<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[200155] trunk/LayoutTests</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/200155">200155</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-04-27 15:50:02 -0700 (Wed, 27 Apr 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>CSP: Add tests for setting allowContentSecurityPolicySourceStarToMatchAnyProtocol
https://bugs.webkit.org/show_bug.cgi?id=157100
Reviewed by Brent Fulgham.
Add tests to ensure that we do not regress the behavior of setting allowContentSecurityPolicySourceStarToMatchAnyProtocol.
For completeness, this setting was added in <a href="http://trac.webkit.org/projects/webkit/changeset/200130">r200130</a> (https://bugs.webkit.org/show_bug.cgi?id=157005) to enable or disable
whether source * can match any protocol as part of a workaround for the iOS apps Ecobee and Quora.
* fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
* fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
* fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
* fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
* fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
* fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
* fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
* fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
* fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
* fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
* fast/dom/HTMLLinkElement/resources/green-background-color.css: Added.
(#test):
* media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Copied from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html.
* media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Copied from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html.
* media/video-with-file-url-blocked-by-csp-media-src-star-expected.html: Substitute "blocked" for "allowed" since the purpose of the corresponding
test is to ensure that we block loading a file URL video.
* media/video-with-file-url-blocked-by-csp-media-src-star.html: Substitute "blocked" for "allowed" since the purpose of this test is to ensure
that we block loading a file URL video. Additionally, register an oncanplaythrough handler instead of an onloadedmetadata handler and call testFinished()
to signal test completion on a zero timer as a means to help ensure that the first frame of the video is drawn should we regress the blocking of a video file URL.
* platform/wk2/TestExpectations: Skip test LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html
when using WebKitTestRunner because WebKitTestRunner does not support eventSender.beginDragWithFiles(). See need to fix
<https://bugs.webkit.org/show_bug.cgi?id=64285>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsmediavideowithfileurlblockedbycspmediasrcstarexpectedhtml">trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star-expected.html</a></li>
<li><a href="#trunkLayoutTestsmediavideowithfileurlblockedbycspmediasrcstarhtml">trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html</a></li>
<li><a href="#trunkLayoutTestsplatformwk2TestExpectations">trunk/LayoutTests/platform/wk2/TestExpectations</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsfastdomHTMLImageElementimagewithbloburlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml">trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLImageElementimagewithbloburlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml">trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLImageElementimagewithfileurlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml">trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLImageElementimagewithfileurlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml">trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementlinkwithbloburlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml">trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementlinkwithbloburlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml">trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementlinkwithdataurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml">trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementlinkwithdataurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml">trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementlinkwithfileurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml">trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementlinkwithfileurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml">trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html</a></li>
<li><a href="#trunkLayoutTestsfastdomHTMLLinkElementresourcesgreenbackgroundcolorcss">trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/green-background-color.css</a></li>
<li><a href="#trunkLayoutTestsmediavideowithfileurlallowedbycspmediasrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml">trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html</a></li>
<li><a href="#trunkLayoutTestsmediavideowithfileurlallowedbycspmediasrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml">trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (200154 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2016-04-27 22:48:23 UTC (rev 200154)
+++ trunk/LayoutTests/ChangeLog        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -1,3 +1,37 @@
</span><ins>+2016-04-27 Daniel Bates <dabates@apple.com>
+
+ CSP: Add tests for setting allowContentSecurityPolicySourceStarToMatchAnyProtocol
+ https://bugs.webkit.org/show_bug.cgi?id=157100
+
+ Reviewed by Brent Fulgham.
+
+ Add tests to ensure that we do not regress the behavior of setting allowContentSecurityPolicySourceStarToMatchAnyProtocol.
+ For completeness, this setting was added in r200130 (https://bugs.webkit.org/show_bug.cgi?id=157005) to enable or disable
+ whether source * can match any protocol as part of a workaround for the iOS apps Ecobee and Quora.
+
+ * fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
+ * fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
+ * fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
+ * fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
+ * fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
+ * fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
+ * fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
+ * fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
+ * fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Added.
+ * fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Added.
+ * fast/dom/HTMLLinkElement/resources/green-background-color.css: Added.
+ (#test):
+ * media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html: Copied from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html.
+ * media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html: Copied from LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html.
+ * media/video-with-file-url-blocked-by-csp-media-src-star-expected.html: Substitute "blocked" for "allowed" since the purpose of the corresponding
+ test is to ensure that we block loading a file URL video.
+ * media/video-with-file-url-blocked-by-csp-media-src-star.html: Substitute "blocked" for "allowed" since the purpose of this test is to ensure
+ that we block loading a file URL video. Additionally, register an oncanplaythrough handler instead of an onloadedmetadata handler and call testFinished()
+ to signal test completion on a zero timer as a means to help ensure that the first frame of the video is drawn should we regress the blocking of a video file URL.
+ * platform/wk2/TestExpectations: Skip test LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html
+ when using WebKitTestRunner because WebKitTestRunner does not support eventSender.beginDragWithFiles(). See need to fix
+ <https://bugs.webkit.org/show_bug.cgi?id=64285>.
+
</ins><span class="cx"> 2016-04-27 Ryan Haddad <ryanhaddad@apple.com>
</span><span class="cx">
</span><span class="cx"> Marking compositing/contents-scale/incremental-change.html as a flaky failure on ios-simulator-wk2
</span></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLImageElementimagewithbloburlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests that loading image with a blob URL is allowed when the page has Content Security Policy &quot;image-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. To run this test by hand, select an image file. This test PASSED if the image loads. Otherwise, it FAILED.</p>
+<img width="128" height="128" src="../resources/abe.png">
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLImageElementimagewithbloburlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,59 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src *">
+</head>
+<script>
+if (window.testRunner)
+ testRunner.waitUntilDone();
+
+if (window.internals && window.internals.settings)
+ internals.settings.setAllowContentSecurityPolicySourceStarToMatchAnyProtocol(true);
+
+var fileInput;
+
+function testFinished()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+function loadImage(event)
+{
+ var image = document.createElement("img");
+ image.height = "128";
+ image.width = "128";
+ image.alt = "FAIL";
+ image.onload = testFinished;
+ image.onerror = testFinished;
+ image.src = window.URL.createObjectURL(event.target.files[0]);
+
+ document.body.removeChild(fileInput);
+ document.body.appendChild(image);
+}
+
+function runTest()
+{
+ if (!window.eventSender)
+ return;
+
+ var x = fileInput.offsetLeft + fileInput.offsetWidth / 2;
+ var y = fileInput.offsetTop + fileInput.offsetHeight / 2;
+
+ eventSender.beginDragWithFiles(["../resources/abe.png"]);
+ eventSender.mouseMoveTo(x, y);
+ eventSender.mouseUp();
+}
+
+window.onload = function ()
+{
+ fileInput = document.getElementById("file");
+ fileInput.onchange = loadImage;
+ runTest();
+}
+</script>
+<body>
+<p>This tests that loading image with a blob URL is allowed when the page has Content Security Policy &quot;image-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. To run this test by hand, select an image file. This test PASSED if the image loads. Otherwise, it FAILED.</p>
+<input type="file" id="file" accept="image/*">
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLImageElementimagewithfileurlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests that loading image with a file URL is allowed when the page has Content Security Policy &quot;image-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<img src="resources/green.png" width="128" height="128">
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLImageElementimagewithfileurlallowedbycspimgsrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLImageElement/image-with-file-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src *">
+<script>
+if (window.internals && window.internals.settings)
+ internals.settings.setAllowContentSecurityPolicySourceStarToMatchAnyProtocol(true);
+</script>
+</head>
+<body>
+<p>This tests that loading image with a file URL is allowed when the page has Content Security Policy &quot;image-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<img src="resources/green.png" width="128" height="128" alt="FAIL">
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementlinkwithbloburlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests that loading a stylesheet with a blob URL is allowed when the page has Content Security Policy &quot;style-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<div style="background-color: green; height: 128px; width: 128px"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementlinkwithbloburlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-blob-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,32 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<style>
+#test {
+ background-color: red;
+ height: 128px;
+ width: 128px;
+}
+</style>
+<meta http-equiv="Content-Security-Policy" content="style-src *">
+<script>
+if (window.internals && window.internals.settings)
+ internals.settings.setAllowContentSecurityPolicySourceStarToMatchAnyProtocol(true);
+
+function createLinkElementWithStylesheet(stylesheetURL)
+{
+ var link = document.createElement("link");
+ link.rel = "stylesheet";
+ link.href = stylesheetURL;
+ return link;
+}
+
+var blobURL = window.URL.createObjectURL(new Blob(["#test { background-color: green !important; }"], {type: "text/css"}));
+document.head.appendChild(createLinkElementWithStylesheet(blobURL));
+</script>
+</head>
+<body>
+<p>This tests that loading a stylesheet with a blob URL is allowed when the page has Content Security Policy &quot;style-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<div id="test"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementlinkwithdataurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests that loading a stylesheet with a data URL is allowed when the page has Content Security Policy &quot;style-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<div style="background-color: green; height: 128px; width: 128px"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementlinkwithdataurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-data-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<style>
+#test {
+ background-color: red;
+ height: 128px;
+ width: 128px;
+}
+</style>
+<meta http-equiv="Content-Security-Policy" content="style-src *">
+<script>
+if (window.internals && window.internals.settings)
+ internals.settings.setAllowContentSecurityPolicySourceStarToMatchAnyProtocol(true);
+</script>
+<link rel="stylesheet" href="data:text/css, #test { background-color: green !important; }">
+</head>
+<body>
+<p>This tests that loading a stylesheet with a data URL is allowed when the page has Content Security Policy &quot;style-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<div id="test"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementlinkwithfileurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests that loading a stylesheet with a file URL is allowed when the page has Content Security Policy &quot;style-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<div style="background-color: green; height: 128px; width: 128px"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementlinkwithfileurlallowedbycspstylesrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-with-file-url-allowed-by-csp-style-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<style>
+#test {
+ background-color: red;
+ height: 128px;
+ width: 128px;
+}
+</style>
+<meta http-equiv="Content-Security-Policy" content="style-src *">
+<script>
+if (window.internals && window.internals.settings)
+ internals.settings.setAllowContentSecurityPolicySourceStarToMatchAnyProtocol(true);
+</script>
+<link rel="stylesheet" href="resources/green-background-color.css">
+</head>
+<body>
+<p>This tests that loading a stylesheet with a file URL is allowed when the page has Content Security Policy &quot;style-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if you see a green square below. Otherwise, it FAILED.</p>
+<div id="test"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomHTMLLinkElementresourcesgreenbackgroundcolorcss"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/green-background-color.css (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/green-background-color.css         (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/green-background-color.css        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+#test { background-color: green !important; }
</ins></span></pre></div>
<a id="trunkLayoutTestsmediavideowithfileurlallowedbycspmediasrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledexpectedhtmlfromrev200154trunkLayoutTestsmediavideowithfileurlblockedbycspmediasrcstarhtml"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html (from rev 200154, trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html) (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html         (rev 0)
+++ trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="media-file.js"></script>
+<script>
+if (window.testRunner)
+ testRunner.waitUntilDone();
+
+function testFinished()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+window.onload = function ()
+{
+ var video = document.getElementById("video");
+ video.oncanplaythrough = function () {
+ // Use a zero timer to ensure that the first frame of the video is drawn.
+ window.setTimeout(testFinished, 0);
+ }
+ video.onerror = testFinished;
+ video.src = findMediaFile("video", "content/test");
+}
+</script>
+</head>
+<body>
+<p>This tests that loading a video with a file URL is allowed when the page has Content Security Policy &quot;media-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if the video loads. Otherwise, it FAILED.</p>
+<video id="video"></video>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsmediavideowithfileurlallowedbycspmediasrcstarwithAllowContentSecurityPolicySourceStarToMatchAnyProtocolenabledhtmlfromrev200154trunkLayoutTestsmediavideowithfileurlblockedbycspmediasrcstarhtml"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html (from rev 200154, trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html) (0 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html         (rev 0)
+++ trunk/LayoutTests/media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src *">
+<script src="media-file.js"></script>
+<script>
+if (window.testRunner)
+ testRunner.waitUntilDone();
+
+if (window.internals && window.internals.settings)
+ internals.settings.setAllowContentSecurityPolicySourceStarToMatchAnyProtocol(true);
+
+function testFinished()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+window.onload = function ()
+{
+ var video = document.getElementById("video");
+ video.oncanplaythrough = function () {
+ // Use a zero timer to ensure that the first frame of the video is drawn.
+ window.setTimeout(testFinished, 0);
+ }
+ video.onerror = testFinished;
+ video.src = findMediaFile("video", "content/test");
+}
+</script>
+</head>
+<body>
+<p>This tests that loading a video with a file URL is allowed when the page has Content Security Policy &quot;media-src *&quot; and the WebKit setting AllowContentSecurityPolicySourceStarToMatchAnyProtocol is enabled. This test PASSED if the video loads. Otherwise, it FAILED.</p>
+<video id="video"></video>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsmediavideowithfileurlblockedbycspmediasrcstarexpectedhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star-expected.html (200154 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star-expected.html        2016-04-27 22:48:23 UTC (rev 200154)
+++ trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star-expected.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> </style>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<p>This tests that loading a video with a file URL is allowed when the page has Content Security Policy &quot;media-src *&quot;. This test PASSED if you see a solid green square. Otherwise, it FAILED.</p>
</del><ins>+<p>This tests that loading a video with a file URL is blocked when the page has Content Security Policy &quot;media-src *&quot;. This test PASSED if you see a solid green square. Otherwise, it FAILED.</p>
</ins><span class="cx"> <div id="equivalent-expected-result"></div>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestsmediavideowithfileurlblockedbycspmediasrcstarhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html (200154 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html        2016-04-27 22:48:23 UTC (rev 200154)
+++ trunk/LayoutTests/media/video-with-file-url-blocked-by-csp-media-src-star.html        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -23,14 +23,17 @@
</span><span class="cx"> window.onload = function ()
</span><span class="cx"> {
</span><span class="cx"> var video = document.getElementById("video");
</span><del>- video.onloadedmetadata = testFinished;
</del><ins>+ video.oncanplaythrough = function () {
+ // Use a zero timer to ensure that the first frame of the video is drawn.
+ window.setTimeout(testFinished, 0);
+ }
</ins><span class="cx"> video.onerror = testFinished;
</span><span class="cx"> video.src = findMediaFile("video", "content/test");
</span><span class="cx"> }
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><span class="cx"> <body>
</span><del>-<p>This tests that loading a video with a file URL is allowed when the page has Content Security Policy &quot;media-src *&quot;. This test PASSED if you see a solid green square. Otherwise, it FAILED.</p>
</del><ins>+<p>This tests that loading a video with a file URL is blocked when the page has Content Security Policy &quot;media-src *&quot;. This test PASSED if you see a solid green square. Otherwise, it FAILED.</p>
</ins><span class="cx"> <video id="video"></video>
</span><span class="cx"> </body>
</span><span class="cx"> </html>
</span></span></pre></div>
<a id="trunkLayoutTestsplatformwk2TestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/wk2/TestExpectations (200154 => 200155)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/wk2/TestExpectations        2016-04-27 22:48:23 UTC (rev 200154)
+++ trunk/LayoutTests/platform/wk2/TestExpectations        2016-04-27 22:50:02 UTC (rev 200155)
</span><span class="lines">@@ -619,6 +619,7 @@
</span><span class="cx"> editing/pasteboard/file-drag-to-editable.html
</span><span class="cx"> editing/pasteboard/file-input-files-access.html
</span><span class="cx"> fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
</span><ins>+fast/dom/HTMLImageElement/image-with-blob-url-allowed-by-csp-img-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html
</ins><span class="cx"> fast/dom/Window/window-postmessage-clone-frames.html
</span><span class="cx"> fast/dom/Window/window-postmessage-clone.html
</span><span class="cx"> fast/events/data-transfer-files-attribute-identity.html
</span></span></pre>
</div>
</div>
</body>
</html>