The Tor Browser / file diff

diff: content/base/test/csp/file_hash_source.html

content/base/test/csp/file_hash_source.html

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/content/base/test/csp/file_hash_source.html	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,65 @@
     1.4 +<!doctype html>
     1.5 +<html>
     1.6 +  <body>
     1.7 +    <!-- inline scripts -->
     1.8 +    <p id="inline-script-valid-hash">blocked</p>
     1.9 +    <p id="inline-script-invalid-hash">blocked</p>
    1.10 +    <p id="inline-script-invalid-hash-valid-nonce">blocked</p>
    1.11 +    <p id="inline-script-valid-hash-invalid-nonce">blocked</p>
    1.12 +    <p id="inline-script-invalid-hash-invalid-nonce">blocked</p>
    1.13 +    <p id="inline-script-valid-sha512-hash">blocked</p>
    1.14 +    <p id="inline-script-valid-sha384-hash">blocked</p>
    1.15 +    <p id="inline-script-valid-sha1-hash">blocked</p>
    1.16 +    <p id="inline-script-valid-md5-hash">blocked</p>
    1.17 +
    1.18 +    <!-- 'sha256-siVR8vAcqP06h2ppeNwqgjr0yZ6yned4X2VF84j4GmI=' (in policy) -->
    1.19 +    <script>document.getElementById("inline-script-valid-hash").innerHTML = "allowed";</script>
    1.20 +    <!-- 'sha256-cYPTF2pm0QeyDtbmJ3+xi00o2Rxrw7vphBoHgOg9EnQ=' (not in policy) -->
    1.21 +    <script>document.getElementById("inline-script-invalid-hash").innerHTML = "allowed";</script>
    1.22 +    <!-- 'sha256-SKtBKyfeMjBpOujES0etR9t/cklbouJu/3T4PXnjbIo=' (not in policy) -->
    1.23 +    <script nonce="jPRxvuRHbiQnCWVuoCMAvQ==">document.getElementById("inline-script-invalid-hash-valid-nonce").innerHTML = "allowed";</script>
    1.24 +    <!-- 'sha256-z7rzCkbOJqi08lga3CVQ3b+3948ZbJWaSxsBs8zPliE=' -->
    1.25 +    <script nonce="foobar">document.getElementById("inline-script-valid-hash-invalid-nonce").innerHTML = "allowed";</script>
    1.26 +    <!-- 'sha256-E5TX2PmYZ4YQOK/F3XR1wFcvFjbO7QHMmxHTT/18LbE=' (not in policy) -->
    1.27 +    <script nonce="foobar">document.getElementById("inline-script-invalid-hash-invalid-nonce").innerHTML = "allowed";</script>
    1.28 +    <!-- 'sha512-tMLuv22jJ5RHkvLNlv0otvA2fgw6PF16HKu6wy0ZDQ3M7UKzoygs1uxIMSfjMttgWrB5WRvIr35zrTZppMYBVw==' (in policy) -->
    1.29 +    <script>document.getElementById("inline-script-valid-sha512-hash").innerHTML = "allowed";</script>
    1.30 +    <!-- 'sha384-XjAD+FxZfipkxna4id1JrR2QP6OYUZfAxpn9+yHOmT1VSLVa9SQR/dz7CEb7jw7w' (in policy) -->
    1.31 +    <script>document.getElementById("inline-script-valid-sha384-hash").innerHTML = "allowed";</script>
    1.32 +    <!-- 'sha1-LHErkMxKGcSpa/znpzmKYkKnI30=' (in policy) -->
    1.33 +    <script>document.getElementById("inline-script-valid-sha1-hash").innerHTML = "allowed";</script>
    1.34 +    <!-- 'md5-/m4wX3YU+IHs158KwKOBWg==' (in policy) -->
    1.35 +    <script>document.getElementById("inline-script-valid-md5-hash").innerHTML = "allowed";</script>
    1.36 +
    1.37 +    <!-- inline styles -->
    1.38 +    <p id="inline-style-valid-hash"></p>
    1.39 +    <p id="inline-style-invalid-hash"></p>
    1.40 +    <p id="inline-style-invalid-hash-valid-nonce"></p>
    1.41 +    <p id="inline-style-valid-hash-invalid-nonce"></p>
    1.42 +    <p id="inline-style-invalid-hash-invalid-nonce"></p>
    1.43 +    <p id="inline-style-valid-sha512-hash"></p>
    1.44 +    <p id="inline-style-valid-sha384-hash"></p>
    1.45 +    <p id="inline-style-valid-sha1-hash"></p>
    1.46 +    <p id="inline-style-valid-md5-hash"></p>
    1.47 +
    1.48 +    <!-- 'sha256-UpNH6x+Ux99QTW1fJikQsVbBERJruIC98et0YDVKKHQ=' (in policy) -->
    1.49 +    <style>p#inline-style-valid-hash { color: green; }</style>
    1.50 +    <!-- 'sha256-+TYxTx+bsfTDdivWLZUwScEYyxuv6lknMbNjrgGBRZo=' (not in policy) -->
    1.51 +    <style>p#inline-style-invalid-hash { color: red; }</style>
    1.52 +    <!-- 'sha256-U+9UPC/CFzz3QuOrl5q3KCVNngOYWuIkE2jK6Ir0Mbs=' (not in policy) -->
    1.53 +    <style nonce="ftL2UbGHlSEaZTLWMwtA5Q==">p#inline-style-invalid-hash-valid-nonce { color: green; }</style>
    1.54 +    <!-- 'sha256-0IPbWW5IDJ/juvETq60oTnhC+XzOqdYp5/UBsBKCaOY=' (in policy) -->
    1.55 +    <style nonce="foobar">p#inline-style-valid-hash-invalid-nonce { color: green; }</style>
    1.56 +    <!-- 'sha256-KaHZgPd4nC4S8BVLT/9WjzdPDtunGWojR83C2whbd50=' (not in policy) -->
    1.57 +    <style nonce="foobar">p#inline-style-invalid-hash-invalid-nonce { color: red; }</style>
    1.58 +    <!-- 'sha512-EpcDbSuvFv0HIyKtU5tQMN7UtBMeEbljz1dWPfy7PNCa1RYdHKwdJWT1tie41evq/ZUL1rzadSVdEzq3jl6Twg==' (in policy) -->
    1.59 +    <style>p#inline-style-valid-sha512-hash { color: green; }</style>
    1.60 +    <!-- 'sha384-c5W8ON4WyeA2zEOGdrOGhRmRYI8+2UzUUmhGQFjUFP6yiPZx9FGEV3UOiQ+tIshF' (in policy) -->
    1.61 +    <style>p#inline-style-valid-sha384-hash { color: green; }</style>
    1.62 +    <!-- 'sha1-T/+b4sxCIiJxDr6XS9dAEyHKt2M=' (in policy) -->
    1.63 +    <style>p#inline-style-valid-sha1-hash { color: red; }</style>
    1.64 +    <!-- 'md5-oNrgrtzOZduwDYYi1yo12g==' (in policy) -->
    1.65 +    <style>p#inline-style-valid-md5-hash { color: red; }</style>
    1.66 +
    1.67 +  </body>
    1.68 +</html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial