csp.window.js - mozsearch

Enable keyboard shortcuts

This test has a WPT meta file that expects 2 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /subresource-integrity/signatures/tentative/csp.window.html - WPT Dashboard Interop Dashboard

// META: script=helper.js

// Here, we're replicating many of the tests from `script.window.js`, but

// doing so in the presence of a CSP that requires the RFC's test key to

// be asserted as integrity metadata.

// First, enforce CSP:

const el = document.createElement('meta');

el.httpEquiv = "content-security-policy";

el.content = `script-src 'ed25519-${kValidKeys['rfc']}'`;

document.head.appendChild(el);

// Unsigned scripts should not load, regardless of integrity metadata:

generate_script_test(kUnsignedShouldBlock, "", EXPECT_BLOCKED,

                     "No signature, no integrity check: blocked.");

generate_script_test(kUnsignedShouldBlock, "ed25519-???", EXPECT_BLOCKED,

                     "No signature, malformed integrity check: blocked.");

generate_script_test(kUnsignedShouldBlock, `ed25519-${kValidKeys['rfc']}`, EXPECT_BLOCKED,

                     "No signature, integrity check: blocked.");

// Signed scripts should load iff valid integrity metadata is explicitly asserted:

generate_script_test(kSignedShouldBlock, "", EXPECT_BLOCKED,

                     "Valid signature, no integrity check: blocked.");

generate_script_test(kSignedShouldBlock, "ed25519-???", EXPECT_BLOCKED,

                     "Valid signature, malformed integrity check: blocked.");

generate_script_test(kSignedShouldExecute, `ed25519-${kValidKeys['rfc']}`, EXPECT_LOADED,

                     "Valid signature, valid integrity check: loads.");

generate_script_test(kSignedShouldExecute, `ed25519-${kValidKeys['rfc']} ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,

                     "Valid signature, one matching and one mismatched integrity check: blocked.");

generate_script_test(kSignedShouldBlock, `ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,

                     "Valid signature, mismatched integrity check: blocked.");

// Likewise, scripts signed with multiple signatures will still require valid integrity metadata to be asserted:

generate_script_test(kMultiplySignedShouldBlock, "", EXPECT_BLOCKED,

                     "Valid signatures, no integrity check: blocked.");

generate_script_test(kMultiplySignedShouldBlock, "ed25519-???", EXPECT_BLOCKED,

                     "Valid signatures, malformed integrity check: blocked.");

generate_script_test(kMultiplySignedShouldExecute, `ed25519-${kValidKeys['rfc']}`, EXPECT_LOADED,

                     "Valid signatures, integrity check matches one: loads.");

generate_script_test(kMultiplySignedShouldBlock, `ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,

                     "Valid signatures, integrity check matches the other: blocked.");

generate_script_test(kMultiplySignedShouldBlock, `ed25519-${kValidKeys['rfc']} ed25519-${kValidKeys['arbitrary']}`, EXPECT_BLOCKED,

                     "Valid signatures, integrity check matches both, but only one in CSP: blocked.");

generate_script_test(kMultiplySignedShouldBlock, `ed25519-${kInvalidKey}`, EXPECT_BLOCKED,

                     "Valid signatures, integrity check matches neither: blocked.");