Add javascript navigations interop tests

https://github.com/w3c/webappsec-csp/issues/322 raises an interop issue It appears the issue itself has been fixed since but I've added these tests regardless to ensure there is no regression. Bug: 694525 Change-Id: Icb5502e228b3a96c176cbe23d5b4ce9c5c8640ab Reviewed-on: https://chromium-review.googlesource.com/c/1348054Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611643}

Add javascript navigations interop tests
https://github.com/w3c/webappsec-csp/issues/322 raises an interop issue It appears the issue itself has been fixed since but I've added these tests regardless to ensure there is no regression. Bug: 694525 Change-Id: Icb5502e228b3a96c176cbe23d5b4ce9c5c8640ab Reviewed-on: https://chromium-review.googlesource.com/c/1348054Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611643}
815f8883 · Andy Paicu · Commit Bot · ca00b242 · 815f8883 · 815f8883
Commit 815f8883 authored Nov 28, 2018 by Andy Paicu Committed by Commit Bot Nov 28, 2018
3 changed files
--- a/third_party/blink/web_tests/external/wpt/content-security-policy/navigation/support/frame-with-csp.sub.html
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/navigation/support/frame-with-csp.sub.html
+<meta http-equiv="Content-Security-Policy" content="{{GET[csp]}}">
+CHILD FRAME
--- a/third_party/blink/web_tests/external/wpt/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html
+<!DOCTYPE html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<iframe src="support/frame-with-csp.sub.html?csp=script-src%20%27self%27"></iframe>
+<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
+<script>
+  var t = async_test("Should have executed the javascript url");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "executed")
+      t.done();
+  });
+  window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have raised a violation event"));
+  document.getElementById('special_div').click();
+</script>
+</body>
--- a/third_party/blink/web_tests/external/wpt/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
+<!DOCTYPE html>
+<head>
+<meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-abc'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<iframe src="support/frame-with-csp.sub.html"></iframe>
+<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
+<script nonce='abc'>
+  var t = async_test("Should not have executed the javascript url");
+  window.onmessage = t.step_func(function(e) {
+    if (e.data == "executed")
+      assert_true(false, "Javascript url executed");
+  });
+  window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
+    assert_equals(e.blockedURI, 'inline');
+    assert_equals(e.violatedDirective, 'script-src-attr');
+  }));
+  document.getElementById('special_div').click();
+</script>
+</body>