The Tor Browser / file revision

content/base/test/csp/file_hash_source.html@b8a032363ba2

content/base/test/csp/file_hash_source.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 <!doctype html>

     2 <html>

     3   <body>

     4     <!-- inline scripts -->

     5     <p id="inline-script-valid-hash">blocked</p>

     6     <p id="inline-script-invalid-hash">blocked</p>

     7     <p id="inline-script-invalid-hash-valid-nonce">blocked</p>

     8     <p id="inline-script-valid-hash-invalid-nonce">blocked</p>

     9     <p id="inline-script-invalid-hash-invalid-nonce">blocked</p>

    10     <p id="inline-script-valid-sha512-hash">blocked</p>

    11     <p id="inline-script-valid-sha384-hash">blocked</p>

    12     <p id="inline-script-valid-sha1-hash">blocked</p>

    13     <p id="inline-script-valid-md5-hash">blocked</p>

    14 

    15     <!-- 'sha256-siVR8vAcqP06h2ppeNwqgjr0yZ6yned4X2VF84j4GmI=' (in policy) -->

    16     <script>document.getElementById("inline-script-valid-hash").innerHTML = "allowed";</script>

    17     <!-- 'sha256-cYPTF2pm0QeyDtbmJ3+xi00o2Rxrw7vphBoHgOg9EnQ=' (not in policy) -->

    18     <script>document.getElementById("inline-script-invalid-hash").innerHTML = "allowed";</script>

    19     <!-- 'sha256-SKtBKyfeMjBpOujES0etR9t/cklbouJu/3T4PXnjbIo=' (not in policy) -->

    20     <script nonce="jPRxvuRHbiQnCWVuoCMAvQ==">document.getElementById("inline-script-invalid-hash-valid-nonce").innerHTML = "allowed";</script>

    21     <!-- 'sha256-z7rzCkbOJqi08lga3CVQ3b+3948ZbJWaSxsBs8zPliE=' -->

    22     <script nonce="foobar">document.getElementById("inline-script-valid-hash-invalid-nonce").innerHTML = "allowed";</script>

    23     <!-- 'sha256-E5TX2PmYZ4YQOK/F3XR1wFcvFjbO7QHMmxHTT/18LbE=' (not in policy) -->

    24     <script nonce="foobar">document.getElementById("inline-script-invalid-hash-invalid-nonce").innerHTML = "allowed";</script>

    25     <!-- 'sha512-tMLuv22jJ5RHkvLNlv0otvA2fgw6PF16HKu6wy0ZDQ3M7UKzoygs1uxIMSfjMttgWrB5WRvIr35zrTZppMYBVw==' (in policy) -->

    26     <script>document.getElementById("inline-script-valid-sha512-hash").innerHTML = "allowed";</script>

    27     <!-- 'sha384-XjAD+FxZfipkxna4id1JrR2QP6OYUZfAxpn9+yHOmT1VSLVa9SQR/dz7CEb7jw7w' (in policy) -->

    28     <script>document.getElementById("inline-script-valid-sha384-hash").innerHTML = "allowed";</script>

    29     <!-- 'sha1-LHErkMxKGcSpa/znpzmKYkKnI30=' (in policy) -->

    30     <script>document.getElementById("inline-script-valid-sha1-hash").innerHTML = "allowed";</script>

    31     <!-- 'md5-/m4wX3YU+IHs158KwKOBWg==' (in policy) -->

    32     <script>document.getElementById("inline-script-valid-md5-hash").innerHTML = "allowed";</script>

    33 

    34     <!-- inline styles -->

    35     <p id="inline-style-valid-hash"></p>

    36     <p id="inline-style-invalid-hash"></p>

    37     <p id="inline-style-invalid-hash-valid-nonce"></p>

    38     <p id="inline-style-valid-hash-invalid-nonce"></p>

    39     <p id="inline-style-invalid-hash-invalid-nonce"></p>

    40     <p id="inline-style-valid-sha512-hash"></p>

    41     <p id="inline-style-valid-sha384-hash"></p>

    42     <p id="inline-style-valid-sha1-hash"></p>

    43     <p id="inline-style-valid-md5-hash"></p>

    44 

    45     <!-- 'sha256-UpNH6x+Ux99QTW1fJikQsVbBERJruIC98et0YDVKKHQ=' (in policy) -->

    46     <style>p#inline-style-valid-hash { color: green; }</style>

    47     <!-- 'sha256-+TYxTx+bsfTDdivWLZUwScEYyxuv6lknMbNjrgGBRZo=' (not in policy) -->

    48     <style>p#inline-style-invalid-hash { color: red; }</style>

    49     <!-- 'sha256-U+9UPC/CFzz3QuOrl5q3KCVNngOYWuIkE2jK6Ir0Mbs=' (not in policy) -->

    50     <style nonce="ftL2UbGHlSEaZTLWMwtA5Q==">p#inline-style-invalid-hash-valid-nonce { color: green; }</style>

    51     <!-- 'sha256-0IPbWW5IDJ/juvETq60oTnhC+XzOqdYp5/UBsBKCaOY=' (in policy) -->

    52     <style nonce="foobar">p#inline-style-valid-hash-invalid-nonce { color: green; }</style>

    53     <!-- 'sha256-KaHZgPd4nC4S8BVLT/9WjzdPDtunGWojR83C2whbd50=' (not in policy) -->

    54     <style nonce="foobar">p#inline-style-invalid-hash-invalid-nonce { color: red; }</style>

    55     <!-- 'sha512-EpcDbSuvFv0HIyKtU5tQMN7UtBMeEbljz1dWPfy7PNCa1RYdHKwdJWT1tie41evq/ZUL1rzadSVdEzq3jl6Twg==' (in policy) -->

    56     <style>p#inline-style-valid-sha512-hash { color: green; }</style>

    57     <!-- 'sha384-c5W8ON4WyeA2zEOGdrOGhRmRYI8+2UzUUmhGQFjUFP6yiPZx9FGEV3UOiQ+tIshF' (in policy) -->

    58     <style>p#inline-style-valid-sha384-hash { color: green; }</style>

    59     <!-- 'sha1-T/+b4sxCIiJxDr6XS9dAEyHKt2M=' (in policy) -->

    60     <style>p#inline-style-valid-sha1-hash { color: red; }</style>

    61     <!-- 'md5-oNrgrtzOZduwDYYi1yo12g==' (in policy) -->

    62     <style>p#inline-style-valid-md5-hash { color: red; }</style>

    63 

    64   </body>

    65 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial