transform WPT <to-javascript-url-script-src.html>'s async sub-tests t…

…o promise-tests and remove checking the securitypolicyevent's target element. Gecko doesn't set the securitypolicyevent violation's target element, which prevented the async tests from passing with Gecko. Setting the violation's target element isn't specified ( w3c/webappsec-csp#687). Promise-based tests allow removing checking the target element, because the tests are run in sequence (https://web-platform-tests.org/writing-tests/testharness-api.html#promise-tests). Differential Revision: https://phabricator.services.mozilla.com/D227160 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1919248 gecko-commit: b941985be92395c909b233ecfbba356f6d0db149 gecko-reviewers: smaug
web-platform-tests · Oct 30, 2024 · 2204142 · 2204142
1 parent 098650e
commit 2204142
Showing 1 changed file with 33 additions and 27 deletions.
diff --git a/content-security-policy/navigation/to-javascript-url-script-src.html b/content-security-policy/navigation/to-javascript-url-script-src.html
@@ -7,17 +7,15 @@
 <body>
 
 <script nonce="abc">
-  function assert_csp_event_for_element(test, element) {
+  function assert_csp_event_for_element(test, element, resolve) {
     assert_equals(typeof SecurityPolicyViolationEvent, "function", "These tests require 'SecurityPolicyViolationEvent'.");
     document.addEventListener("securitypolicyviolation", test.step_func(e => {
-      if (e.target != element)
-        return;
       assert_equals(e.blockedURI, "inline");
       assert_equals(e.effectiveDirective, "script-src-elem");
       assert_equals(element.contentDocument.body.innerText, "", "Ensure that 'Fail' doesn't appear in the child document.");
       element.remove();
-      test.done();
-    }));
+      resolve();
+    }, { once: true }));
   }
 
   function navigate_to_javascript_onload(test, iframe) {
@@ -32,41 +30,49 @@
     }));
   }
 
-  async_test(t => {
-    var i = document.createElement("iframe");
-    i.src = "javascript:'Fail.'";
+  promise_test(t => {
+    return new Promise(resolve => {
+      var i = document.createElement("iframe");
+      i.src = "javascript:'Fail.'";
 
-    assert_csp_event_for_element(t, i);
+      assert_csp_event_for_element(t, i, resolve);
 
-    document.body.appendChild(i);
+      document.body.appendChild(i);
+    })
   }, "<iframe src='javascript:'> blocked without 'unsafe-inline'.");
 
-  async_test(t => {
-    var i = document.createElement("iframe");
+  promise_test(t => {
+    return new Promise(resolve => {
+      var i = document.createElement("iframe");
 
-    assert_csp_event_for_element(t, i);
-    navigate_to_javascript_onload(t, i);
+      assert_csp_event_for_element(t, i, resolve);
+      navigate_to_javascript_onload(t, i);
 
-    document.body.appendChild(i);
+      document.body.appendChild(i);
+    })
   }, "<iframe> navigated to 'javascript:' blocked without 'unsafe-inline'.");
 
-  async_test(t => {
-    var i = document.createElement("iframe");
-    i.src = "../support/echo-policy.py?policy=" + encodeURIComponent("script-src 'unsafe-inline'");
+  promise_test(t => {
+    return new Promise(resolve => {
+      var i = document.createElement("iframe");
+      i.src = "../support/echo-policy.py?policy=" + encodeURIComponent("script-src 'unsafe-inline'");
 
-    assert_csp_event_for_element(t, i);
-    navigate_to_javascript_onload(t, i);
+      assert_csp_event_for_element(t, i, resolve);
+      navigate_to_javascript_onload(t, i);
 
-    document.body.appendChild(i);
+      document.body.appendChild(i);
+    })
   }, "<iframe src='...'> with 'unsafe-inline' navigated to 'javascript:' blocked in this document");
 
-  async_test(t => {
-    var i = document.createElement("iframe");
-    i.src = "../support/echo-policy.py?policy=" + encodeURIComponent("script-src 'none'");
+  promise_test(t => {
+    return new Promise(resolve => {
+      var i = document.createElement("iframe");
+      i.src = "../support/echo-policy.py?policy=" + encodeURIComponent("script-src 'none'");
 
-    assert_csp_event_for_element(t, i);
-    navigate_to_javascript_onload(t, i);
+      assert_csp_event_for_element(t, i, resolve);
+      navigate_to_javascript_onload(t, i);
 
-    document.body.appendChild(i);
+      document.body.appendChild(i);
+    })
   }, "<iframe src='...'> without 'unsafe-inline' navigated to 'javascript:' blocked in this document.");
 </script>