mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 05:41:12 +00:00
Bug 1316826 - Test for JS URLs and strict-dynamic. r=dveditz
MozReview-Commit-ID: EKmYoZbap25
This commit is contained in:
parent
76e256d114
commit
29efcb86ac
15
dom/security/test/csp/file_strict_dynamic_js_url.html
Normal file
15
dom/security/test/csp/file_strict_dynamic_js_url.html
Normal file
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1316826 - 'strict-dynamic' blocking DOM event handlers</title>
|
||||
</head>
|
||||
<body>
|
||||
<div id="testdiv">blocked</div>
|
||||
|
||||
<a id="jslink" href='javascript:document.getElementById("testdiv").innerHTML = "allowed"'>click me</a>
|
||||
<script nonce="foo">
|
||||
document.getElementById("jslink").click();
|
||||
</script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -189,6 +189,7 @@ support-files =
|
||||
file_upgrade_insecure_docwrite_iframe.sjs
|
||||
file_data-uri_blocked.html
|
||||
file_data-uri_blocked.html^headers^
|
||||
file_strict_dynamic_js_url.html
|
||||
file_strict_dynamic_script_events.html
|
||||
file_strict_dynamic_script_events_xbl.html
|
||||
file_strict_dynamic_script_inline.html
|
||||
|
@ -84,7 +84,13 @@ var tests = [
|
||||
result: "blocked",
|
||||
file: "file_strict_dynamic_script_events_xbl.html",
|
||||
policy: "script-src 'strict-dynamic' 'nonce-foo'"
|
||||
}
|
||||
},
|
||||
{
|
||||
desc: "strict-dynamic with JS URLs should be blocked",
|
||||
result: "blocked",
|
||||
file: "file_strict_dynamic_js_url.html",
|
||||
policy: "script-src 'strict-dynamic' 'nonce-foo'"
|
||||
},
|
||||
];
|
||||
|
||||
var counter = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user