Skip to content

Commit

Permalink
Remove trailing spaces from CSP WPTs
Browse files Browse the repository at this point in the history 
Let's enforce no trailing spaces from now on for Content Security
Policies WPTs.

Change-Id: I2f870e0914135d5143e63cf0ced9f4f211d1418e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2756253
Reviewed-by: Arthur Sonzogni <[email protected]>
Commit-Queue: Antonio Sartori <[email protected]>
Cr-Commit-Position: refs/heads/master@{#862409}
  • Loading branch information
@antosart @chromium-wpt-export-bot
antosart authored and chromium-wpt-export-bot committed Mar 12, 2021
1 parent 05aed25 commit 375c9a8
Show file tree
Hide file tree
Showing 88 changed files with 402 additions and 403 deletions.
4 changes: 2 additions & 2 deletions content-security-policy/blob/blob-urls-match-blob.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' blob:; connect-src 'self';">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' blob:; connect-src 'self';">
<title>blob-urls-match-blob</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
Expand All @@ -19,7 +19,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log("FAIL");
});

function pass() {
log("PASS (1/1)");
}
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/blob/self-doesnt-match-blob.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});

try {
var blob = new Blob([
"postMessage('FAIL');" +
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/blob/star-doesnt-match-blob.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});

try {
var blob = new Blob([
"postMessage('FAIL');" +
Expand Down
4 changes: 2 additions & 2 deletions content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,12 @@
var t = async_test("Check that frames load without throwing any violation events");
window.addEventListener("securitypolicyviolation", t.unreached_func("Should not have fired any events"));
</script>

<iframe src="about:blank"></iframe>
<object type="text/html" data="about:blank"></object>

<div id="log"></div>

<script>
t.done();
</script>
Expand Down
4 changes: 2 additions & 2 deletions content-security-policy/child-src/child-src-about-blank-allowed-by-scheme.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@
var t = async_test("Check that frames load without throwing any violation events");
window.addEventListener("securitypolicyviolation", t.unreached_func("Should not have fired any events"));
</script>

<iframe src="about:blank"></iframe>
<div id="log"></div>

<script>
t.done();
</script>
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/child-src/child-src-allowed.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);

window.addEventListener("securitypolicyviolation", function(e) {
alert_assert("Fail");
});
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/child-src/child-src-blocked.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
window.addEventListener("message", function(event) {
alert_assert(event.data);
}, false);

window.addEventListener("securitypolicyviolation", function(e) {
log("violated-directive=" + e.violatedDirective);
});
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});

if(typeof SharedWorker != 'function') {
t_log.set_status(t_alert.NOTRUN, "No SharedWorker, cannot run test.");
t_log.phase = t_alert.phases.HAS_RESULT;
Expand Down
4 changes: 2 additions & 2 deletions content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["xhr blocked","TEST COMPLETE"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>

<body>
Expand All @@ -22,7 +22,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});

if(typeof SharedWorker != 'function') {
t_log.set_status(t_log.NOTRUN, "No SharedWorker, cannot run test.");
t_log.phase = t_log.phases.HAS_RESULT;
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/connect-src/worker-connect-src-allowed.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log('Fail');
});

try {
var worker = new Worker('/content-security-policy/connect-src/support/worker-make-xhr.sub.js');
worker.onmessage = function(event) {
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/connect-src/worker-connect-src-blocked.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
window.addEventListener('securitypolicyviolation', function(e) {
log('Fail');
});

try {
var worker = new Worker('/content-security-policy/connect-src/support/worker-make-xhr-blocked.sub.js');
worker.onmessage = function(event) {
Expand Down
2 changes: 1 addition & 1 deletion content-security-policy/connect-src/worker-from-guid.sub.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"try { " +
" xhr.open(" +
" 'GET'," +
" 'http:///content-security-policy/support/fail.asis'," +
" 'http:///content-security-policy/support/fail.asis'," +
" true" +
" );" +
" xhr.send();" +
Expand Down
40 changes: 20 additions & 20 deletions content-security-policy/embedded-enforcement/allow_csp_from-header.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,69 +9,69 @@
<body>
<script>
var tests = [
{ "name": "Same origin iframes are always allowed.",
{ "name": "Same origin iframes are always allowed.",
"origin": Host.SAME_ORIGIN,
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"allow_csp_from": "¢¥§",
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": null},
{ "name": "Same origin iframes are allowed even if the Allow-CSP-From is empty.",
{ "name": "Same origin iframes are allowed even if the Allow-CSP-From is empty.",
"origin": Host.SAME_ORIGIN,
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"allow_csp_from": "",
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": null},
{ "name": "Same origin iframes are allowed even if the Allow-CSP-From is not present.",
{ "name": "Same origin iframes are allowed even if the Allow-CSP-From is not present.",
"origin": Host.SAME_ORIGIN,
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"allow_csp_from": null,
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": null},
{ "name": "Same origin iframes are allowed even if Allow-CSP-From does not match origin.",
{ "name": "Same origin iframes are allowed even if Allow-CSP-From does not match origin.",
"origin": Host.SAME_ORIGIN,
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"allow_csp_from": "http://example.com:888",
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": null},
{ "name": "Cross origin iframe with an empty Allow-CSP-From header gets blocked.",
{ "name": "Cross origin iframe with an empty Allow-CSP-From header gets blocked.",
"origin": Host.CROSS_ORIGIN,
"csp": "script-src 'unsafe-inline'",
"csp": "script-src 'unsafe-inline'",
"allow_csp_from": "",
"expected": IframeLoad.EXPECT_BLOCK,
"blockedURI": null},
{ "name": "Cross origin iframe without Allow-CSP-From header gets blocked.",
{ "name": "Cross origin iframe without Allow-CSP-From header gets blocked.",
"origin": Host.CROSS_ORIGIN,
"csp": "script-src 'unsafe-inline'",
"csp": "script-src 'unsafe-inline'",
"allow_csp_from": null,
"expected": IframeLoad.EXPECT_BLOCK,
"blockedURI": null},
{ "name": "Cross origin iframe with correct Allow-CSP-From header is allowed.",
"origin": Host.CROSS_ORIGIN,
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"csp": "style-src 'unsafe-inline'; script-src 'unsafe-inline'",
"allow_csp_from": getOrigin(),
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": null},
{ "name": "Iframe with improper Allow-CSP-From header gets blocked.",
{ "name": "Iframe with improper Allow-CSP-From header gets blocked.",
"origin": Host.CROSS_ORIGIN,
"csp": "script-src 'unsafe-inline'",
"csp": "script-src 'unsafe-inline'",
"allow_csp_from": "* ¢¥§",
"expected": IframeLoad.EXPECT_BLOCK,
"blockedURI": null},
{ "name": "Allow-CSP-From header with a star value allows cross origin frame.",
"origin": Host.CROSS_ORIGIN,
"csp": "script-src 'unsafe-inline'",
"csp": "script-src 'unsafe-inline'",
"allow_csp_from": "*",
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": null},
{ "name": "Star Allow-CSP-From header enforces EmbeddingCSP.",
{ "name": "Star Allow-CSP-From header enforces EmbeddingCSP.",
"origin": Host.CROSS_ORIGIN,
"csp": "script-src 'nonce-123'",
"csp": "script-src 'nonce-123'",
"allow_csp_from": "*",
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": "inline"},
{ "name": "Allow-CSP-From header enforces EmbeddingCSP.",
{ "name": "Allow-CSP-From header enforces EmbeddingCSP.",
"origin": Host.CROSS_ORIGIN,
"csp": "style-src 'none'; script-src 'nonce-123'",
"csp": "style-src 'none'; script-src 'nonce-123'",
"allow_csp_from": getOrigin(),
"expected": IframeLoad.EXPECT_LOAD,
"blockedURI": "inline"},
Expand Down
44 changes: 22 additions & 22 deletions content-security-policy/embedded-enforcement/subsumption_algorithm-general.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,33 +13,33 @@
// support/echo-policy-multiple.py), otherwise the test might
// return false negatives.
var tests = [
{ "name": "If there is no required csp, iframe should load.",
"required_csp": null,
{ "name": "If there is no required csp, iframe should load.",
"required_csp": null,
"returned_csp": null,
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Iframe with empty returned CSP should be blocked.",
"required_csp": "style-src 'none';",
{ "name": "Iframe with empty returned CSP should be blocked.",
"required_csp": "style-src 'none';",
"returned_csp": null,
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Iframe with matching CSP should load.",
"required_csp": "style-src 'none'; script-src 'unsafe-inline'",
"returned_csp": "style-src 'none'; script-src 'unsafe-inline'",
{ "name": "Iframe with matching CSP should load.",
"required_csp": "style-src 'none'; script-src 'unsafe-inline'",
"returned_csp": "style-src 'none'; script-src 'unsafe-inline'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Iframe with more restricting CSP should load.",
"required_csp": "script-src 'nonce-abc' 'nonce-123'",
"returned_csp": "script-src 'nonce-abc'",
{ "name": "Iframe with more restricting CSP should load.",
"required_csp": "script-src 'nonce-abc' 'nonce-123'",
"returned_csp": "script-src 'nonce-abc'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Iframe with less restricting CSP should be blocked.",
"required_csp": "style-src 'none'; script-src 'none'",
"returned_csp": "style-src 'none'; script-src 'self' 'nonce-abc'",
{ "name": "Iframe with less restricting CSP should be blocked.",
"required_csp": "style-src 'none'; script-src 'none'",
"returned_csp": "style-src 'none'; script-src 'self' 'nonce-abc'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Iframe with a different CSP should be blocked.",
"required_csp": "script-src 'nonce-abc' 'nonce-123'",
"returned_csp": "style-src 'none'",
{ "name": "Iframe with a different CSP should be blocked.",
"required_csp": "script-src 'nonce-abc' 'nonce-123'",
"returned_csp": "style-src 'none'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Iframe with a matching and more restrictive ports should load.",
"required_csp": "frame-src http://c.com:443 http://b.com",
"returned_csp": "frame-src http://b.com:80 http://c.com:443",
{ "name": "Iframe with a matching and more restrictive ports should load.",
"required_csp": "frame-src http://c.com:443 http://b.com",
"returned_csp": "frame-src http://b.com:80 http://c.com:443",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Host wildcard *.a.com does not match a.com",
"required_csp": "frame-src http://*.a.com",
Expand All @@ -50,9 +50,9 @@
"returned_csp": "frame-src http://a.com",
"returned_csp_2": "frame-src http://*.a.com",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Iframe should load even if the ports are different but are default for the protocols.",
"required_csp": "frame-src http://b.com:80",
"returned_csp": "child-src https://b.com:443",
{ "name": "Iframe should load even if the ports are different but are default for the protocols.",
"required_csp": "frame-src http://b.com:80",
"returned_csp": "child-src https://b.com:443",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Iframe should block if intersection allows sources which are not in required_csp.",
"required_csp": "style-src http://*.example.com:*",
Expand Down
52 changes: 26 additions & 26 deletions content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,60 +9,60 @@
<body>
<script>
var tests = [
{ "name": "'sha256-abc123' is properly subsumed.",
"required_csp": "style-src 'sha256-abc123'",
{ "name": "'sha256-abc123' is properly subsumed.",
"required_csp": "style-src 'sha256-abc123'",
"returned_csp_1": "style-src 'sha256-abc123'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Returned should not include hashes not present in required csp.",
"required_csp": "style-src http://example.com",
{ "name": "Returned should not include hashes not present in required csp.",
"required_csp": "style-src http://example.com",
"returned_csp_1": "style-src 'sha256-abc123'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "'sha256-abc123' is properly subsumed with other sources.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'unsafe-hashed-attributes' 'strict-dynamic' 'sha256-abc123'",
{ "name": "'sha256-abc123' is properly subsumed with other sources.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'unsafe-hashed-attributes' 'strict-dynamic' 'sha256-abc123'",
"returned_csp_1": "style-src http://example1.com/foo/bar.html 'sha256-abc123'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Hashes do not have to be present in returned csp.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
{ "name": "Hashes do not have to be present in returned csp.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"returned_csp_1": "style-src http://example1.com/foo/",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Hashes do not have to be present in returned csp but must not allow all inline behavior.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
{ "name": "Hashes do not have to be present in returned csp but must not allow all inline behavior.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-inline'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Other expressions have to be subsumed.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
{ "name": "Other expressions have to be subsumed.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-eval' 'sha256-abc123'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Other expressions have to be subsumed but 'unsafe-inline' gets ignored.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
{ "name": "Other expressions have to be subsumed but 'unsafe-inline' gets ignored.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-inline' 'sha256-abc123'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Effective policy is properly found.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
{ "name": "Effective policy is properly found.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"returned_csp_1": "style-src http://example1.com/foo/ 'unsafe-hashed-attributes' 'sha256-abc123'",
"returned_csp_2": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Required csp must allow 'sha256-abc123'.",
"required_csp": "style-src http://example1.com/foo/ 'self'",
{ "name": "Required csp must allow 'sha256-abc123'.",
"required_csp": "style-src http://example1.com/foo/ 'self'",
"returned_csp_1": "style-src http://example1.com/foo/ 'self' 'sha256-abc123'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Effective policy is properly found where 'sha256-abc123' is not subsumed.",
"required_csp": "style-src http://example1.com/foo/ 'self'",
{ "name": "Effective policy is properly found where 'sha256-abc123' is not subsumed.",
"required_csp": "style-src http://example1.com/foo/ 'self'",
"returned_csp_1": "style-src 'unsafe-hashed-attributes' 'sha256-abc123'",
"returned_csp_2": "style-src 'sha256-abc123' 'unsafe-inline'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "'sha256-abc123' is not subsumed by 'sha256-abc456'.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc456'",
{ "name": "'sha256-abc123' is not subsumed by 'sha256-abc456'.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc456'",
"returned_csp_1": "style-src 'unsafe-hashed-attributes' 'sha256-abc123'",
"returned_csp_2": "style-src 'sha256-abc123' 'unsafe-inline'",
"expected": IframeLoad.EXPECT_BLOCK },
{ "name": "Effective policy now does not allow 'sha256-abc123'.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc456'",
{ "name": "Effective policy now does not allow 'sha256-abc123'.",
"required_csp": "style-src http://example1.com/foo/ 'self' 'sha256-abc456'",
"returned_csp_1": "style-src 'unsafe-hashed-attributes' 'sha256-abc123' 'sha256-abc456'",
"returned_csp_2": "style-src 'sha256-abc456' 'unsafe-inline'",
"expected": IframeLoad.EXPECT_LOAD },
{ "name": "Effective policy is properly found where 'sha256-abc123' is not part of it.",
"required_csp": "style-src http://example1.com/foo/ 'self'",
{ "name": "Effective policy is properly found where 'sha256-abc123' is not part of it.",
"required_csp": "style-src http://example1.com/foo/ 'self'",
"returned_csp_1": "style-src 'unsafe-hashed-attributes' 'self'",
"returned_csp_2": "style-src 'sha256-abc123' 'self'",
"expected": IframeLoad.EXPECT_LOAD },
Expand Down
Loading

0 comments on commit 375c9a8

Please sign in to comment.