LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py - WebKit - Git at Google

 #!/usr/bin/env python3

 import os
 import sys
 from urllib.parse import parse_qs

 query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
 csp = query.get('csp', [None])[0]
 typ = query.get('type', [''])[0]

 sys.stdout.write(
     'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
     'Cache-Control: no-cache, must-revalidate\r\n'
     'Pragma: no-cache\r\n'
     'Content-Type: text/javascript\r\n'
 )

 if csp is not None:
     sys.stdout.write('Content-Security-Policy: {}\r\n'.format(csp))
 elif typ == 'multiple-headers':
     sys.stdout.write(
         'Content-Security-Policy: connect-src \'none\'\r\n'
         'Content-Security-Policy: script-src \'self\'\r\n'
     )

 sys.stdout.write('\r\n')

 if typ == 'eval':
     sys.stdout.write(
         'var id = 0;\n'
         'try {\n'
         '  id = eval("1 + 2 + 3");\n'
         '}\n'
         '  catch (e) {\n'
         '}\n'
         '\n'
         'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
     )

 elif typ == 'function-function':
     sys.stdout.write(
         'var fn = function() {\n'
         '    postMessage(\'Function() function blocked\');\n'
         '}\n'
         'try {\n'
         '    fn = new Function("", "postMessage(\'Function() function allowed\');");\n'
         '}\n'
         'catch(e) {\n'
         '}\n'
         'fn();\n'
     )

 elif typ == 'importscripts':
     sys.stdout.write(
         'try {\n'
         '    importScripts("http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js");\n'
         '    postMessage("importScripts allowed");\n'
         '} catch(e) {\n'
         '    postMessage("importScripts blocked: " + e);\n'
         '}\n'
     )

 elif typ == 'make-xhr':
     sys.stdout.write(
         'var xhr = new XMLHttpRequest;\n'
         'xhr.addEventListener("load", function () {\n'
         '    postMessage("xhr allowed");\n'
         '});\n'
         'xhr.addEventListener("error", function () {\n'
         '    postMessage("xhr blocked");\n'
         '});\n'
         'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
         'xhr.send();\n'
     )

 elif typ == 'set-timeout':
     sys.stdout.write(
         'var id = 0;\n'
         'try {\n'
         '    id = setTimeout("postMessage(\'handler invoked\')", 100);\n'
         '} catch(e) {\n'
         '}\n'
         'postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");\n'
     )

 elif typ == 'post-message-pass':
     sys.stdout.write('postMessage("PASS");')

 elif typ == 'report-referrer':
     sys.stdout.write(
         'var xhr = new XMLHttpRequest;\n'
         'xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.py", true);\n'
         'xhr.onload = function () {\n'
         '    postMessage(this.responseText);\n'
         '};\n'
         'xhr.send();\n'
     )

 elif typ == 'shared-report-referrer':
     sys.stdout.write(
         'onconnect = function (e) {\n'
         '    var port = e.ports[0];\n'
         '    var xhr = new XMLHttpRequest;\n'
         '    xhr.open(\n'
         '        "GET",\n'
         '        "http://127.0.0.1:8000/security/resources/echo-referrer-header.py",\n'
         '        true);\n'
         '    xhr.onload = function () {\n'
         '        port.postMessage(this.responseText);\n'
         '    };\n'
         '    xhr.send();\n'
         '};\n'
     )

 elif typ == 'multiple-headers':
     sys.stdout.write(
         'var xhr = new XMLHttpRequest;\n'
         'xhr.addEventListener("load", function () {\n'
         '    postMessage("xhr allowed");\n'
         '});\n'
         'xhr.addEventListener("error", function () {\n'
         '    postMessage("xhr blocked");\n'
         '});\n'
         'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
         'xhr.send();\n'
         '\n'
         'var id = 0;\n'
         'try {\n'
         '  id = eval("1 + 2 + 3");\n'
         '}\n'
         'catch (e) {\n'
         '}\n'
         '\n'
         'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
     )
	#!/usr/bin/env python3

	import os
	import sys
	from urllib.parse import parse_qs

	query = parse_qs(os.environ.get('QUERY_STRING', ''), keep_blank_values=True)
	csp = query.get('csp', [None])[0]
	typ = query.get('type', [''])[0]

	sys.stdout.write(
	'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
	'Cache-Control: no-cache, must-revalidate\r\n'
	'Pragma: no-cache\r\n'
	'Content-Type: text/javascript\r\n'
	)

	if csp is not None:
	sys.stdout.write('Content-Security-Policy: {}\r\n'.format(csp))
	elif typ == 'multiple-headers':
	sys.stdout.write(
	'Content-Security-Policy: connect-src \'none\'\r\n'
	'Content-Security-Policy: script-src \'self\'\r\n'
	)

	sys.stdout.write('\r\n')

	if typ == 'eval':
	sys.stdout.write(
	'var id = 0;\n'
	'try {\n'
	' id = eval("1 + 2 + 3");\n'
	'}\n'
	' catch (e) {\n'
	'}\n'
	'\n'
	'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
	)

	elif typ == 'function-function':
	sys.stdout.write(
	'var fn = function() {\n'
	' postMessage(\'Function() function blocked\');\n'
	'}\n'
	'try {\n'
	' fn = new Function("", "postMessage(\'Function() function allowed\');");\n'
	'}\n'
	'catch(e) {\n'
	'}\n'
	'fn();\n'
	)

	elif typ == 'importscripts':
	sys.stdout.write(
	'try {\n'
	' importScripts("http://localhost:8000/security/contentSecurityPolicy/resources/post-message.js");\n'
	' postMessage("importScripts allowed");\n'
	'} catch(e) {\n'
	' postMessage("importScripts blocked: " + e);\n'
	'}\n'
	)

	elif typ == 'make-xhr':
	sys.stdout.write(
	'var xhr = new XMLHttpRequest;\n'
	'xhr.addEventListener("load", function () {\n'
	' postMessage("xhr allowed");\n'
	'});\n'
	'xhr.addEventListener("error", function () {\n'
	' postMessage("xhr blocked");\n'
	'});\n'
	'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
	'xhr.send();\n'
	)

	elif typ == 'set-timeout':
	sys.stdout.write(
	'var id = 0;\n'
	'try {\n'
	' id = setTimeout("postMessage(\'handler invoked\')", 100);\n'
	'} catch(e) {\n'
	'}\n'
	'postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");\n'
	)

	elif typ == 'post-message-pass':
	sys.stdout.write('postMessage("PASS");')

	elif typ == 'report-referrer':
	sys.stdout.write(
	'var xhr = new XMLHttpRequest;\n'
	'xhr.open("GET", "http://127.0.0.1:8000/security/resources/echo-referrer-header.py", true);\n'
	'xhr.onload = function () {\n'
	' postMessage(this.responseText);\n'
	'};\n'
	'xhr.send();\n'
	)

	elif typ == 'shared-report-referrer':
	sys.stdout.write(
	'onconnect = function (e) {\n'
	' var port = e.ports[0];\n'
	' var xhr = new XMLHttpRequest;\n'
	' xhr.open(\n'
	' "GET",\n'
	' "http://127.0.0.1:8000/security/resources/echo-referrer-header.py",\n'
	' true);\n'
	' xhr.onload = function () {\n'
	' port.postMessage(this.responseText);\n'
	' };\n'
	' xhr.send();\n'
	'};\n'
	)

	elif typ == 'multiple-headers':
	sys.stdout.write(
	'var xhr = new XMLHttpRequest;\n'
	'xhr.addEventListener("load", function () {\n'
	' postMessage("xhr allowed");\n'
	'});\n'
	'xhr.addEventListener("error", function () {\n'
	' postMessage("xhr blocked");\n'
	'});\n'
	'xhr.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/get.txt", true);\n'
	'xhr.send();\n'
	'\n'
	'var id = 0;\n'
	'try {\n'
	' id = eval("1 + 2 + 3");\n'
	'}\n'
	'catch (e) {\n'
	'}\n'
	'\n'
	'postMessage(id === 0 ? "eval blocked" : "eval allowed");\n'
	)