LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests-expected.txt - WebKit - Git at Google

 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-dummy''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''d&mmy''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/Vet2Rva6wwsny8xybL+=bQal0Gtf0FZW7EOVqqg+Hna=''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA===''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-'. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-#''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-abc&=''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-abc&==''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-LyogVGhpcyBpcyBhIGxvbmcgY29tbWVudCB0aGF0IHdpbGwgYmUgZW5jb2RlZCB1c2luZyBCYXNlNjQgdG8gcHJvZHVjZSBhbiBlbmNvZGVkIHN0cmluZyBvdXRwdXQgdGhhdCBpcyBsb25nZXIgdGhhbiBhIFNlY3VyZSBIYXNoIEFsZ29yaXRobS01MTIgZGlnZXN0LiAqLw==''. It will be ignored.
 CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
 This tests that script hashes work and conform to the Content Security Policy 2.0 specification.

 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


 PASS "Base64 encoded SHA-256 hash" did run inline script.
 PASS "Base64 encoded SHA-256 hash with mixed case prefix" did run inline script.
 PASS "Base64url encoded SHA-256 hash" did run inline script.
 PASS "Base64 encoded SHA-384 hash" did run inline script.
 PASS "Base64url encoded SHA-384 hash" did run inline script.
 PASS "Base64 encoded SHA-512 hash" did run inline script.
 PASS "Base64url encoded SHA-512 hash" did run inline script.
 PASS "Script that contains HTML entity &gt;" did run inline script.
 PASS "Script that contains Unicode code point U+00C5" did run inline script.
 PASS "Unicode code point U+00C5 is not equivalent to U+212B" did not run inline script.
 PASS "Big-5 page with Big-5 hash" did not run inline script.
 PASS "Big-5 page with UTF-8 hash" did not run inline script.
 PASS "Hash source with invalid prefix" did not run inline script.
 PASS "Invalid prefix" did not run inline script.
 PASS "Invalid hash and no prefix" did not run inline script.
 PASS "Hash without prefix" did not run inline script.
 PASS "SHA-256 hash with SHA-384 prefix" did not run inline script.
 PASS "SHA-256 hash with SHA-512 prefix" did not run inline script.
 PASS "Malformed SHA-256 hash (equal sign in disallowed position)" did not run inline script.
 PASS "SHA-256 hash with one extraneous equal sign" did run inline script.
 PASS "SHA-256 hash with two extraneous equal signs" did not run inline script.
 PASS "Malformed hash source" did not run inline script.
 PASS "Hash source without hash" did not run inline script.
 PASS "Hash source without invalid hash" did not run inline script.
 PASS "Hash source without invalid hash2" did not run inline script.
 PASS "Hash source without invalid hash3" did not run inline script.
 PASS "Hash that is larger that 64 bytes" did not run inline script.
 PASS successfullyParsed is true

 TEST COMPLETE
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-dummy''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''d&mmy''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/Vet2Rva6wwsny8xybL+=bQal0Gtf0FZW7EOVqqg+Hna=''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA===''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-'. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-#''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-abc&=''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-abc&==''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-LyogVGhpcyBpcyBhIGxvbmcgY29tbWVudCB0aGF0IHdpbGwgYmUgZW5jb2RlZCB1c2luZyBCYXNlNjQgdG8gcHJvZHVjZSBhbiBlbmNvZGVkIHN0cmluZyBvdXRwdXQgdGhhdCBpcyBsb25nZXIgdGhhbiBhIFNlY3VyZSBIYXNoIEFsZ29yaXRobS01MTIgZGlnZXN0LiAqLw==''. It will be ignored.
	CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
	This tests that script hashes work and conform to the Content Security Policy 2.0 specification.

	On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


	PASS "Base64 encoded SHA-256 hash" did run inline script.
	PASS "Base64 encoded SHA-256 hash with mixed case prefix" did run inline script.
	PASS "Base64url encoded SHA-256 hash" did run inline script.
	PASS "Base64 encoded SHA-384 hash" did run inline script.
	PASS "Base64url encoded SHA-384 hash" did run inline script.
	PASS "Base64 encoded SHA-512 hash" did run inline script.
	PASS "Base64url encoded SHA-512 hash" did run inline script.
	PASS "Script that contains HTML entity >" did run inline script.
	PASS "Script that contains Unicode code point U+00C5" did run inline script.
	PASS "Unicode code point U+00C5 is not equivalent to U+212B" did not run inline script.
	PASS "Big-5 page with Big-5 hash" did not run inline script.
	PASS "Big-5 page with UTF-8 hash" did not run inline script.
	PASS "Hash source with invalid prefix" did not run inline script.
	PASS "Invalid prefix" did not run inline script.
	PASS "Invalid hash and no prefix" did not run inline script.
	PASS "Hash without prefix" did not run inline script.
	PASS "SHA-256 hash with SHA-384 prefix" did not run inline script.
	PASS "SHA-256 hash with SHA-512 prefix" did not run inline script.
	PASS "Malformed SHA-256 hash (equal sign in disallowed position)" did not run inline script.
	PASS "SHA-256 hash with one extraneous equal sign" did run inline script.
	PASS "SHA-256 hash with two extraneous equal signs" did not run inline script.
	PASS "Malformed hash source" did not run inline script.
	PASS "Hash source without hash" did not run inline script.
	PASS "Hash source without invalid hash" did not run inline script.
	PASS "Hash source without invalid hash2" did not run inline script.
	PASS "Hash source without invalid hash3" did not run inline script.
	PASS "Hash that is larger that 64 bytes" did not run inline script.
	PASS successfullyParsed is true

	TEST COMPLETE