content/base/test/csp/file_nonce_source.html@b8a032363ba2 (annotated)
content/base/test/csp/file_nonce_source.html
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | <!doctype html> |
| michael@0 | 2 | <html> |
| michael@0 | 3 | <head> |
| michael@0 | 4 | <!-- external styles --> |
| michael@0 | 5 | <link rel='stylesheet' nonce="correctstylenonce" href="file_CSP.sjs?testid=external_style_correct_nonce_good&type=text/css" /> |
| michael@0 | 6 | <link rel='stylesheet' nonce="incorrectstylenonce" href="file_CSP.sjs?testid=external_style_incorrect_nonce_bad&type=text/css" /> |
| michael@0 | 7 | <link rel='stylesheet' nonce="correctscriptnonce" href="file_CSP.sjs?testid=external_style_correct_script_nonce_bad&type=text/css" /> |
| michael@0 | 8 | <link rel='stylesheet' href="file_CSP.sjs?testid=external_style_no_nonce_bad&type=text/css" /> |
| michael@0 | 9 | </head> |
| michael@0 | 10 | <body> |
| michael@0 | 11 | <!-- inline scripts --> |
| michael@0 | 12 | <ol> |
| michael@0 | 13 | <li id="inline-script-correct-nonce">(inline script with correct nonce) This text should be green.</li> |
| michael@0 | 14 | <li id="inline-script-incorrect-nonce">(inline script with incorrect nonce) This text should be black.</li> |
| michael@0 | 15 | <li id="inline-script-correct-style-nonce">(inline script with correct nonce for styles, but not for scripts) This text should be black.</li> |
| michael@0 | 16 | <li id="inline-script-no-nonce">(inline script with no nonce) This text should be black.</li> |
| michael@0 | 17 | </ol> |
| michael@0 | 18 | <script nonce="correctscriptnonce"> |
| michael@0 | 19 | document.getElementById("inline-script-correct-nonce").style.color = "rgb(0, 128, 0)"; |
| michael@0 | 20 | </script> |
| michael@0 | 21 | <script nonce="incorrectscriptnonce"> |
| michael@0 | 22 | document.getElementById("inline-script-incorrect-nonce").style.color = "rgb(255, 0, 0)"; |
| michael@0 | 23 | </script> |
| michael@0 | 24 | <script nonce="correctstylenonce"> |
| michael@0 | 25 | document.getElementById("inline-script-correct-style-nonce").style.color = "rgb(255, 0, 0)"; |
| michael@0 | 26 | </script> |
| michael@0 | 27 | <script> |
| michael@0 | 28 | document.getElementById("inline-script-no-nonce").style.color = "rgb(255, 0, 0)"; |
| michael@0 | 29 | </script> |
| michael@0 | 30 | |
| michael@0 | 31 | <!-- external scripts --> |
| michael@0 | 32 | <script nonce="correctscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script> |
| michael@0 | 33 | <script nonce="anothercorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script> |
| michael@0 | 34 | <script nonce="incorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script> |
| michael@0 | 35 | <script nonce="correctstylenonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script> |
| michael@0 | 36 | <script src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script> |
| michael@0 | 37 | |
| michael@0 | 38 | <!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. --> |
| michael@0 | 39 | <script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script> |
| michael@0 | 40 | <!-- This external script has an incorrect nonce, but comes from a whitelisted URI. It should be allowed. --> |
| michael@0 | 41 | <script nonce="incorrectscriptnonce" src="file_CSP.sjs?testid=external_script_incorrect_nonce_correct_uri_good&type=text/javascript"></script> |
| michael@0 | 42 | <!-- This external script has no nonce and comes from a whitelisted URI. It should be allowed. --> |
| michael@0 | 43 | <script src="file_CSP.sjs?testid=external_script_no_nonce_correct_uri_good&type=text/javascript"></script> |
| michael@0 | 44 | |
| michael@0 | 45 | <!-- inline styles --> |
| michael@0 | 46 | <ol> |
| michael@0 | 47 | <li id=inline-style-correct-nonce> |
| michael@0 | 48 | (inline style with correct nonce) This text should be green |
| michael@0 | 49 | </li> |
| michael@0 | 50 | <li id=inline-style-incorrect-nonce> |
| michael@0 | 51 | (inline style with incorrect nonce) This text should be black |
| michael@0 | 52 | </li> |
| michael@0 | 53 | <li id=inline-style-correct-script-nonce> |
| michael@0 | 54 | (inline style with correct script, not style, nonce) This text should be black |
| michael@0 | 55 | </li> |
| michael@0 | 56 | <li id=inline-style-no-nonce> |
| michael@0 | 57 | (inline style with no nonce) This text should be black |
| michael@0 | 58 | </li> |
| michael@0 | 59 | </ol> |
| michael@0 | 60 | <style nonce=correctstylenonce> |
| michael@0 | 61 | li#inline-style-correct-nonce { color: green; } |
| michael@0 | 62 | </style> |
| michael@0 | 63 | <style nonce=incorrectstylenonce> |
| michael@0 | 64 | li#inline-style-incorrect-nonce { color: red; } |
| michael@0 | 65 | </style> |
| michael@0 | 66 | <style nonce=correctscriptnonce> |
| michael@0 | 67 | li#inline-style-correct-script-nonce { color: red; } |
| michael@0 | 68 | </style> |
| michael@0 | 69 | <style> |
| michael@0 | 70 | li#inline-style-no-nonce { color: red; } |
| michael@0 | 71 | </style> |
| michael@0 | 72 | </body> |
| michael@0 | 73 | </html> |
