The Tor Browser / file comparison
comparison: content/base/test/csp/file_nonce_source.html
content/base/test/csp/file_nonce_source.html
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:733127b17c0a |
|---|---|
| 1 <!doctype html> | |
| 2 <html> | |
| 3 <head> | |
| 4 <!-- external styles --> | |
| 5 <link rel='stylesheet' nonce="correctstylenonce" href="file_CSP.sjs?testid=external_style_correct_nonce_good&type=text/css" /> | |
| 6 <link rel='stylesheet' nonce="incorrectstylenonce" href="file_CSP.sjs?testid=external_style_incorrect_nonce_bad&type=text/css" /> | |
| 7 <link rel='stylesheet' nonce="correctscriptnonce" href="file_CSP.sjs?testid=external_style_correct_script_nonce_bad&type=text/css" /> | |
| 8 <link rel='stylesheet' href="file_CSP.sjs?testid=external_style_no_nonce_bad&type=text/css" /> | |
| 9 </head> | |
| 10 <body> | |
| 11 <!-- inline scripts --> | |
| 12 <ol> | |
| 13 <li id="inline-script-correct-nonce">(inline script with correct nonce) This text should be green.</li> | |
| 14 <li id="inline-script-incorrect-nonce">(inline script with incorrect nonce) This text should be black.</li> | |
| 15 <li id="inline-script-correct-style-nonce">(inline script with correct nonce for styles, but not for scripts) This text should be black.</li> | |
| 16 <li id="inline-script-no-nonce">(inline script with no nonce) This text should be black.</li> | |
| 17 </ol> | |
| 18 <script nonce="correctscriptnonce"> | |
| 19 document.getElementById("inline-script-correct-nonce").style.color = "rgb(0, 128, 0)"; | |
| 20 </script> | |
| 21 <script nonce="incorrectscriptnonce"> | |
| 22 document.getElementById("inline-script-incorrect-nonce").style.color = "rgb(255, 0, 0)"; | |
| 23 </script> | |
| 24 <script nonce="correctstylenonce"> | |
| 25 document.getElementById("inline-script-correct-style-nonce").style.color = "rgb(255, 0, 0)"; | |
| 26 </script> | |
| 27 <script> | |
| 28 document.getElementById("inline-script-no-nonce").style.color = "rgb(255, 0, 0)"; | |
| 29 </script> | |
| 30 | |
| 31 <!-- external scripts --> | |
| 32 <script nonce="correctscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script> | |
| 33 <script nonce="anothercorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script> | |
| 34 <script nonce="incorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script> | |
| 35 <script nonce="correctstylenonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script> | |
| 36 <script src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script> | |
| 37 | |
| 38 <!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. --> | |
| 39 <script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script> | |
| 40 <!-- This external script has an incorrect nonce, but comes from a whitelisted URI. It should be allowed. --> | |
| 41 <script nonce="incorrectscriptnonce" src="file_CSP.sjs?testid=external_script_incorrect_nonce_correct_uri_good&type=text/javascript"></script> | |
| 42 <!-- This external script has no nonce and comes from a whitelisted URI. It should be allowed. --> | |
| 43 <script src="file_CSP.sjs?testid=external_script_no_nonce_correct_uri_good&type=text/javascript"></script> | |
| 44 | |
| 45 <!-- inline styles --> | |
| 46 <ol> | |
| 47 <li id=inline-style-correct-nonce> | |
| 48 (inline style with correct nonce) This text should be green | |
| 49 </li> | |
| 50 <li id=inline-style-incorrect-nonce> | |
| 51 (inline style with incorrect nonce) This text should be black | |
| 52 </li> | |
| 53 <li id=inline-style-correct-script-nonce> | |
| 54 (inline style with correct script, not style, nonce) This text should be black | |
| 55 </li> | |
| 56 <li id=inline-style-no-nonce> | |
| 57 (inline style with no nonce) This text should be black | |
| 58 </li> | |
| 59 </ol> | |
| 60 <style nonce=correctstylenonce> | |
| 61 li#inline-style-correct-nonce { color: green; } | |
| 62 </style> | |
| 63 <style nonce=incorrectstylenonce> | |
| 64 li#inline-style-incorrect-nonce { color: red; } | |
| 65 </style> | |
| 66 <style nonce=correctscriptnonce> | |
| 67 li#inline-style-correct-script-nonce { color: red; } | |
| 68 </style> | |
| 69 <style> | |
| 70 li#inline-style-no-nonce { color: red; } | |
| 71 </style> | |
| 72 </body> | |
| 73 </html> |
