 May 2012 18:49:13 -0700
branchtestJam
changeset 32 64c4e567b377
parent 31 39c98e34095c (current diff)
parent 30 c781ed9506ae (diff)
child 36 b8f4e6a8c488
child 40 aa576c61296a
had to manually merge during pull 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/mozilla/csp-inline-script.php	Wed May 02 18:49:13 2012 -0700
@@ -0,0 +1,14 @@
+<?php
+header("X-WebKit-CSP: script-src 'self'");
+header("X-Content-Seucurity-Policy: script-src 'self'");
+header("Content-Seucurity-Policy: script-src 'self'");
+?>
+
+<html>
+<head>
+<title> No line script </title>
+</head>
+
+<body>
+<script>alert(foo);</script>
+</body>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/webkit/CSP_default-src-inline-allowed.php	Wed May 02 18:49:13 2012 -0700
@@ -0,0 +1,25 @@
+<?php
+header("Content-Security-Policy: default-src 'self' about: 'unsafe-inline'");
+header("X-Content-Security-Policy: default-src 'self' about: 'unsafe-inline'");
+header("X-WebKit-CSP: default-src 'self' about: 'unsafe-inline'");
+?>
+<!DOCTYPE html>
+<html>
+<head>
+<title>CSP Test: default-src 'self' about: 'unsafe-inline'</title>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+<meta descriptionn="Content-Security-Policy Test: default-src 'self' about: 'unsafe-inline'" />
+<link rel="author" title="abarth" />
+<script src="http://www.w3c-test.org/resources/testharness.js"></script>
+<script src="http://www.w3c-test.org/resources/testharnessreport.js"></script>
+</head>
+<div id="log"></div>
+<script>
+test(function() {assert_true(true)}, 'Inline scripts run (1 of 3)');
+</script>
+<iframe style="display:none" src="javascript:parent.test(function() {parent.assert_true(true)}, 'JavaScript URLs run (2 of 3)');"></iframe>
+<img style="display:none"
+     onerror="test(function() {assert_true(true)}, 'Inline event handlers run (3 of 3)')"
+     src="about:blank">
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/csp/submitted/webkit/CSP_default-src-inline-blocked.php	Wed May 02 18:49:13 2012 -0700
@@ -0,0 +1,26 @@
+<?php
+header("Content-Security-Policy: default-src 'self'");
+header("X-Content-Security-Policy: default-src 'self'");
+header("X-WebKit-CSP: default-src 'self'");
+?>
+<!DOCTYPE html>
+<html>
+<head>
+<title>CSP Test: default-src 'self' about: 'unsafe-inline'</title>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+<meta descriptionn="Content-Security-Policy Test: default-src 'self' about: 'unsafe-inline'" />
+<link rel="author" title="abarth" />
+<script src="http://www.w3c-test.org/resources/testharness.js"></script>
+<script src="http://www.w3c-test.org/resources/testharnessreport.js"></script>
+</head>
+<div id="log"></div>
+<script src="resources/pass.js"></script>
+<script>
+test(function() {assert_true(false)}, 'Inline scripts run (1 of 3)');
+</script>
+<iframe style="display:none" src="javascript:parent.test(function() {parent.assert_true(false)}, 'JavaScript URLs run (2 of 3)');"></iframe>
+<img style="display:none"
+     onerror="test(function() {assert_true(false)}, 'Inline event handlers run (3 of 3)')"
+     src="about:blank">
+</body>
+</html>
webappsec

Hosted by W3C Systems Team, please report bugs to sysreq@w3.org