--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<widget xmlns="http://www.w3.org/ns/widgets" xmlns:tizen="http://tizen.org/ns/widgets" id="http://tizen.org/config-xml-with-csp" version="1.0.0" viewmodes="maximized">
+ <tizen:content-security-policy>connect-src *</tizen:content-security-policy>
+ <tizen:application id="wrt8cxw002.ConfigXmlWithCsp" package="wrt8cxw002" required_version="2.2"/>
+ <content src="index.html"/>
+ <icon src="custom.png"/>
+ <name>config-xml-with-csp</name>
+ <tizen:setting install-location="auto"/>
+</widget>
--- /dev/null
+<!DOCTYPE html>
+<!--
+Copyright (c) 2012 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ yunfeix.hao <yunfeix.hao@intel.com>
+
+-->
+
+<html>
+ <head>
+ <title>WRT Test: config-xml-with-csp</title>
+ <link rel="author" title="Intel" href="http://www.intel.com" />
+ <link rel="help" href="http://www.w3.org/TR/CSP" />
+ <meta name="flags" content="" />
+ <meta name="assert" content="Check that WRT MUST enforce CSP policy in content-security-policy tag in config.xml" />
+ <meta charset="utf-8">
+ <style>body{ background:red }</style>
+ </head>
+ <body onload="test()" id="body">
+ <h1 id="verdict">FAIL</h1>
+ <p id="reason">Test did not run.</p>
+ <script src="support/csp.js"></script>
+ <script language="javascript" type="text/javascript">
+ var id = "config-xml-with-csp";
+ var reason = document.getElementById("reason");
+ var body = document.getElementById("body");
+ var verdict = document.getElementById("verdict");
+
+ /* Called if the test passed */
+ function pass(excuse) {
+ body.style.backgroundColor = "green";
+ verdict.innerHTML = "PASS";
+ reason.innerHTML = excuse;
+ }
+
+ /* Called if the test failed */
+ function fail(excuse) {
+ reason.innerHTML = excuse;
+ }
+
+ /*Called to perform the test */
+ function test() {
+ try {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", "support/csp.js");
+ why = "Test "+ id +" passed because WRT MUST enforce CSP policy in content-security-policy tag in config.xml";
+ pass(why);
+ } catch(e) {
+ why = "Test "+ id +" failed by throwing the following exception: " + e;
+ fail(why);
+ }
+ }
+ </script>
+ </body>
+</html>
+
--- /dev/null
+/*
+Copyright (c) 2013 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ Zhang, Zhiqiang <zhiqiang.zhang@intel.com>
+
+*/
+
+var X = 10;
+var Y = eval(X + 17);
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<widget xmlns="http://www.w3.org/ns/widgets" xmlns:tizen="http://tizen.org/ns/widgets" id="http://tizen.org/default-policy-by-directives-csp" version="1.0.0" viewmodes="maximized">
+ <tizen:content-security-policy></tizen:content-security-policy>
+ <tizen:application id="wrt8dpb004.DefaultPolicyByDirectivesCsp" package="wrt8dpb004" required_version="2.2"/>
+ <content src="index.html"/>
+ <icon src="custom.png"/>
+ <name>default-policy-by-directives-csp</name>
+ <tizen:setting install-location="auto"/>
+</widget>
--- /dev/null
+<!DOCTYPE html>
+<!--
+Copyright (c) 2012 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ yunfeix.hao <yunfeix.hao@intel.com>
+
+-->
+
+<html>
+ <head>
+ <title>WRT Test: default-policy-by-directives-csp</title>
+ <link rel="author" title="Intel" href="http://www.intel.com" />
+ <link rel="help" href="http://www.w3.org/TR/CSP" />
+ <meta name="flags" content="" />
+ <meta name="assert" content="Check that default CSP policy enforced by WRT is default-src '*'; script-src 'self'; style-src 'self'; object-src 'none'." />
+ <meta charset="utf-8">
+ <style>body{ background:red }</style>
+ <style>
+ @font-face {
+ font-family: Canvas;
+ src: url("w3c/support/CanvasTest.ttf");
+ }
+ #test {
+ font-family: Canvas;
+ }
+ </style>
+ </head>
+ <body onload="test()" id="body">
+ <h1 id="verdict">FAIL</h1>
+ <p id="reason">Test did not run.</p>
+ <iframe src="support/blue-100x100.png"></iframe>
+ <img src="support/blue-100x100.png"/>
+ <video width="100" height="100" src="support/red-green.theora.ogv"/>
+ <object data="support/red-100x100.png"/>
+ <h3></h3>
+ <script src="support/csp.js"></script>
+ <script language="javascript" type="text/javascript">
+ var id = "default-policy-by-directives-csp";
+ var reason = document.getElementById("reason");
+ var body = document.getElementById("body");
+ var verdict = document.getElementById("verdict");
+ var result = false;
+ var why;
+
+ /* Called if the test passed */
+ function pass(excuse) {
+ body.style.backgroundColor = "green";
+ verdict.innerHTML = "PASS";
+ reason.innerHTML = excuse;
+ }
+
+ /* Called if the test failed */
+ function fail(excuse) {
+ reason.innerHTML = excuse;
+ }
+
+ /*Called to perform the test */
+ function test() {
+ try {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", "support/csp.js");
+ var h3 = document.querySelector("h3");
+ var display = getComputedStyle(h3)["display"];
+
+ if(X == 10 && display != "inline") {
+ result = true;
+ } else {
+ result = false;
+ }
+
+ if(result) {
+ why = "Test "+ id +" passed because The default CSP policy enforced by WRT is default-src '*'; script-src 'self'; style-src 'self'; object-src 'none'";
+ pass(why);
+ } else {
+ why = "Test "+ id +" failed because The default CSP policy enforced by WRT is not default-src '*'; script-src 'self'; style-src 'self'; object-src 'none'";
+ fail(why);
+ }
+ } catch(e) {
+ why = "Test "+ id +" failed by throwing the following exception: " + e;
+ fail(why);
+ }
+ }
+ </script>
+ </body>
+</html>
--- /dev/null
+blue-100x100.png
+is created by Windows Paint.
+
+red-100x100.png
+is created by Windows Paint.
+
+
+Copyright (c) 2013 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ Zhang, Zhiqiang <zhiqiang.zhang@intel.com>
+ Hao, Yunfei <yunfeix.hao@intel.com>
+---------------------------------------------------------------------
+
+red-green.theora.ogv comes from
+https://www.khronos.org/registry/webgl/sdk/tests/conformance/resources/red-green.theora.ogv
+without any modification.
+
+
+Khronos Group License (MIT):
+
+Copyright (c) 2012 The Khronos Group Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and/or associated documentation files (the
+"Materials"), to deal in the Materials without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Materials, and to
+permit persons to whom the Materials are furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Materials.
+
+THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+MATERIALS OR THE USE OR OTHER DEALINGS IN THE MATERIALS.
--- /dev/null
+/*
+Copyright (c) 2013 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ Zhang, Zhiqiang <zhiqiang.zhang@intel.com>
+
+*/
+
+var X = 10;
+var Y = eval(X + 17);
\ No newline at end of file
--- /dev/null
+CanvasTest.ttf comes from
+http://w3c-test.org/html/tests/approved/fonts/CanvasTest.ttf
+without any modification.
+
+
+These tests are copyright by W3C and/or the author listed in the test
+file. The tests are dual-licensed under the W3C Test Suite License:
+http://www.w3.org/Consortium/Legal/2008/04-testsuite-license
+and the BSD 3-clause License:
+http://www.w3.org/Consortium/Legal/2008/03-bsd-license
+under W3C's test suite licensing policy:
+http://www.w3.org/Consortium/Legal/2008/04-testsuite-copyright
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<widget xmlns="http://www.w3.org/ns/widgets" xmlns:tizen="http://tizen.org/ns/widgets" id="http://tizen.org/default-policy-by-directives-report-only" version="1.0.0" viewmodes="maximized">
+ <tizen:content-security-policy-report-only></tizen:content-security-policy-report-only>
+ <tizen:application id="wrt8dpb005.DefaultPolicyByDirectivesReportOnly" package="wrt8dpb005" required_version="2.2"/>
+ <content src="index.html"/>
+ <icon src="custom.png"/>
+ <name>default-policy-by-directives-report-only</name>
+ <tizen:setting install-location="auto"/>
+</widget>
--- /dev/null
+<!DOCTYPE html>
+<!--
+Copyright (c) 2012 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ yunfeix.hao <yunfeix.hao@intel.com>
+
+-->
+
+<html>
+ <head>
+ <title>WRT Test: default-policy-by-directives-report-only</title>
+ <link rel="author" title="Intel" href="http://www.intel.com" />
+ <link rel="help" href="http://www.w3.org/TR/CSP" />
+ <meta name="flags" content="" />
+ <meta name="assert" content="Check that default CSP policy enforced by WRT is default-src '*'; script-src 'self'; style-src 'self'; object-src 'none'." />
+ <meta charset="utf-8">
+ <style>body{ background:red }</style>
+ <style>
+ @font-face {
+ font-family: Canvas;
+ src: url("w3c/support/CanvasTest.ttf");
+ }
+ #test {
+ font-family: Canvas;
+ }
+ </style>
+ </head>
+ <body onload="test()" id="body">
+ <h1 id="verdict">FAIL</h1>
+ <p id="reason">Test did not run.</p>
+ <iframe src="support/blue-100x100.png"></iframe>
+ <img src="support/blue-100x100.png"/>
+ <video width="100" height="100" src="support/red-green.theora.ogv"/>
+ <object data="support/red-100x100.png"/>
+ <h3></h3>
+ <script src="support/csp.js"></script>
+ <script language="javascript" type="text/javascript">
+ var id = "default-policy-by-directives-report-only";
+ var reason = document.getElementById("reason");
+ var body = document.getElementById("body");
+ var verdict = document.getElementById("verdict");
+ var result = false;
+ var why;
+
+ /* Called if the test passed */
+ function pass(excuse) {
+ body.style.backgroundColor = "green";
+ verdict.innerHTML = "PASS";
+ reason.innerHTML = excuse;
+ }
+
+ /* Called if the test failed */
+ function fail(excuse) {
+ reason.innerHTML = excuse;
+ }
+
+ /*Called to perform the test */
+ function test() {
+ try {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", "support/csp.js");
+ var h3 = document.querySelector("h3");
+ var display = getComputedStyle(h3)["display"];
+
+ if(X == 10 && display != "inline") {
+ result = true;
+ } else {
+ result = false;
+ }
+
+ if(result) {
+ why = "Test "+ id +" passed because The default CSP policy enforced by WRT is default-src '*'; script-src 'self'; style-src 'self'; object-src 'none'";
+ pass(why);
+ } else {
+ why = "Test "+ id +" failed because The default CSP policy enforced by WRT is not default-src '*'; script-src 'self'; style-src 'self'; object-src 'none'";
+ fail(why);
+ }
+ } catch(e) {
+ why = "Test "+ id +" failed by throwing the following exception: " + e;
+ fail(why);
+ }
+ }
+ </script>
+ </body>
+</html>
--- /dev/null
+blue-100x100.png
+is created by Windows Paint.
+
+red-100x100.png
+is created by Windows Paint.
+
+
+Copyright (c) 2013 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ Zhang, Zhiqiang <zhiqiang.zhang@intel.com>
+ Hao, Yunfei <yunfeix.hao@intel.com>
+---------------------------------------------------------------------
+
+red-green.theora.ogv comes from
+https://www.khronos.org/registry/webgl/sdk/tests/conformance/resources/red-green.theora.ogv
+without any modification.
+
+
+Khronos Group License (MIT):
+
+Copyright (c) 2012 The Khronos Group Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and/or associated documentation files (the
+"Materials"), to deal in the Materials without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Materials, and to
+permit persons to whom the Materials are furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Materials.
+
+THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+MATERIALS OR THE USE OR OTHER DEALINGS IN THE MATERIALS.
--- /dev/null
+/*
+Copyright (c) 2013 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ Zhang, Zhiqiang <zhiqiang.zhang@intel.com>
+
+*/
+
+var X = 10;
+var Y = eval(X + 17);
\ No newline at end of file
--- /dev/null
+CanvasTest.ttf comes from
+http://w3c-test.org/html/tests/approved/fonts/CanvasTest.ttf
+without any modification.
+
+
+These tests are copyright by W3C and/or the author listed in the test
+file. The tests are dual-licensed under the W3C Test Suite License:
+http://www.w3.org/Consortium/Legal/2008/04-testsuite-license
+and the BSD 3-clause License:
+http://www.w3.org/Consortium/Legal/2008/03-bsd-license
+under W3C's test suite licensing policy:
+http://www.w3.org/Consortium/Legal/2008/04-testsuite-copyright
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<widget xmlns="http://www.w3.org/ns/widgets" xmlns:tizen="http://tizen.org/ns/widgets" id="http://tizen.org/enforce-csp-to-resource" version="1.0.0" viewmodes="maximized">
+ <tizen:content-security-policy>connect-src *</tizen:content-security-policy>
+ <tizen:application id="wrt8ect001.EnforceCspToResource" package="wrt8ect001" required_version="2.2"/>
+ <content src="index.html"/>
+ <icon src="custom.png"/>
+ <name>enforce-csp-to-resource</name>
+ <tizen:setting install-location="auto"/>
+</widget>
--- /dev/null
+<!DOCTYPE html>
+<!--
+Copyright (c) 2012 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ yunfeix.hao <yunfeix.hao@intel.com>
+
+-->
+
+<html>
+ <head>
+ <title>WRT Test: enforce-csp-to-resource</title>
+ <link rel="author" title="Intel" href="http://www.intel.com" />
+ <link rel="help" href="http://www.w3.org/TR/CSP" />
+ <meta name="flags" content="" />
+ <meta name="assert" content="Check WRT MUST enforce CSP policy to a main resource if the WRT is in CSP-based security mode." />
+ <meta charset="utf-8">
+ <style>body{ background:red }</style>
+ </head>
+ <body onload="test()" id="body">
+ <h1 id="verdict">FAIL</h1>
+ <p id="reason">Test did not run.</p>
+ <script src="support/csp.js"></script>
+ <script language="javascript" type="text/javascript">
+ var id = "enforce-csp-to-resource";
+ var reason = document.getElementById("reason");
+ var body = document.getElementById("body");
+ var verdict = document.getElementById("verdict");
+
+ /* Called if the test passed */
+ function pass(excuse) {
+ body.style.backgroundColor = "green";
+ verdict.innerHTML = "PASS";
+ reason.innerHTML = excuse;
+ }
+
+ /* Called if the test failed */
+ function fail(excuse) {
+ reason.innerHTML = excuse;
+ }
+
+ /*Called to perform the test */
+ function test() {
+ try {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", "support/csp.js");
+ why = "Test "+ id +" passed because WRT MUST enforce CSP policy to a main resource if the WRT is in CSP-based security mode.";
+ pass(why);
+ } catch(e) {
+ why = "Test "+ id +" failed by throwing the following exception: " + e;
+ fail(why);
+ }
+ }
+ </script>
+ </body>
+</html>
--- /dev/null
+/*
+Copyright (c) 2013 Intel Corporation.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of works must retain the original copyright notice, this list
+ of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the original copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+* Neither the name of Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this work without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Authors:
+ Zhang, Zhiqiang <zhiqiang.zhang@intel.com>
+
+*/
+
+var X = 10;
+var Y = eval(X + 17);
\ No newline at end of file
</spec>
</specs>
</testcase>
+ <testcase purpose="Check that WRT MUST enforce CSP policy to a main resource if the WRT is in CSP-based security mode." type="user_experience" status="approved" component="Web/Runtime/SecurityPrivacy" execution_type="manual" priority="P1" id="enforce-csp-to-resource">
+ <description>
+ <pre_condition>Make sure enforce-csp-to-resource.wgt is installed with the command : wrt-installer -i /opt/tct-csp-wrt-tests/enforce-csp-to-resource.wgt</pre_condition>
+ <post_condition>Get the 'application id' of enforce-csp-to-resource.wgt with the command : wrt-launcher -l, then uninstall the enforce-csp-to-resource.wgt with the command : wrt-installer -un 'application id'</post_condition>
+ <steps>
+ <step order="1">
+ <step_desc>Install enforce-csp-to-resource.wgt application with the command : wrt-installer -i /opt/tct-csp-wrt-tests/enforce-csp-to-resource.wgt</step_desc>
+ <expected>Widget application is able to be installed successfully</expected>
+ </step>
+ <step order="2">
+ <step_desc>Get the 'application id' of enforce-csp-to-resource.wgt with the command :"wrt-launcher -l" and launch the enforce-csp-to-resource.wgt with the command :"wrt-launcher -s 'application id'".</step_desc>
+ <expected>The screen shows "PASS" on green background.</expected>
+ </step>
+ </steps>
+ <test_script_entry timeout="90">/opt/tct-csp-wrt-tests/enforce-csp-to-resource.wgt</test_script_entry>
+ <notes></notes>
+ </description>
+ <specs>
+ <spec>
+ <spec_assertion element_type="attribute" element_name="N/A" interface="0740" specification="Content Security Policy" section="Web Application Security and Privacy" category="Tizen WRT Core Specifications"></spec_assertion>
+ <spec_url></spec_url>
+ <spec_statement></spec_statement>
+ </spec>
+ </specs>
+ </testcase>
+ <testcase purpose="Check that WRT MUST enforce CSP policy in content-security-policy tag in config.xml." type="user_experience" status="approved" component="Web/Runtime/SecurityPrivacy" execution_type="manual" priority="P1" id="config-xml-with-csp">
+ <description>
+ <pre_condition>Make sure config-xml-with-csp.wgt is installed with the command : wrt-installer -i /opt/tct-csp-wrt-tests/config-xml-with-csp.wgt</pre_condition>
+ <post_condition>Get the 'application id' of config-xml-with-csp.wgt with the command : wrt-launcher -l, then uninstall the config-xml-with-csp.wgt with the command : wrt-installer -un 'application id'</post_condition>
+ <steps>
+ <step order="1">
+ <step_desc>Install config-xml-with-csp.wgt application with the command : wrt-installer -i /opt/tct-csp-wrt-tests/config-xml-with-csp.wgt</step_desc>
+ <expected>Widget application is able to be installed successfully</expected>
+ </step>
+ <step order="2">
+ <step_desc>Get the 'application id' of config-xml-with-csp.wgt with the command :"wrt-launcher -l" and launch the config-xml-with-csp.wgt with the command :"wrt-launcher -s 'application id'".</step_desc>
+ <expected>The screen shows "PASS" on green background.</expected>
+ </step>
+ </steps>
+ <test_script_entry timeout="90">/opt/tct-csp-wrt-tests/config-xml-with-csp.wgt</test_script_entry>
+ <notes></notes>
+ </description>
+ <specs>
+ <spec>
+ <spec_assertion element_type="attribute" element_name="N/A" interface="0741" specification="Content Security Policy" section="Web Application Security and Privacy" category="Tizen WRT Core Specifications"></spec_assertion>
+ <spec_url></spec_url>
+ <spec_statement></spec_statement>
+ </spec>
+ </specs>
+ </testcase>
+ <testcase purpose="Check that default CSP policy enforced by WRT is default-src *; script-src self; style-src self; object-src none with content-security-policy." type="user_experience" status="approved" component="Web/Runtime/SecurityPrivacy" execution_type="manual" priority="P1" id="default-policy-by-directives-csp">
+ <description>
+ <pre_condition>Make sure default-policy-by-directives-csp.wgt is installed with the command : wrt-installer -i /opt/tct-csp-wrt-tests/default-policy-by-directives-csp.wgt</pre_condition>
+ <post_condition>Get the 'application id' of default-policy-by-directives-csp.wgt with the command : wrt-launcher -l, then uninstall the default-policy-by-directives-csp.wgt with the command : wrt-installer -un 'application id'</post_condition>
+ <steps>
+ <step order="1">
+ <step_desc>Install default-policy-by-directives-csp.wgt application with the command : wrt-installer -i /opt/tct-csp-wrt-tests/default-policy-by-directives-csp.wgt</step_desc>
+ <expected>Widget application is able to be installed successfully</expected>
+ </step>
+ <step order="2">
+ <step_desc>Get the 'application id' of default-policy-by-directives-csp.wgt with the command :"wrt-launcher -l" and launch the default-policy-by-directives-csp.wgt with the command :"wrt-launcher -s 'application id'".</step_desc>
+ <expected>The screen shows "PASS" on green background.</expected>
+ </step>
+ </steps>
+ <test_script_entry timeout="90">/opt/tct-csp-wrt-tests/default-policy-by-directives-csp.wgt</test_script_entry>
+ <notes></notes>
+ </description>
+ <specs>
+ <spec>
+ <spec_assertion element_type="attribute" element_name="N/A" interface="0742" specification="Content Security Policy" section="Web Application Security and Privacy" category="Tizen WRT Core Specifications"></spec_assertion>
+ <spec_url></spec_url>
+ <spec_statement></spec_statement>
+ </spec>
+ </specs>
+ </testcase>
+ <testcase purpose="Check that default CSP policy enforced by WRT is default-src *; script-src self; style-src self; object-src none with content-security-policy-report-only." type="user_experience" status="approved" component="Web/Runtime/SecurityPrivacy" execution_type="manual" priority="P1" id="default-policy-by-directives-report-only">
+ <description>
+ <pre_condition>Make sure default-policy-by-directives-report-only.wgt is installed with the command : wrt-installer -i /opt/tct-csp-wrt-tests/default-policy-by-directives-report-only.wgt</pre_condition>
+ <post_condition>Get the 'application id' of default-policy-by-directives-report-only.wgt with the command : wrt-launcher -l, then uninstall the default-policy-by-directives-report-only.wgt with the command : wrt-installer -un 'application id'</post_condition>
+ <steps>
+ <step order="1">
+ <step_desc>Install default-policy-by-directives-report-only.wgt application with the command : wrt-installer -i /opt/tct-csp-wrt-tests/default-policy-by-directives-report-only.wgt</step_desc>
+ <expected>Widget application is able to be installed successfully</expected>
+ </step>
+ <step order="2">
+ <step_desc>Get the 'application id' of default-policy-by-directives-report-only.wgt with the command :"wrt-launcher -l" and launch the default-policy-by-directives-report-only.wgt with the command :"wrt-launcher -s 'application id'".</step_desc>
+ <expected>The screen shows "PASS" on green background.</expected>
+ </step>
+ </steps>
+ <test_script_entry timeout="90">/opt/tct-csp-wrt-tests/default-policy-by-directives-report-only.wgt</test_script_entry>
+ <notes></notes>
+ </description>
+ <specs>
+ <spec>
+ <spec_assertion element_type="attribute" element_name="N/A" interface="0742" specification="Content Security Policy" section="Web Application Security and Privacy" category="Tizen WRT Core Specifications"></spec_assertion>
+ <spec_url></spec_url>
+ <spec_statement></spec_statement>
+ </spec>
+ </specs>
+ </testcase>
</set>
</suite>
</test_definition>
projects / test / tct / web / wrt.git / commitdiff
