| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta charset="utf-8"> |
| <script src="/js-test-resources/testharness.js"></script> |
| <script src="/js-test-resources/testharnessreport.js"></script> |
| <script src="resources/sri-utilities.js"></script> |
| </head> |
| <body> |
| <div id="log"></div> |
| <div id="container"></div> |
| <script> |
| |
| var main_host = '127.0.0.1'; |
| var remote_host = 'localhost'; |
| var port_string = "8000"; |
| var main_host_and_port = main_host + ':' + port_string; |
| var remote_host_and_port = remote_host + ':' + port_string; |
| |
| var crossorigin_anon_style = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-anon-style.css?'; |
| var crossorigin_creds_style = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-creds-style.css?'; |
| var crossorigin_ineligible_style = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-ineligible-style.css?'; |
| |
| // Style tests from web-platform-tests/subresource-integrity |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct sha256 hash", |
| { |
| href: "resources/style.css?1", |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct sha384 hash", |
| { |
| href: "resources/style.css?2", |
| integrity: "sha384-wDAWxH4tOWBwAwHfBn9B7XuNmFxHTMeigAMwn0iVQ0zq3FtmYMLxihcGnU64CwcX" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct sha512 hash", |
| { |
| href: "resources/style.css?3", |
| integrity: "sha512-9wXDjd6Wq3H6nPAhI9zOvG7mJkUr03MTxaO+8ztTKnfJif42laL93Be/IF6YYZHHF4esitVYxiwpY2HSZX4l6w==" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with empty integrity", |
| { |
| href: "resources/style.css?4", |
| integrity: "" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "Same-origin with incorrect hash.", |
| { |
| href: "resources/style.css?5", |
| integrity: "sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with multiple sha256 hashes, including correct.", |
| { |
| href: "resources/style.css?6", |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4= sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with multiple sha256 hashes, including unknown algorithm.", |
| { |
| href: "resources/style.css?7", |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4= foo666-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with sha256 mismatch, sha512 match", |
| { |
| href: "resources/style.css?8", |
| integrity: "sha512-9wXDjd6Wq3H6nPAhI9zOvG7mJkUr03MTxaO+8ztTKnfJif42laL93Be/IF6YYZHHF4esitVYxiwpY2HSZX4l6w== sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "Same-origin with sha256 match, sha512 mismatch", |
| { |
| href: "resources/style.css?9", |
| integrity: "sha512-deadbeef9wXDjd6Wq3H6nPAhI9zOvG7mJkUr03MTxaO+8ztTKnfJif42laL93Be/IF6YYZHHF4esitVYxiwpY2== sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "<crossorigin='anonymous'> with correct hash, ACAO: *", |
| { |
| href: crossorigin_anon_style + '&1', |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=", |
| crossorigin: "anonymous" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "<crossorigin='anonymous'> with incorrect hash, ACAO: *", |
| { |
| href: crossorigin_anon_style + '&2', |
| integrity: "sha256-deadbeefCzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk=", |
| crossorigin: "anonymous" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "<crossorigin='use-credentials'> with correct hash, CORS-eligible", |
| { |
| href: crossorigin_creds_style + '&1', |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=", |
| crossorigin: "use-credentials" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "<crossorigin='use-credentials'> with incorrect hash CORS-eligible", |
| { |
| href: crossorigin_creds_style + '&2', |
| integrity: "sha256-deadbeefCzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk=", |
| crossorigin: "use-credentials" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "<crossorigin='anonymous'> with CORS-ineligible resource", |
| { |
| href: crossorigin_ineligible_style + '&1', |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=", |
| crossorigin: "anonymous" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "Cross-origin, not CORS request, with correct hash", |
| { |
| href: crossorigin_anon_style + '&3', |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=" |
| } |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "Cross-origin, not CORS request, with hash mismatch", |
| { |
| href: crossorigin_anon_style + '&4', |
| integrity: "sha256-deadbeefCzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk=" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Cross-origin, empty integrity", |
| { |
| href: crossorigin_anon_style + '&5', |
| integrity: "" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct hash, options.", |
| { |
| href: "resources/style.css?10", |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=?foo=bar?spam=eggs" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with unknown algorithm only.", |
| { |
| href: "resources/style.css?11", |
| integrity: "foo666-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=?foo=bar?spam=eggs" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct sha256 hash, rel='stylesheet license'", |
| { |
| href: "resources/style.css?12", |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=", |
| rel: "stylesheet license" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct sha256 hash, rel='license stylesheet'", |
| { |
| href: "resources/style.css?13", |
| integrity: "sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=", |
| rel: "license stylesheet" |
| } |
| ); |
| |
| new SRIStyleTest( |
| true, |
| "Same-origin with correct sha256 and sha512 hash, rel='alternate stylesheet' enabled", |
| { |
| href: "resources/alternate.css?1", |
| title: "alt", |
| type: "text/css", |
| class: "alternate", |
| disabled: "disabled", |
| rel: "alternate stylesheet", |
| integrity: "sha256-phbz83bWhnLig+d2VPKrRrTRyhqoDRo1ruGqZLZ0= sha512-8OYEB7ktnzcb6h+kB9CUIuc8qvKIyLpygRJdQSEEycRy74dUsB+Yu9rSjpOPjRUblle8WWX9Gn7v39LK2Oceig==", |
| }, |
| function (link, container) { |
| var alternate = document.querySelector('link.alternate'); |
| alternate.disabled = false; |
| }, |
| "rgb(255, 0, 0)" |
| ); |
| |
| new SRIStyleTest( |
| false, |
| "Same-origin with incorrect sha256 and sha512 hash, rel='alternate stylesheet' enabled", |
| { |
| href: "resources/alternate.css?2", |
| title: "alt", |
| type: "text/css", |
| class: "alternate", |
| disabled: "disabled", |
| rel: "alternate stylesheet", |
| integrity: "sha256-fail83bWhnLig+d2VPKrRrTRyhqoDRo1ruGqZLZ0= sha512-failB7ktnzcb6h+kB9CUIuc8qvKIyLpygRJdQSEEycRy74dUsB+Yu9rSjpOPjRUblle8WWX9Gn7v39LK2Oceig==", |
| }, |
| function (link, container) { |
| var alternate = document.querySelector('link.alternate'); |
| alternate.disabled = false; |
| } |
| ); |
| |
| SRITests.execute(); |
| |
| </script> |
| </body> |
| </html> |
