[wpt-sync] Sync PR 27961 - CSP: Enhance WPTs to check inline and eval blockedURIs
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox88 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 27961 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/27961
Details from upstream follow.
b'Antonio Sartori <antoniosartori@chromium.org>' wrote:
CSP: Enhance WPTs to check inline and eval blockedURIs
This adds a few assertions to Web Platform Tests for Content Security
Policies checking if inline script execution and eval are allowed, so
that they also ensure that the blockedURI in the CSP violation matches
'inline' or 'eval'.Bug: 563976
Change-Id: Ie2b93fe838768703e652dcfd5bd25b1334abcf57
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2743762
Auto-Submit: Antonio Sartori \<antoniosartori@chromium.org>
Reviewed-by: Arthur Sonzogni \<arthursonzogni@chromium.org>
Commit-Queue: Antonio Sartori \<antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#862765}
|
Assignee | |
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 1•3 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=92048753527c5d5e5c8b0d22647274fc36dc3708
|
|
Assignee | |
Comment 2•3 years ago
|
||
CI Results
Ran 15 Firefox configurations based on mozilla-central, and Firefox, and Chrome on GitHub CI
Total 3 tests and 1 subtests
Status Summary
Firefox
OK : 2[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt] 3[GitHub]
PASS: 3
FAIL: 1
Chrome
OK : 3
PASS: 4
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
/content-security-policy/script-src/injected-inline-script-blocked.sub.html: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt] (Chrome: OK)
Expecting logs: ["violated-directive=script-src-elem","blocked-uri=inline"]: FAIL (Chrome: PASS)
Tests Disabled in Gecko Infrastructure
/content-security-policy/script-src/injected-inline-script-blocked.sub.html: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt] (Chrome: OK)
|
|
Assignee | |
Updated•3 years ago
|
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/81d2cff5070b [wpt PR 27961] - CSP: Enhance WPTs to check inline and eval blockedURIs, a=testonly
|
|
Assignee | |
Updated•3 years ago
|
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
Description
•