mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-15 14:25:52 +00:00
68 lines
3.8 KiB
HTML
68 lines
3.8 KiB
HTML
<!doctype html>
|
|
<html>
|
|
<head>
|
|
<!-- external styles -->
|
|
<link rel='stylesheet' nonce="correctstylenonce" href="file_CSP.sjs?testid=external_style_correct_nonce_good&type=text/css" />
|
|
<link rel='stylesheet' nonce="incorrectstylenonce" href="file_CSP.sjs?testid=external_style_incorrect_nonce_bad&type=text/css" />
|
|
<link rel='stylesheet' nonce="correctscriptnonce" href="file_CSP.sjs?testid=external_style_correct_script_nonce_bad&type=text/css" />
|
|
<link rel='stylesheet' href="file_CSP.sjs?testid=external_style_no_nonce_bad&type=text/css" />
|
|
</head>
|
|
<body>
|
|
<!-- inline scripts -->
|
|
<script nonce="correctscriptnonce">
|
|
window.parent.inlineScriptTestResult("allowed", "allowed", "This script has a correct nonce for scripts");
|
|
</script>
|
|
<script nonce="incorrectscriptnonce">
|
|
window.parent.inlineScriptTestResult("allowed", "blocked", "This script has an incorrect nonce for scripts");
|
|
</script>
|
|
<script nonce="correctstylenonce">
|
|
window.parent.inlineScriptTestResult("allowed", "blocked", "This script has a correct nonce for styles (but not for scripts)");
|
|
</script>
|
|
<script>
|
|
window.parent.inlineScriptTestResult("allowed", "blocked", "This script has no nonce");
|
|
</script>
|
|
|
|
<!-- external scripts -->
|
|
<script nonce="correctscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
|
|
<script nonce="anothercorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
|
|
<script nonce="incorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
|
|
<script nonce="correctstylenonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
|
|
<script src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
|
|
|
|
<!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. -->
|
|
<script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script>
|
|
<!-- This external script has an incorrect nonce, but comes from a whitelisted URI. It should be allowed. -->
|
|
<script nonce="incorrectscriptnonce" src="file_CSP.sjs?testid=external_script_incorrect_nonce_correct_uri_good&type=text/javascript"></script>
|
|
<!-- This external script has no nonce and comes from a whitelisted URI. It should be allowed. -->
|
|
<script src="file_CSP.sjs?testid=external_script_no_nonce_correct_uri_good&type=text/javascript"></script>
|
|
|
|
<!-- inline styles -->
|
|
<ol>
|
|
<li id=inline-style-correct-nonce>
|
|
(inline style with correct nonce) This text should be green
|
|
</li>
|
|
<li id=inline-style-incorrect-nonce>
|
|
(inline style with incorrect nonce) This text should be black
|
|
</li>
|
|
<li id=inline-style-correct-script-nonce>
|
|
(inline style with correct script, not style, nonce) This text should be black
|
|
</li>
|
|
<li id=inline-style-no-nonce>
|
|
(inline style with no nonce) This text should be black
|
|
</li>
|
|
</ol>
|
|
<style nonce=correctstylenonce>
|
|
li#inline-style-correct-nonce { color: green; }
|
|
</style>
|
|
<style nonce=incorrectstylenonce>
|
|
li#inline-style-incorrect-nonce { color: red; }
|
|
</style>
|
|
<style nonce=correctscriptnonce>
|
|
li#inline-style-correct-script-nonce { color: red; }
|
|
</style>
|
|
<style>
|
|
li#inline-style-no-nonce { color: red; }
|
|
</style>
|
|
</body>
|
|
</html>
|