Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-07 18:04:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1864168 - Part 1: Use 1-origin column number in nsIContentSecurityPolicy. r=smaug,devtools-reviewers,ochameau,ckerschb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D193369
This commit is contained in:
Tooru Fujisawa 2023-11-22 11:13:54 +00:00
parent e829ebfad1
commit a4a513ad86
27 changed files with 52 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
caps/nsScriptSecurityManager.cpp
View File

@ -555,7 +555,7 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
csp->LogViolationDetails(violationType, csp->LogViolationDetails(violationType,
nullptr, // triggering element nullptr, // triggering element
cspEventListener, fileName, scriptSample, lineNum, cspEventListener, fileName, scriptSample, lineNum,
columnNum.zeroOriginValue(), u""_ns, u""_ns); columnNum.oneOriginValue(), u""_ns, u""_ns);
} }
return evalOK; return evalOK;

6
devtools/client/webconsole/test/browser/browser_webconsole_csp_violation.js
View File

@ -39,7 +39,7 @@ add_task(async function () {
`Content-Security-Policy: The pages settings blocked` + `Content-Security-Policy: The pages settings blocked` +
` the loading of a resource at inline (“style-src”).`; ` the loading of a resource at inline (“style-src”).`;
const VIOLATION_LOCATION_HTML = "test-csp-violation-inline.html:18:1"; const VIOLATION_LOCATION_HTML = "test-csp-violation-inline.html:18:1";
const VIOLATION_LOCATION_JS = "test-csp-violation-inline.html:14:24"; const VIOLATION_LOCATION_JS = "test-csp-violation-inline.html:14:25";
await navigateTo(TEST_VIOLATION); await navigateTo(TEST_VIOLATION);
// Triggering the Violation via HTML // Triggering the Violation via HTML
let msg = await waitFor(() => findErrorMessage(hud, CSP_VIOLATION)); let msg = await waitFor(() => findErrorMessage(hud, CSP_VIOLATION));
@ -70,7 +70,7 @@ add_task(async function () {
"https://example.com/browser/devtools/client/webconsole/" + "https://example.com/browser/devtools/client/webconsole/" +
"test/browser/test-csp-violation-base-uri.html"; "test/browser/test-csp-violation-base-uri.html";
const CSP_VIOLATION = `Content-Security-Policy: The pages settings blocked the loading of a resource at https://evil.com/ (“base-uri”).`; const CSP_VIOLATION = `Content-Security-Policy: The pages settings blocked the loading of a resource at https://evil.com/ (“base-uri”).`;
const VIOLATION_LOCATION = "test-csp-violation-base-uri.html:15:24"; const VIOLATION_LOCATION = "test-csp-violation-base-uri.html:15:25";
await navigateTo(TEST_VIOLATION); await navigateTo(TEST_VIOLATION);
let msg = await waitFor(() => findErrorMessage(hud, CSP_VIOLATION)); let msg = await waitFor(() => findErrorMessage(hud, CSP_VIOLATION));
ok(msg, "Base-URI validation was Printed"); ok(msg, "Base-URI validation was Printed");
@ -95,7 +95,7 @@ add_task(async function () {
"https://example.com/browser/devtools/client/webconsole/" + "https://example.com/browser/devtools/client/webconsole/" +
"test/browser/test-csp-violation-form-action.html"; "test/browser/test-csp-violation-form-action.html";
const CSP_VIOLATION = `Content-Security-Policy: The pages settings blocked the loading of a resource at https://evil.com/evil.com (“form-action”).`; const CSP_VIOLATION = `Content-Security-Policy: The pages settings blocked the loading of a resource at https://evil.com/evil.com (“form-action”).`;
const VIOLATION_LOCATION = "test-csp-violation-form-action.html:14:39"; const VIOLATION_LOCATION = "test-csp-violation-form-action.html:14:40";
await navigateTo(TEST_VIOLATION); await navigateTo(TEST_VIOLATION);
const msg = await waitFor(() => findErrorMessage(hud, CSP_VIOLATION)); const msg = await waitFor(() => findErrorMessage(hud, CSP_VIOLATION));

2
dom/base/nsStyledElement.cpp
View File

@ -181,7 +181,7 @@ void nsStyledElement::ParseStyleAttribute(const nsAString& aValue,
if (!isNativeAnon && if (!isNativeAnon &&
!nsStyleUtil::CSPAllowsInlineStyle(this, doc, aMaybeScriptedPrincipal, 0, !nsStyleUtil::CSPAllowsInlineStyle(this, doc, aMaybeScriptedPrincipal, 0,
0, aValue, nullptr)) 1, aValue, nullptr))
return; return;
if (aForceInDataDoc || !doc->IsLoadedAsData() || GetExistingStyle() || if (aForceInDataDoc || !doc->IsLoadedAsData() || GetExistingStyle() ||

2
dom/events/EventListenerManager.cpp
View File

@ -1046,7 +1046,7 @@ nsresult EventListenerManager::SetEventHandler(nsAtom* aName,
true, // aParserCreated (true because attribute event handler) true, // aParserCreated (true because attribute event handler)
aElement, aElement,
nullptr, // nsICSPEventListener nullptr, // nsICSPEventListener
aBody, lineNum, columnNum.zeroOriginValue(), &allowsInlineScript); aBody, lineNum, columnNum.oneOriginValue(), &allowsInlineScript);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
// return early if CSP wants us to block inline scripts // return early if CSP wants us to block inline scripts

2
dom/html/HTMLFormElement.cpp
View File

@ -1694,7 +1694,7 @@ nsresult HTMLFormElement::GetActionURL(nsIURI** aActionURL,
u""_ns, // aSourceFile u""_ns, // aSourceFile
u""_ns, // aScriptSample u""_ns, // aScriptSample
0, // aLineNumber 0, // aLineNumber
0, // aColumnNumber 1, // aColumnNumber
nsIScriptError::warningFlag, "upgradeInsecureRequest"_ns, nsIScriptError::warningFlag, "upgradeInsecureRequest"_ns,
document->InnerWindowID(), document->InnerWindowID(),
!!document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId); !!document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId);

2
dom/jsurl/nsJSProtocolHandler.cpp
View File

@ -161,7 +161,7 @@ static bool AllowedByCSP(nsIContentSecurityPolicy* aCSP,
nullptr, // nsICSPEventListener nullptr, // nsICSPEventListener
NS_ConvertASCIItoUTF16(aJavaScriptURL), // aContent NS_ConvertASCIItoUTF16(aJavaScriptURL), // aContent
0, // aLineNumber 0, // aLineNumber
0, // aColumnNumber 1, // aColumnNumber
&allowsInlineScript); &allowsInlineScript);
return (NS_SUCCEEDED(rv) && allowsInlineScript); return (NS_SUCCEEDED(rv) && allowsInlineScript);

2
dom/script/ScriptLoader.cpp
View File

@ -919,7 +919,7 @@ static bool CSPAllowsInlineScript(nsIScriptElement* aElement,
nsIContentSecurityPolicy::SCRIPT_SRC_ELEM_DIRECTIVE, nsIContentSecurityPolicy::SCRIPT_SRC_ELEM_DIRECTIVE,
false /* aHasUnsafeHash */, aNonce, parserCreated, element, false /* aHasUnsafeHash */, aNonce, parserCreated, element,
nullptr /* nsICSPEventListener */, u""_ns, nullptr /* nsICSPEventListener */, u""_ns,
aElement->GetScriptLineNumber(), aElement->GetScriptColumnNumber(), aElement->GetScriptLineNumber(), aElement->GetScriptColumnNumber() + 1,
&allowInlineScript); &allowInlineScript);
return NS_SUCCEEDED(rv) && allowInlineScript; return NS_SUCCEEDED(rv) && allowInlineScript;
} }

4
dom/security/CSPEvalChecker.cpp
View File

@ -137,6 +137,8 @@ nsresult CSPEvalChecker::CheckForWindow(JSContext* aCx,
&columnNum)) { &columnNum)) {
fileNameString.AssignLiteral("unknown"); fileNameString.AssignLiteral("unknown");
} }
// TODO: Use 1-origin in nsJSUtils::GetCallingLocation.
columnNum += 1;
nsCOMPtr<nsIContentSecurityPolicy> csp = doc->GetCsp(); nsCOMPtr<nsIContentSecurityPolicy> csp = doc->GetCsp();
rv = CheckInternal(csp, nullptr /* no CSPEventListener for window */, rv = CheckInternal(csp, nullptr /* no CSPEventListener for window */,
@ -170,6 +172,8 @@ nsresult CSPEvalChecker::CheckForWorker(JSContext* aCx,
&columnNum)) { &columnNum)) {
fileNameString.AssignLiteral("unknown"); fileNameString.AssignLiteral("unknown");
} }
// TODO: Use 1-origin in nsJSUtils::GetCallingLocation.
columnNum += 1;
RefPtr<WorkerCSPCheckRunnable> r = new WorkerCSPCheckRunnable( RefPtr<WorkerCSPCheckRunnable> r = new WorkerCSPCheckRunnable(
aWorkerPrivate, aExpression, fileNameString, lineNum, columnNum); aWorkerPrivate, aExpression, fileNameString, lineNum, columnNum);

9
dom/security/nsCSPContext.cpp
View File

@ -218,6 +218,8 @@ bool nsCSPContext::permitsInternal(
// If GetCallingLocation fails linenumber & columnNumber are set to 0 // If GetCallingLocation fails linenumber & columnNumber are set to 0
// anyway so we can skip checking if that is the case. // anyway so we can skip checking if that is the case.
} }
// TODO: Use 1-origin in nsJSUtils::GetCallingLocation.
columnNumber += 1;
AsyncReportViolation( AsyncReportViolation(
aTriggeringElement, aCSPEventListener, aTriggeringElement, aCSPEventListener,
(aSendContentLocationInViolationReports ? aContentLocation (aSendContentLocationInViolationReports ? aContentLocation
@ -559,6 +561,9 @@ void nsCSPContext::reportInlineViolation(
} }
lineNumber = aLineNumber; lineNumber = aLineNumber;
columnNumber = aColumnNumber; columnNumber = aColumnNumber;
} else {
// TODO: Use 1-origin in nsJSUtils::GetCallingLocation.
columnNumber += 1;
} }
AsyncReportViolation(aTriggeringElement, aCSPEventListener, AsyncReportViolation(aTriggeringElement, aCSPEventListener,
@ -740,6 +745,8 @@ nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission,
// If GetCallingLocation fails linenumber & columnNumber are set to 0 // If GetCallingLocation fails linenumber & columnNumber are set to 0
// anyway so we can skip checking if that is the case. // anyway so we can skip checking if that is the case.
} }
// TODO: Use 1-origin in nsJSUtils::GetCallingLocation.
columnNumber += 1;
// Report the violation // Report the violation
nsresult rv = AsyncReportViolation( nsresult rv = AsyncReportViolation(
@ -1848,7 +1855,7 @@ nsCSPContext::GetCSPSandboxFlags(uint32_t* aOutSandboxFlags) {
NS_ConvertUTF16toUTF8(policy).get())); NS_ConvertUTF16toUTF8(policy).get()));
AutoTArray<nsString, 1> params = {policy}; AutoTArray<nsString, 1> params = {policy};
logToConsole("ignoringReportOnlyDirective", params, u""_ns, u""_ns, 0, 0, logToConsole("ignoringReportOnlyDirective", params, u""_ns, u""_ns, 0, 1,
nsIScriptError::warningFlag); nsIScriptError::warningFlag);
} }
} }

2
dom/security/nsCSPParser.cpp
View File

@ -174,7 +174,7 @@ void nsCSPParser::logWarningErrorToConsole(uint32_t aSeverityFlag,
u""_ns, // aSourceName u""_ns, // aSourceName
u""_ns, // aSourceLine u""_ns, // aSourceLine
0, // aLineNumber 0, // aLineNumber
0, // aColumnNumber 1, // aColumnNumber
aSeverityFlag); // aFlags aSeverityFlag); // aFlags
} }

4
dom/security/nsContentSecurityUtils.cpp
View File

@ -692,6 +692,8 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
if (fileName.IsEmpty()) { if (fileName.IsEmpty()) {
fileName = "unknown-file"_ns; fileName = "unknown-file"_ns;
} }
// TODO: Use 1-origin in nsJSUtils::GetCallingLocation.
columnNumber += 1;
NS_ConvertUTF8toUTF16 fileNameA(fileName); NS_ConvertUTF8toUTF16 fileNameA(fileName);
for (const nsLiteralCString& allowlistEntry : evalAllowlist) { for (const nsLiteralCString& allowlistEntry : evalAllowlist) {
@ -1152,7 +1154,7 @@ void EnforceXFrameOptionsCheck(nsIChannel* aChannel,
u""_ns, // no sourcefile u""_ns, // no sourcefile
u""_ns, // no scriptsample u""_ns, // no scriptsample
0, // no linenumber 0, // no linenumber
0, // no columnnumber 1, // no columnnumber
nsIScriptError::warningFlag, nsIScriptError::warningFlag,
"IgnoringSrcBecauseOfDirective"_ns, innerWindowID, "IgnoringSrcBecauseOfDirective"_ns, innerWindowID,
privateWindow); privateWindow);

2
dom/security/nsMixedContentBlocker.cpp
View File

@ -810,7 +810,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
u""_ns, // aSourceFile u""_ns, // aSourceFile
u""_ns, // aScriptSample u""_ns, // aScriptSample
0, // aLineNumber 0, // aLineNumber
0, // aColumnNumber 1, // aColumnNumber
nsIScriptError::errorFlag, "blockAllMixedContent"_ns, nsIScriptError::errorFlag, "blockAllMixedContent"_ns,
requestingWindow->Id(), requestingWindow->Id(),
!!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId); !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);

16
dom/security/test/unit/test_csp_reports.js
View File

@ -140,8 +140,8 @@ function run_test() {
null, // nsICSPEventListener null, // nsICSPEventListener
"", // aContentOfPseudoScript "", // aContentOfPseudoScript
0, // aLineNumber 0, // aLineNumber
0 1 // aColumnNumber
); // aColumnNumber );
// this is not a report only policy, so it better block inline scripts // this is not a report only policy, so it better block inline scripts
Assert.ok(!inlineOK); Assert.ok(!inlineOK);
@ -181,8 +181,8 @@ function run_test() {
// note that JSON is UTF8 encoded. // note that JSON is UTF8 encoded.
"\u00a3\u00a5\u00b5\u5317\ud841\udf79", "\u00a3\u00a5\u00b5\u5317\ud841\udf79",
1, // line number 1, // line number
2 2 // column number
); // column number );
} }
} }
); );
@ -220,8 +220,8 @@ function run_test() {
null, // nsICSPEventListener null, // nsICSPEventListener
"", // aContentOfPseudoScript "", // aContentOfPseudoScript
0, // aLineNumber 0, // aLineNumber
0 1 // aColumnNumber
); // aColumnNumber );
// this is a report only policy, so it better allow inline scripts // this is a report only policy, so it better allow inline scripts
Assert.ok(inlineOK); Assert.ok(inlineOK);
@ -248,8 +248,8 @@ function run_test() {
selfuri.asciiSpec, selfuri.asciiSpec,
"script sample", "script sample",
4, // line number 4, // line number
5 5 // column number
); // column number );
} }
}); });

4
dom/smil/SMILCSSValueType.cpp
View File

@ -453,7 +453,7 @@ void SMILCSSValueType::ValueFromString(nsCSSPropertyID aPropID,
} }
Document* doc = aTargetElement->GetComposedDoc(); Document* doc = aTargetElement->GetComposedDoc();
if (doc && !nsStyleUtil::CSPAllowsInlineStyle(nullptr, doc, nullptr, 0, 0, if (doc && !nsStyleUtil::CSPAllowsInlineStyle(nullptr, doc, nullptr, 0, 1,
aString, nullptr)) { aString, nullptr)) {
return; return;
} }
@ -490,7 +490,7 @@ SMILValue SMILCSSValueType::ValueFromAnimationValue(
// and an intermediate CSS value is not likely to be particularly useful // and an intermediate CSS value is not likely to be particularly useful
// in that case, we just use a generic placeholder string instead. // in that case, we just use a generic placeholder string instead.
static const nsLiteralString kPlaceholderText = u"[SVG animation of CSS]"_ns; static const nsLiteralString kPlaceholderText = u"[SVG animation of CSS]"_ns;
if (doc && !nsStyleUtil::CSPAllowsInlineStyle(nullptr, doc, nullptr, 0, 0, if (doc && !nsStyleUtil::CSPAllowsInlineStyle(nullptr, doc, nullptr, 0, 1,
kPlaceholderText, nullptr)) { kPlaceholderText, nullptr)) {
return result; return result;
} }

2
dom/websocket/WebSocket.cpp
View File

@ -1728,7 +1728,7 @@ nsresult WebSocketImpl::Init(JSContext* aCx, bool aIsSecure,
u""_ns, // aSourceFile u""_ns, // aSourceFile
u""_ns, // aScriptSample u""_ns, // aScriptSample
0, // aLineNumber 0, // aLineNumber
0, // aColumnNumber 1, // aColumnNumber
nsIScriptError::warningFlag, nsIScriptError::warningFlag,
"upgradeInsecureRequest"_ns, mInnerWindowID, "upgradeInsecureRequest"_ns, mInnerWindowID,
mPrivateBrowsing); mPrivateBrowsing);

2
dom/workers/RuntimeService.cpp
View File

@ -531,7 +531,7 @@ bool ContentSecurityPolicyAllows(JSContext* aCx, JS::RuntimeCode aKind,
RefPtr<LogViolationDetailsRunnable> runnable = RefPtr<LogViolationDetailsRunnable> runnable =
new LogViolationDetailsRunnable(worker, violationType, fileName, new LogViolationDetailsRunnable(worker, violationType, fileName,
lineNum, columnNum.zeroOriginValue(), lineNum, columnNum.oneOriginValue(),
scriptSample); scriptSample);
ErrorResult rv; ErrorResult rv;

2
dom/xml/nsXMLContentSink.cpp
View File

@ -519,7 +519,7 @@ nsresult nsXMLContentSink::CreateElement(
} }
if (!aNodeInfo->Equals(nsGkAtoms::link, kNameSpaceID_XHTML)) { if (!aNodeInfo->Equals(nsGkAtoms::link, kNameSpaceID_XHTML)) {
linkStyle->SetLineNumber(aFromParser ? aLineNumber : 0); linkStyle->SetLineNumber(aFromParser ? aLineNumber : 0);
linkStyle->SetColumnNumber(aFromParser ? aColumnNumber : 0); linkStyle->SetColumnNumber(aFromParser ? aColumnNumber + 1 : 1);
} }
} }

2
netwerk/base/nsNetUtil.cpp
View File

@ -2921,7 +2921,7 @@ static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
u""_ns, // aSourceFile u""_ns, // aSourceFile
u""_ns, // aScriptSample u""_ns, // aScriptSample
0, // aLineNumber 0, // aLineNumber
0, // aColumnNumber 1, // aColumnNumber
nsIScriptError::warningFlag, nsIScriptError::warningFlag,
"upgradeInsecureRequest"_ns, innerWindowId, "upgradeInsecureRequest"_ns, innerWindowId,
!!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId); !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/blockeduri-eval.html
View File

@ -8,7 +8,7 @@
watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => { watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
assert_equals(e.blockedURI, "eval"); assert_equals(e.blockedURI, "eval");
assert_equals(e.lineNumber, 15); assert_equals(e.lineNumber, 15);
assert_equals(e.columnNumber, 12); assert_equals(e.columnNumber, 13);
})); }));
try { try {

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/blockeduri-inline.html
View File

@ -8,7 +8,7 @@
watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => { watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
assert_equals(e.blockedURI, "inline"); assert_equals(e.blockedURI, "inline");
assert_equals(e.lineNumber, 15); assert_equals(e.lineNumber, 15);
assert_equals(e.columnNumber, 8); assert_equals(e.columnNumber, 9);
})); }));
}, "Inline violations have a blockedURI of 'inline'"); }, "Inline violations have a blockedURI of 'inline'");
</script> </script>

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html
View File

@ -17,7 +17,7 @@
assert_equals(e.disposition, "enforce"); assert_equals(e.disposition, "enforce");
assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/support/inject-image.sub.js"); assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/support/inject-image.sub.js");
assert_equals(e.lineNumber, 2); assert_equals(e.lineNumber, 2);
assert_equals(e.columnNumber, 0); assert_equals(e.columnNumber, 1);
assert_equals(e.statusCode, 200); assert_equals(e.statusCode, 200);
})); }));

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html
View File

@ -17,7 +17,7 @@
assert_equals(e.disposition, "enforce"); assert_equals(e.disposition, "enforce");
assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html"); assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html");
assert_equals(e.lineNumber, 25); assert_equals(e.lineNumber, 25);
assert_equals(e.columnNumber, 4); assert_equals(e.columnNumber, 5);
assert_equals(e.statusCode, 200); assert_equals(e.statusCode, 200);
})); }));

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html
View File

@ -17,7 +17,7 @@
assert_equals(e.disposition, "enforce"); assert_equals(e.disposition, "enforce");
assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/support/inject-image.sub.js"); assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/support/inject-image.sub.js");
assert_equals(e.lineNumber, 2); assert_equals(e.lineNumber, 2);
assert_equals(e.columnNumber, 0); assert_equals(e.columnNumber, 1);
assert_equals(e.statusCode, 200); assert_equals(e.statusCode, 200);
})); }));

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html
View File

@ -17,7 +17,7 @@
assert_equals(e.disposition, "enforce"); assert_equals(e.disposition, "enforce");
assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html"); assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html");
assert_equals(e.lineNumber, 25); assert_equals(e.lineNumber, 25);
assert_equals(e.columnNumber, 4); assert_equals(e.columnNumber, 5);
assert_equals(e.statusCode, 200); assert_equals(e.statusCode, 200);
})); }));

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html
View File

@ -9,7 +9,7 @@
assert_equals(e.blockedURI, "eval"); assert_equals(e.blockedURI, "eval");
assert_equals(e.sourceFile, "blob"); assert_equals(e.sourceFile, "blob");
assert_equals(e.lineNumber, 3); assert_equals(e.lineNumber, 3);
assert_equals(e.columnNumber, 16); assert_equals(e.columnNumber, 17);
})); }));
var scriptText = ` var scriptText = `

2
testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html
View File

@ -9,7 +9,7 @@
assert_equals(e.blockedURI, "eval"); assert_equals(e.blockedURI, "eval");
assert_equals(e.sourceFile, "data"); assert_equals(e.sourceFile, "data");
assert_equals(e.lineNumber, 3); assert_equals(e.lineNumber, 3);
assert_equals(e.columnNumber, 16); assert_equals(e.columnNumber, 17);
})); }));
var scriptText = ` var scriptText = `

8
testing/web-platform/tests/content-security-policy/securitypolicyviolation/targeting.html
View File

@ -36,28 +36,28 @@
.then(t.step_func(e => { .then(t.step_func(e => {
assert_equals(e.blockedURI, "inline"); assert_equals(e.blockedURI, "inline");
assert_equals(e.lineNumber, 118); assert_equals(e.lineNumber, 118);
assert_in_array(e.columnNumber, [4, 6]); assert_in_array(e.columnNumber, [5, 7]);
assert_equals(e.target, document, "Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document."); assert_equals(e.target, document, "Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.");
return watcher.wait_for('securitypolicyviolation'); return watcher.wait_for('securitypolicyviolation');
})) }))
.then(t.step_func(e => { .then(t.step_func(e => {
assert_equals(e.blockedURI, "inline"); assert_equals(e.blockedURI, "inline");
assert_equals(e.lineNumber, 131); assert_equals(e.lineNumber, 131);
assert_in_array(e.columnNumber, [4, 59]); assert_in_array(e.columnNumber, [5, 60]);
assert_equals(e.target, document, "Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document."); assert_equals(e.target, document, "Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.");
return watcher.wait_for('securitypolicyviolation'); return watcher.wait_for('securitypolicyviolation');
})) }))
.then(t.step_func(e => { .then(t.step_func(e => {
assert_equals(e.blockedURI, "inline"); assert_equals(e.blockedURI, "inline");
assert_equals(e.lineNumber, 139); assert_equals(e.lineNumber, 139);
assert_in_array(e.columnNumber, [4, 6]); assert_in_array(e.columnNumber, [5, 7]);
assert_equals(e.target, document, "Inline event handlers for disconnected elements target the document."); assert_equals(e.target, document, "Inline event handlers for disconnected elements target the document.");
return watcher.wait_for('securitypolicyviolation'); return watcher.wait_for('securitypolicyviolation');
})) }))
.then(t.step_func(e => { .then(t.step_func(e => {
assert_equals(e.blockedURI, "inline"); assert_equals(e.blockedURI, "inline");
assert_equals(e.lineNumber, 0); assert_equals(e.lineNumber, 0);
assert_equals(e.columnNumber, 0); assert_equals(e.columnNumber, 1);
assert_equals(e.target, document, "Inline event handlers for elements disconnected after triggering target the document."); assert_equals(e.target, document, "Inline event handlers for elements disconnected after triggering target the document.");
})) }))
.then(t.step_func_done(_ => { .then(t.step_func_done(_ => {