Populate level3 csp tests; update w3c tools.

specs/cookies/helpers/ProtocolCookies.js

@@ -2,7 +2,7 @@
 function run(t) {
     var defProperties = t.properties.def;
     var ident = 'test';
-    var url = './resources/set-cookie.py?ident=' + ident;
+    var url = './support/set-cookie.py?ident=' + ident;
     var xhr = new XMLHttpRequest();
     xhr.open('GET', url, true);
     xhr.onload = t.step_func(function() {

specs/cors/helpers/ProtocolCORS.js

 "use strict";
 function run(t) {
     var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-cors.py';
+    var url = CROSSDOMAIN + './support/check-cors.py';
     test(function() {
         var xhr = new XMLHttpRequest();
         xhr.open('GET', url + '?allow=1', false);

specs/csp/csp.config.json

@@ -5,5 +5,16 @@
     "local": "csp.html",
     "dontExtract": true,
     "dontExtractReason": "requires manual property extraction",
-    "helpers3": []
+    "helpers3": [
+        "ProtocolCSP"
+    ],
+    "crossDomainSupport": true,
+    "tests": [
+        {
+            "name": "ProtocolCSP",
+            "helper": "ProtocolCSP",
+            "code": "run(t)",
+            "async": true
+        }
+    ]
 }

specs/csp/helpers/ProtocolCSP.js

+"use strict";
+function run(t) {
+    var properties = t.properties;
+    var defProperties = properties.def;
+    var e = document.createElement('img');
+    e.src = './resources/test.png';
+    e.onload = t.step_func_done(function() {
+        test(function() {
+            assert_unreached('image loaded with img-src \'none\'');
+        }, defProperties.expandedName + '-check-allowed');
+    });
+    e.onerror = t.step_func_done(function() {
+        async_test(function() {
+            var t = this;
+            var s = document.createElement('script');
+            s.src = './support/check-report.sub.js?present=true&field=violated-directive&value=img-src%20%27none%27';
+            s.onload = t.step_func(function() {
+                t.properties = properties;
+                checkReport(t);
+            });
+            s.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load check-report.sub.js');
+            });
+            document.body.appendChild(s);
+        }, defProperties.expandedName + '-check-denial-report');
+    });
+    document.body.appendChild(e);
+}

specs/csp/other/csp-ProtocolCSP.html.sub.headers

+Expires: Thu, 01 Jan 1970 00:00:00 UTC
+Cache-Control: no-store, no-cache
+Pragma: no-cache
+Set-Cookie: csp-protocolcsp={{$id:uuid()}}; Path=/tests/csp/
+Content-Security-Policy: img-src 'none'; report-uri ./support/report-csp.py?op=put&id={{$id}}

specs/csp/support/check-report.sub.js

+"use strict";
+(function() {
+    function checkReport(t) {
+        var defProperties = t.properties.def;
+        var locationComponents = location.pathname.split('/');
+        var testPath = locationComponents.slice(0, locationComponents.length - 1).join('/');
+        var testName = locationComponents[locationComponents.length - 1].split('.')[0].toLowerCase();
+        var cookies = document.cookie.split(';');
+        var id;
+        for (var i = 0; i < cookies.length; ++i) {
+            var cookie = cookies[i];
+            var cookieComponents = cookie.split('=');
+            var n = cookieComponents[0].trim();
+            if (n == testName) {
+                id = cookieComponents[1].trim();
+                document.cookie = n + '=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=' + testPath;
+                break;
+            }
+        }
+        if (!!id) {
+            var url = './support/report-csp.py?op=take&timeout=1&id=' + id;
+            var xhr = new XMLHttpRequest();
+            xhr.open('GET', url, true);
+            xhr.onload = t.step_func_done(function() {
+                var present = {{GET[present]}};
+                var result  = JSON.parse(xhr.response);
+                var error   = result['error'];
+                var report  = result['csp-report'];
+                test(function() {
+                    assert_false(!(present ^ report), present ? 'no report sent' : 'report sent in error');
+                }, defProperties.expandedName + (present ? '-report-present' : '-report-absent'));
+                if (!!present && !!report) {
+                    test(function() {
+                        var field  = "{{GET[field]}}"; // must use double quotes, lest substitution contain single quotes
+                        var value  = "{{GET[value]}}"; // must use double quotes, lest substitution contain single quotes
+                        assert_equals(report[field], value);
+                    }, defProperties.expandedName + '-report-field-matches');
+                }
+            });
+            xhr.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load report-csp.py');
+            });
+            xhr.send();
+        }
+    }
+    expose('checkReport', checkReport);
+})();

specs/csp/support/report-csp.py

+import time
+import json
+def main(request, response):
+    op = request.GET.first("op");
+    id = request.GET.first("id")
+    timeout = float(request.GET.first("timeout", "0"))
+    response.headers.set("Content-Type", "application/json")
+    if op == "put":
+        request.server.stash.put(key=id, value=request.body.rstrip())
+        body = json.dumps({'id': id})
+    elif op == "take":
+        value = request.server.stash.take(key=id)
+        if value is None:
+            time.sleep(timeout)
+            value = request.server.stash.take(key=id)
+            if value is None:
+                value = json.dumps({'error': 'no report', 'id': id})
+        body = value
+    else:
+        body = json.dumps({'error': 'unknown operation', 'id': id})
+    return response.headers, body

specs/origin/helpers/ProtocolOrigin.js

 "use strict";
 function run(t) {
     var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-origin.py';
+    var url = CROSSDOMAIN + './support/check-origin.py';
     var xhr = new XMLHttpRequest();
     xhr.open('GET', url, true);
     xhr.onload = t.step_func_done(function() {

tests/cookies/helpers/ProtocolCookies.js

@@ -2,7 +2,7 @@
 function run(t) {
     var defProperties = t.properties.def;
     var ident = 'test';
-    var url = './resources/set-cookie.py?ident=' + ident;
+    var url = './support/set-cookie.py?ident=' + ident;
     var xhr = new XMLHttpRequest();
     xhr.open('GET', url, true);
     xhr.onload = t.step_func(function() {

tests/cors/helpers/ProtocolCORS.js

 "use strict";
 function run(t) {
     var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-cors.py';
+    var url = CROSSDOMAIN + './support/check-cors.py';
     test(function() {
         var xhr = new XMLHttpRequest();
         xhr.open('GET', url + '?allow=1', false);

tests/csp/csp-ProtocolCSP.html

+<!-- Copyright (C) 2014, Cable Television Laboratories, Inc. & Skynav, Inc. -->
+<!-- DO NOT EDIT! This test was generated by $(CVP2TS)/tools/level2/generate/generate.js. -->
+<!doctype html>
+<meta charset='utf-8'>
+<title>Test ProtocolCSP</title>
+<script src='/resources/testharness.js'></script>
+<script src='/resources/testharnessreport.js'></script>
+<script src='/tools/common/level3.js'></script>
+<script src='/tools/common/crossdomain.js?pipe=sub'></script>
+<script src='./helpers/ProtocolCSP.js'></script>
+<script type='text/plain' id='testDef'>
+{"name":"ProtocolCSP","helper":"ProtocolCSP","code":"run(t)","async":true}
+</script>
+<h1>Test ProtocolCSP Support</h1>
+<div id='log'></div>
+<script>
+level3Async('csp', JSON.parse(document.getElementById('testDef').textContent), function(t){return run(t);});
+</script>

tests/csp/csp-ProtocolCSP.html.sub.headers

+Expires: Thu, 01 Jan 1970 00:00:00 UTC
+Cache-Control: no-store, no-cache
+Pragma: no-cache
+Set-Cookie: csp-protocolcsp={{$id:uuid()}}; Path=/tests/csp/
+Content-Security-Policy: img-src 'none'; report-uri ./support/report-csp.py?op=put&id={{$id}}

tests/csp/helpers/ProtocolCSP.js

+"use strict";
+function run(t) {
+    var properties = t.properties;
+    var defProperties = properties.def;
+    var e = document.createElement('img');
+    e.src = './resources/test.png';
+    e.onload = t.step_func_done(function() {
+        test(function() {
+            assert_unreached('image loaded with img-src \'none\'');
+        }, defProperties.expandedName + '-check-allowed');
+    });
+    e.onerror = t.step_func_done(function() {
+        async_test(function() {
+            var t = this;
+            var s = document.createElement('script');
+            s.src = './support/check-report.sub.js?present=true&field=violated-directive&value=img-src%20%27none%27';
+            s.onload = t.step_func(function() {
+                t.properties = properties;
+                checkReport(t);
+            });
+            s.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load check-report.sub.js');
+            });
+            document.body.appendChild(s);
+        }, defProperties.expandedName + '-check-denial-report');
+    });
+    document.body.appendChild(e);
+}

tests/csp/support/check-report.sub.js

+"use strict";
+(function() {
+    function checkReport(t) {
+        var defProperties = t.properties.def;
+        var locationComponents = location.pathname.split('/');
+        var testPath = locationComponents.slice(0, locationComponents.length - 1).join('/');
+        var testName = locationComponents[locationComponents.length - 1].split('.')[0].toLowerCase();
+        var cookies = document.cookie.split(';');
+        var id;
+        for (var i = 0; i < cookies.length; ++i) {
+            var cookie = cookies[i];
+            var cookieComponents = cookie.split('=');
+            var n = cookieComponents[0].trim();
+            if (n == testName) {
+                id = cookieComponents[1].trim();
+                document.cookie = n + '=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=' + testPath;
+                break;
+            }
+        }
+        if (!!id) {
+            var url = './support/report-csp.py?op=take&timeout=1&id=' + id;
+            var xhr = new XMLHttpRequest();
+            xhr.open('GET', url, true);
+            xhr.onload = t.step_func_done(function() {
+                var present = {{GET[present]}};
+                var result  = JSON.parse(xhr.response);
+                var error   = result['error'];
+                var report  = result['csp-report'];
+                test(function() {
+                    assert_false(!(present ^ report), present ? 'no report sent' : 'report sent in error');
+                }, defProperties.expandedName + (present ? '-report-present' : '-report-absent'));
+                if (!!present && !!report) {
+                    test(function() {
+                        var field  = "{{GET[field]}}"; // must use double quotes, lest substitution contain single quotes
+                        var value  = "{{GET[value]}}"; // must use double quotes, lest substitution contain single quotes
+                        assert_equals(report[field], value);
+                    }, defProperties.expandedName + '-report-field-matches');
+                }
+            });
+            xhr.onerror = t.step_func_done(function() {
+                assert_unreached('unable to load report-csp.py');
+            });
+            xhr.send();
+        }
+    }
+    expose('checkReport', checkReport);
+})();

tests/csp/support/report-csp.py

+import time
+import json
+def main(request, response):
+    op = request.GET.first("op");
+    id = request.GET.first("id")
+    timeout = float(request.GET.first("timeout", "0"))
+    response.headers.set("Content-Type", "application/json")
+    if op == "put":
+        request.server.stash.put(key=id, value=request.body.rstrip())
+        body = json.dumps({'id': id})
+    elif op == "take":
+        value = request.server.stash.take(key=id)
+        if value is None:
+            time.sleep(timeout)
+            value = request.server.stash.take(key=id)
+            if value is None:
+                value = json.dumps({'error': 'no report', 'id': id})
+        body = value
+    else:
+        body = json.dumps({'error': 'unknown operation', 'id': id})
+    return response.headers, body

tests/origin/helpers/ProtocolOrigin.js

 "use strict";
 function run(t) {
     var defProperties = t.properties.def;
-    var url = CROSSDOMAIN + './resources/check-origin.py';
+    var url = CROSSDOMAIN + './support/check-origin.py';
     var xhr = new XMLHttpRequest();
     xhr.open('GET', url, true);
     xhr.onload = t.step_func_done(function() {

tools/level3/generate/Makefile

@@ -42,6 +42,12 @@ all: $(outfiles)
 	@if [ -d $(SPECDIR)/$(*F)/resources ]; then \
 	    $(CP) -R $(SPECDIR)/$(*F)/resources $(TESTDIR)/$(*F) ; \
 	fi;
+	@if [ -d $(SPECDIR)/$(*F)/support ]; then \
+	    $(CP) -R $(SPECDIR)/$(*F)/support $(TESTDIR)/$(*F) ; \
+	fi;
+	@if [ -d $(SPECDIR)/$(*F)/other ]; then \
+	    $(CP) $(SPECDIR)/$(*F)/other/* $(TESTDIR)/$(*F) ; \
+	fi;
 
 clean:
 	@$(CLEANTOOL) --phase generate --testDirectoryRoot $(TESTDIR) $(outfiles)

resources @ ca0fde3c

-Subproject commit e589625bb6ef5f2fa2f384ee2b6f3db123c0c09e
+Subproject commit ca0fde3c8e1b96524122ddc6aee84a27514f63df

tools/w3c/scripts/server.config.default.json

@@ -5,6 +5,6 @@
         "https": [ "auto" ]
     },
     "check_subdomains": true,
-    "log_level": "info",
+    "log_level": "debug",
     "bind_hostname": true
 }

wptserve @ 96f5c45a

-Subproject commit 601cf5e37e02c63befb158b53b300270d5bef88d
+Subproject commit 96f5c45a831ffa75d3a0687fca48a93bd7cdcaf0