blob: 48b16c9f3f997a256147164fba9edd11874809bf [file] [log] [blame]
# This is the complete set of content-security-policy tests
# as of https://lbshell-internal.googlesource.com/external/web-platform-tests/+/96dfec5fc4b1bb362681e8245dc3a72184751fbc
# <base> is not supported
blink-contrib-2/base-uri-allow.sub.html,DISABLE
blink-contrib-2/base-uri-deny.sub.html,DISABLE
# <iframe> not supported
blink-contrib-2/form-action-src-allowed.sub.html,DISABLE
blink-contrib-2/form-action-src-blocked.sub.html,DISABLE
blink-contrib-2/form-action-src-default-ignored.sub.html,DISABLE
blink-contrib-2/form-action-src-get-allowed.sub.html,DISABLE
blink-contrib-2/form-action-src-get-blocked.sub.html,DISABLE
blink-contrib-2/form-action-src-javascript-blocked.sub.html,DISABLE
blink-contrib-2/form-action-src-redirect-blocked.sub.html,DISABLE
blink-contrib-2/meta-outside-head.sub.html,PASS
# <object> not supported
blink-contrib-2/plugintypes-mismatched-data.sub.html,DISABLE
blink-contrib-2/plugintypes-mismatched-url.sub.html,DISABLE
blink-contrib-2/plugintypes-notype-data.sub.html,DISABLE
blink-contrib-2/plugintypes-notype-url.sub.html,DISABLE
blink-contrib-2/plugintypes-nourl-allowed.sub.html,DISABLE
blink-contrib-2/plugintypes-nourl-blocked.sub.html,DISABLE
# hashes not supported
blink-contrib-2/scripthash-allowed.sub.html,DISABLE
# Note, the test below is an unreliable test: It depends on the alert_assert()
# being handled by the inline script allowed with a hash, but when that script
# itself is not allowed to run, the test still passes.
blink-contrib-2/scripthash-basic-blocked.sub.html,PASS
blink-contrib-2/scripthash-default-src.sub.html,DISABLE
blink-contrib-2/scripthash-ignore-unsafeinline.sub.html,PASS
blink-contrib-2/scripthash-unicode-normalization.sub.html,DISABLE
blink-contrib-2/scriptnonce-allowed.sub.html,PASS
# hashes not supported
# This test was modified to expect the hash-allowed script to fail, so that
# the rest of the behavior tested by this test can still be verified.
blink-contrib-2/scriptnonce-and-scripthash.sub.html,PASS
blink-contrib-2/scriptnonce-basic-blocked.sub.html,PASS
blink-contrib-2/scriptnonce-ignore-unsafeinline.sub.html,PASS
blink-contrib-2/scriptnonce-redirect.sub.html,PASS
blink-contrib-2/script-src-wildcards-disallowed.html,PASS
blink-contrib-2/securitypolicyviolation-block-cross-origin-image-from-script.sub.html,PASS
blink-contrib-2/securitypolicyviolation-block-cross-origin-image.sub.html,PASS
blink-contrib-2/securitypolicyviolation-block-image-from-script.sub.html,PASS
blink-contrib-2/securitypolicyviolation-block-image.sub.html,PASS
# hashes not supported
blink-contrib-2/stylehash-allowed.sub.html,DISABLE
blink-contrib-2/stylehash-basic-blocked.sub.html,DISABLE
blink-contrib-2/stylehash-default-src.sub.html,DISABLE
blink-contrib-2/stylenonce-allowed.sub.html,PASS
blink-contrib-2/stylenonce-blocked.sub.html,PASS
# Blob not supported
blink-contrib/blob-urls-do-not-match-self.sub.html,DISABLE
blink-contrib/blob-urls-match-blob.sub.html,DISABLE
blink-contrib/combine-header-and-meta-policies.sub.html,PASS
# Beacons and event sources are not supported.
blink-contrib/connect-src-beacon-allowed.sub.html,DISABLE
blink-contrib/connect-src-beacon-blocked.sub.html,DISABLE
blink-contrib/connect-src-beacon-redirect-to-blocked.sub.html,DISABLE
blink-contrib/connect-src-eventsource-allowed.sub.html,DISABLE
blink-contrib/connect-src-eventsource-blocked.sub.html,DISABLE
blink-contrib/connect-src-eventsource-redirect-to-blocked.sub.html,DISABLE
# Websockets not supported, but maybe someday.
blink-contrib/connect-src-websocket-allowed.sub.html,DISABLE
blink-contrib/connect-src-websocket-blocked.sub.html,DISABLE
blink-contrib/connect-src-xmlhttprequest-allowed.sub.html,PASS
blink-contrib/connect-src-xmlhttprequest-blocked.sub.html,PASS
blink-contrib/connect-src-xmlhttprequest-redirect-to-blocked.sub.html,PASS
blink-contrib/default-src-inline-allowed.sub.html,PASS
blink-contrib/default-src-inline-blocked.sub.html,PASS
blink-contrib/duplicate-directive.sub.html,PASS
blink-contrib/eval-allowed.sub.html,PASS
blink-contrib/eval-blocked-and-sends-report.sub.html,PASS
# <iframe> not supported
blink-contrib/eval-blocked-in-about-blank-iframe.sub.html,DISABLE
blink-contrib/eval-blocked.sub.html,PASS
# setTimeout() and setInterval() overloads that take DOMString argument are not
# supported
blink-contrib/eval-scripts-setInterval-allowed.sub.html,DISABLE
blink-contrib/eval-scripts-setInterval-blocked.sub.html,PASS
blink-contrib/eval-scripts-setTimeout-allowed.sub.html,DISABLE
blink-contrib/eval-scripts-setTimeout-blocked.sub.html,PASS
# No filesystem:// support
blink-contrib/filesystem-urls-do-not-match-self.sub.html,DISABLE
blink-contrib/filesystem-urls-match-filesystem.sub.html,DISABLE
# <iframe> not supported
blink-contrib/frame-src-about-blank-allowed-by-default.sub.html,DISABLE
blink-contrib/frame-src-about-blank-allowed-by-scheme.sub.html,DISABLE
blink-contrib/frame-src-allowed.sub.html,DISABLE
blink-contrib/frame-src-blocked.sub.html,DISABLE
blink-contrib/frame-src-cross-origin-load.sub.html,DISABLE
blink-contrib/function-constructor-allowed.sub.html,PASS
blink-contrib/function-constructor-blocked.sub.html,PASS
# <link rel='icon'> is not supported, and test is missing test harness.
blink-contrib/icon-allowed.sub.html,DISABLE
blink-contrib/icon-blocked.sub.html,DISABLE
# <iframe> not supported
blink-contrib/iframe-inside-csp.sub.html,DISABLE
blink-contrib/image-allowed.sub.html,PASS
blink-contrib/image-blocked.sub.html,PASS
blink-contrib/image-full-host-wildcard-allowed.sub.html,PASS
blink-contrib/injected-inline-script-allowed.sub.html,PASS
blink-contrib/injected-inline-script-blocked.sub.html,PASS
blink-contrib/injected-inline-style-allowed.sub.html,PASS
blink-contrib/injected-inline-style-blocked.sub.html,PASS
blink-contrib/inline-style-allowed.sub.html,PASS
blink-contrib/inline-style-allowed-while-cloning-objects.sub.html,PASS
blink-contrib/inline-style-attribute-allowed.sub.html,PASS
blink-contrib/inline-style-attribute-blocked.sub.html,PASS
blink-contrib/inline-style-attribute-on-html.sub.html,PASS
blink-contrib/inline-style-blocked.sub.html,PASS
# manifest-src not supported in CSP2.
blink-contrib/manifest-src-allowed.sub.html,DISABLE
blink-contrib/manifest-src-blocked.sub.html,DISABLE
# These are broken tests, they refer to nonexistent
# media-resources/video-test.js and media-resources/media-file.js and call
# an undefined waitForEvent, also using Chrome on upstream at
# http://w3c-test.org/.
blink-contrib/media-src-allowed.sub.html,DISABLE
blink-contrib/media-src-blocked.sub.html,DISABLE
# <track> not supported
blink-contrib/media-src-track-block.sub.html,DISABLE
# <svg> not supported
blink-contrib/object-in-svg-foreignobject.sub.html,DISABLE
# object-src not supported.
blink-contrib/object-src-applet-archive-codebase.sub.html,DISABLE
blink-contrib/object-src-applet-archive.sub.html,DISABLE
blink-contrib/object-src-applet-code-codebase.sub.html,DISABLE
blink-contrib/object-src-applet-code.sub.html,DISABLE
blink-contrib/object-src-no-url-allowed.sub.html,DISABLE
blink-contrib/object-src-no-url-blocked.sub.html,DISABLE
blink-contrib/object-src-url-allowed.sub.html,DISABLE
blink-contrib/object-src-url-blocked.sub.html,DISABLE
# Child not supported
blink-contrib/policy-does-not-affect-child.sub.html,DISABLE
blink-contrib/report-blocked-data-uri.sub.html,PASS
blink-contrib/report-cross-origin-no-cookies.sub.html,PASS
blink-contrib/report-disallowed-from-meta.sub.html,PASS
blink-contrib/report-same-origin-with-cookies.sub.html,PASS
blink-contrib/report-uri-from-inline-javascript.sub.html,PASS
blink-contrib/report-uri-from-javascript.sub.html,PASS
# File missing in original test suite
blink-contrib/report-uri.sub.html,DISABLE
# <iframe> not supported
blink-contrib/sandbox-allow-scripts-subframe.sub.html,DISABLE
# Sandbox not supported
blink-contrib/sandbox-allow-scripts.sub.html,DISABLE
blink-contrib/sandbox-empty-subframe.sub.html,DISABLE
blink-contrib/sandbox-empty.sub.html,DISABLE
blink-contrib/script-src-overrides-default-src.sub.html,PASS
# Blob not supported
blink-contrib/self-doesnt-match-blob.sub.html,DISABLE
# Workers are not supported
blink-contrib/shared-worker-connect-src-allowed.sub.html,DISABLE
blink-contrib/shared-worker-connect-src-blocked.sub.html,DISABLE
blink-contrib/source-list-parsing-paths-03.sub.html,PASS
# <iframe> not supported
blink-contrib/srcdoc-doesnt-bypass-script-src.sub.html,DISABLE
# Blob not supported
blink-contrib/star-doesnt-match-blob.sub.html,DISABLE
blink-contrib/style-allowed.sub.html,PASS
blink-contrib/style-blocked.sub.html,PASS
# Workers are not supported
blink-contrib/worker-connect-src-allowed.sub.html,DISABLE
blink-contrib/worker-connect-src-blocked.sub.html,DISABLE
blink-contrib/worker-eval-blocked.sub.html,DISABLE
blink-contrib/worker-from-guid.sub.html,DISABLE
blink-contrib/worker-function-function-blocked.sub.html,DISABLE
blink-contrib/worker-importscripts-blocked.sub.html,DISABLE
blink-contrib/worker-script-src.sub.html,DISABLE
blink-contrib/worker-set-timeout-blocked.sub.html,DISABLE
# <iframe> not supported
child-src/child-src-about-blank-allowed-by-default.sub.html,DISABLE
child-src/child-src-about-blank-allowed-by-scheme.sub.html,DISABLE
child-src/child-src-allowed.sub.html,DISABLE
child-src/child-src-blocked.sub.html,DISABLE
child-src/child-src-conflicting-frame-src.sub.html,DISABLE
child-src/child-src-cross-origin-load.sub.html,DISABLE
# Workers are not supported
child-src/child-src-worker-allowed.sub.html,DISABLE
child-src/child-src-worker-blocked.sub.html,DISABLE
# frame-ancestors, Cross-document messaging, <iframe> not supported
frame-ancestors/deep-allows-none.sub.html,DISABLE
frame-ancestors/intermediate-reporting-frame-allows-self.sub.html,DISABLE
frame-ancestors/intermediate-reporting-frame-allows-star.sub.html,DISABLE
frame-ancestors/multiple-frames-meta-ignored.sub.html,DISABLE
frame-ancestors/multiple-frames-one-blocked.sub.html,DISABLE
frame-ancestors/multiple-frames-self-allowed.sub.html,DISABLE
frame-ancestors/nested-traversing-allowed.sub.html,DISABLE
frame-ancestors/nested-traversing-banned.sub.html,DISABLE
frame-ancestors/nested-traversing-banned-top-is-self.sub.html,DISABLE
# frame-ancestors, Cross-document messaging not supported
frame-ancestors/reporting-frame-allows-none.html,DISABLE
frame-ancestors/reporting-frame-allows-none-meta.html,DISABLE
frame-ancestors/reporting-frame-allows-self.html,DISABLE
frame-ancestors/single-frame-self-allowed.sub.html,DISABLE
generic/generic-0_10_1.sub.html,PASS
generic/generic-0_10.html,PASS
generic/generic-0_1-img-src.html,PASS
generic/generic-0_1-script-src.html,PASS
generic/generic-0_2_2.sub.html,PASS
generic/generic-0_2_3.html,PASS
generic/generic-0_2.html,PASS
generic/generic-0_8_1.sub.html,PASS
generic/generic-0_8.html,PASS
generic/generic-0_9.sub.html,PASS
img-src/img-src-4_1.html,PASS
# Event attribute not supported, <source> is not supported, the used mp4 file is
# not compatible.
media-src/media-src-7_1_2.html,DISABLE
media-src/media-src-7_1.html,DISABLE
media-src/media-src-7_2_2.html,DISABLE
media-src/media-src-7_2.html,DISABLE
media-src/media-src-7_3_2.html,DISABLE
media-src/media-src-7_3.html,DISABLE
# Custom tests that verifies media-src
media-src/media-src-allowed.html,PASS
media-src/media-src-disallowed-blob.html,PASS
media-src/media-src-disallowed.html,PASS
meta/meta-img-src.html,PASS
meta/meta-modified.html,PASS
# object-src not supported by Cobalt.
object-src/object-src-2_1.html,DISABLE
object-src/object-src-2_2.html,DISABLE
script-src/script-src-1_1.html,PASS
# data: as script src
script-src/script-src-1_10.html,PASS
script-src/script-src-1_10_1.html,PASS
script-src/script-src-1_2_1.html,PASS
script-src/script-src-1_2.html,PASS
script-src/script-src-1_3.html,PASS
# setTimeout() and setInterval() should not run without 'unsafe-eval'
# script-src directive.
# setTimeout() and setInterval() overloads that take DOMString argument are not
# supported, as a result the function calls are treated as a syntax error, and
# the CSP violation report will not be sent.
script-src/script-src-1_4_1.html,DISABLE
# Function() called as a constructor
script-src/script-src-1_4_2.html,PASS
# eval() should not run without 'unsafe-eval' script-src directive
script-src/script-src-1_4.html,PASS
# svg not supported
svg/svg-from-guid.html,DISABLE
svg/svg-inline.sub.html,DISABLE
svg/svg-policy-resource-doc-includes.html,DISABLE
svg/svg-policy-with-resource.html,DISABLE
style-src/style-src-3_1.html,PASS
style-src/style-src-3_2.html,PASS
style-src/style-src-3_3.html,PASS
# @import rules are not supported
style-src/style-src-3_4.html,DISABLE