The Tor Browser / file diff

diff: content/base/test/csp/file_nonce_source.html

content/base/test/csp/file_nonce_source.html

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/content/base/test/csp/file_nonce_source.html	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,73 @@
     1.4 +<!doctype html>
     1.5 +<html>
     1.6 +  <head>
     1.7 +    <!-- external styles -->
     1.8 +    <link rel='stylesheet' nonce="correctstylenonce" href="file_CSP.sjs?testid=external_style_correct_nonce_good&type=text/css" />
     1.9 +    <link rel='stylesheet' nonce="incorrectstylenonce" href="file_CSP.sjs?testid=external_style_incorrect_nonce_bad&type=text/css" />
    1.10 +    <link rel='stylesheet' nonce="correctscriptnonce" href="file_CSP.sjs?testid=external_style_correct_script_nonce_bad&type=text/css" />
    1.11 +    <link rel='stylesheet' href="file_CSP.sjs?testid=external_style_no_nonce_bad&type=text/css" />
    1.12 +  </head>
    1.13 +  <body>
    1.14 +    <!-- inline scripts -->
    1.15 +    <ol>
    1.16 +      <li id="inline-script-correct-nonce">(inline script with correct nonce) This text should be green.</li>
    1.17 +      <li id="inline-script-incorrect-nonce">(inline script with incorrect nonce) This text should be black.</li>
    1.18 +      <li id="inline-script-correct-style-nonce">(inline script with correct nonce for styles, but not for scripts) This text should be black.</li>
    1.19 +      <li id="inline-script-no-nonce">(inline script with no nonce) This text should be black.</li>
    1.20 +    </ol>
    1.21 +    <script nonce="correctscriptnonce">
    1.22 +      document.getElementById("inline-script-correct-nonce").style.color = "rgb(0, 128, 0)";
    1.23 +    </script>
    1.24 +    <script nonce="incorrectscriptnonce">
    1.25 +      document.getElementById("inline-script-incorrect-nonce").style.color = "rgb(255, 0, 0)";
    1.26 +    </script>
    1.27 +    <script nonce="correctstylenonce">
    1.28 +      document.getElementById("inline-script-correct-style-nonce").style.color = "rgb(255, 0, 0)";
    1.29 +    </script>
    1.30 +    <script>
    1.31 +      document.getElementById("inline-script-no-nonce").style.color = "rgb(255, 0, 0)";
    1.32 +    </script>
    1.33 +
    1.34 +    <!-- external scripts -->
    1.35 +    <script nonce="correctscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>
    1.36 +    <script nonce="anothercorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>
    1.37 +    <script nonce="incorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>
    1.38 +    <script nonce="correctstylenonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>
    1.39 +    <script src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>
    1.40 +
    1.41 +    <!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. -->
    1.42 +    <script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script>
    1.43 +    <!-- This external script has an incorrect nonce, but comes from a whitelisted URI. It should be allowed. -->
    1.44 +    <script nonce="incorrectscriptnonce" src="file_CSP.sjs?testid=external_script_incorrect_nonce_correct_uri_good&type=text/javascript"></script>
    1.45 +    <!-- This external script has no nonce and comes from a whitelisted URI. It should be allowed. -->
    1.46 +    <script src="file_CSP.sjs?testid=external_script_no_nonce_correct_uri_good&type=text/javascript"></script>
    1.47 +
    1.48 +    <!-- inline styles -->
    1.49 +    <ol>
    1.50 +      <li id=inline-style-correct-nonce>
    1.51 +        (inline style with correct nonce) This text should be green
    1.52 +      </li>
    1.53 +      <li id=inline-style-incorrect-nonce>
    1.54 +        (inline style with incorrect nonce) This text should be black
    1.55 +      </li>
    1.56 +      <li id=inline-style-correct-script-nonce>
    1.57 +        (inline style with correct script, not style, nonce) This text should be black
    1.58 +      </li>
    1.59 +      <li id=inline-style-no-nonce>
    1.60 +        (inline style with no nonce) This text should be black
    1.61 +      </li>
    1.62 +    </ol>
    1.63 +    <style nonce=correctstylenonce>
    1.64 +      li#inline-style-correct-nonce { color: green; }
    1.65 +    </style>
    1.66 +    <style nonce=incorrectstylenonce>
    1.67 +      li#inline-style-incorrect-nonce { color: red; }
    1.68 +    </style>
    1.69 +    <style nonce=correctscriptnonce>
    1.70 +      li#inline-style-correct-script-nonce { color: red; }
    1.71 +    </style>
    1.72 +    <style>
    1.73 +      li#inline-style-no-nonce { color: red; }
    1.74 +    </style>
    1.75 +  </body>
    1.76 +</html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial