The Tor Browser / file revision

content/base/test/csp/file_nonce_source.html@b8a032363ba2

content/base/test/csp/file_nonce_source.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 <!doctype html>

     2 <html>

     3   <head>

     4     <!-- external styles -->

     5     <link rel='stylesheet' nonce="correctstylenonce" href="file_CSP.sjs?testid=external_style_correct_nonce_good&type=text/css" />

     6     <link rel='stylesheet' nonce="incorrectstylenonce" href="file_CSP.sjs?testid=external_style_incorrect_nonce_bad&type=text/css" />

     7     <link rel='stylesheet' nonce="correctscriptnonce" href="file_CSP.sjs?testid=external_style_correct_script_nonce_bad&type=text/css" />

     8     <link rel='stylesheet' href="file_CSP.sjs?testid=external_style_no_nonce_bad&type=text/css" />

     9   </head>

    10   <body>

    11     <!-- inline scripts -->

    12     <ol>

    13       <li id="inline-script-correct-nonce">(inline script with correct nonce) This text should be green.</li>

    14       <li id="inline-script-incorrect-nonce">(inline script with incorrect nonce) This text should be black.</li>

    15       <li id="inline-script-correct-style-nonce">(inline script with correct nonce for styles, but not for scripts) This text should be black.</li>

    16       <li id="inline-script-no-nonce">(inline script with no nonce) This text should be black.</li>

    17     </ol>

    18     <script nonce="correctscriptnonce">

    19       document.getElementById("inline-script-correct-nonce").style.color = "rgb(0, 128, 0)";

    20     </script>

    21     <script nonce="incorrectscriptnonce">

    22       document.getElementById("inline-script-incorrect-nonce").style.color = "rgb(255, 0, 0)";

    23     </script>

    24     <script nonce="correctstylenonce">

    25       document.getElementById("inline-script-correct-style-nonce").style.color = "rgb(255, 0, 0)";

    26     </script>

    27     <script>

    28       document.getElementById("inline-script-no-nonce").style.color = "rgb(255, 0, 0)";

    29     </script>

    30 

    31     <!-- external scripts -->

    32     <script nonce="correctscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_nonce_good&type=text/javascript"></script>

    33     <script nonce="anothercorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_another_correct_nonce_good&type=text/javascript"></script>

    34     <script nonce="incorrectscriptnonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_incorrect_nonce_bad&type=text/javascript"></script>

    35     <script nonce="correctstylenonce" src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_correct_style_nonce_bad&type=text/javascript"></script>

    36     <script src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=external_script_no_nonce_bad&type=text/javascript"></script>

    37 

    38     <!-- This external script has the correct nonce and comes from a whitelisted URI. It should be allowed. -->

    39     <script nonce="correctscriptnonce" src="file_CSP.sjs?testid=external_script_correct_nonce_correct_uri_good&type=text/javascript"></script>

    40     <!-- This external script has an incorrect nonce, but comes from a whitelisted URI. It should be allowed. -->

    41     <script nonce="incorrectscriptnonce" src="file_CSP.sjs?testid=external_script_incorrect_nonce_correct_uri_good&type=text/javascript"></script>

    42     <!-- This external script has no nonce and comes from a whitelisted URI. It should be allowed. -->

    43     <script src="file_CSP.sjs?testid=external_script_no_nonce_correct_uri_good&type=text/javascript"></script>

    44 

    45     <!-- inline styles -->

    46     <ol>

    47       <li id=inline-style-correct-nonce>

    48         (inline style with correct nonce) This text should be green

    49       </li>

    50       <li id=inline-style-incorrect-nonce>

    51         (inline style with incorrect nonce) This text should be black

    52       </li>

    53       <li id=inline-style-correct-script-nonce>

    54         (inline style with correct script, not style, nonce) This text should be black

    55       </li>

    56       <li id=inline-style-no-nonce>

    57         (inline style with no nonce) This text should be black

    58       </li>

    59     </ol>

    60     <style nonce=correctstylenonce>

    61       li#inline-style-correct-nonce { color: green; }

    62     </style>

    63     <style nonce=incorrectstylenonce>

    64       li#inline-style-incorrect-nonce { color: red; }

    65     </style>

    66     <style nonce=correctscriptnonce>

    67       li#inline-style-correct-script-nonce { color: red; }

    68     </style>

    69     <style>

    70       li#inline-style-no-nonce { color: red; }

    71     </style>

    72   </body>

    73 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial