Bug 1898141 [wpt PR 46423] - Import map integrity tests - WebKit improvements, a=testonly

Automatic update from web-platform-tests WebKit improvements to import map integrity tests (#46423) -- wpt-commits: 18419b3c7eb7a9d75cfc97dcfd901a7d9aac2d9a wpt-pr: 46423
2024-05-23 16:22:09 +00:00
parent 395d0dc7cc
commit 151adafd6e
5 changed files with 113 additions and 69 deletions
--- a/testing/web-platform/tests/import-maps/dynamic-integrity.html
+++ b/testing/web-platform/tests/import-maps/dynamic-integrity.html
@@ -2,9 +2,6 @@
 <html>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script>
-let log;
-</script>
 <script type="importmap">
 {
  "imports": {
@@ -23,17 +20,19 @@ let log;
    "./resources/log.js?pipe=sub&name=Multiple": "sha384-foobar sha512-rOJN8igD0+jW6lwNN3+InhXTgQztVHlq/HJ0riswXp8kMoiIDx5JpmCwuVem6Ll9q2LFNSu1xq23bsBMMQk1rg==",
    "./resources/log.js?pipe=sub&name=BadHashWithNoImport": "sha384-foobar",
    "./resources/log.js?pipe=sub&name=BareURL": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=EventHandlerPass": "sha384-d4yrBK8a55vlyYz2QEnlaU64PPpdKBkblD2KmfozI61mC1ij6RrZJaGCTsVxPuJ2",
+    "./resources/log.js?pipe=sub&name=EventHandlerFail": "sha384-foobar",
    "bare2": "sha384-foobar",
    "resources/log.js?pipe=sub&name=Bare": "sha384-foobar"
  }
 }
 </script>
-<script type="module">
+<script>
+let log;
 const test_not_loaded = (url, description) => {
  promise_test(async t => {
    log = [];
-    const promise = import(url);
-    await promise_rejects_js(t, TypeError, promise);
+    await promise_rejects_js(t, TypeError, import(url));
    assert_array_equals(log, []);
  }, description);
 };
@@ -46,42 +45,80 @@ const test_loaded = (url, log_expectation, description) => {
  }, description);
 };

-test_not_loaded("./resources/log.js?pipe=sub&name=ResolvesToBadHash",
-  'script was not loaded, as its resolved URL failed its integrity check');
-
-test_loaded("./resources/log.js?pipe=sub&name=ResolvesToNoHash", ["log:NoHash"],
-  'script was loaded, as its resolved URL had no integrity check, despite' +
-  ' its specifier having one');
-
-test_loaded("./resources/log.js?pipe=sub&name=GoodHash", ["log:GoodHash"],
-  'script was loaded, as its integrity check passed');
-
-test_not_loaded("./resources/log.js?pipe=sub&name=BadHashWithNoImport",
-  'Script with no import definition was not loaded, as it failed its' +
-  ' integrity check');
-
-test_not_loaded("bare",
-  'Bare specifier script was not loaded, as it failed its integrity check');
-
-test_loaded("bare2", ["log:F"],
-  'Bare specifier used for integrity loaded, as its definition should have' +
-  ' used the URL');
-
-test_loaded("./resources/log.js?pipe=sub&name=InvalidExtra",
+test_not_loaded(
+  "./resources/log.js?pipe=sub&name=ResolvesToBadHash",
+  "script was not loaded, as its resolved URL failed its integrity check"
+);
+test_loaded(
+  "./resources/log.js?pipe=sub&name=ResolvesToNoHash",
+  ["log:NoHash"],
+  "script was loaded, as its resolved URL had no integrity check, despite its specifier having one"
+);
+test_loaded(
+  "./resources/log.js?pipe=sub&name=GoodHash",
+  ["log:GoodHash"],
+  "script was loaded, as its integrity check passed"
+);
+test_not_loaded(
+  "./resources/log.js?pipe=sub&name=BadHashWithNoImport",
+  "Script with no import definition was not loaded, as it failed its integrity check"
+);
+test_not_loaded(
+  "bare",
+  "Bare specifier script was not loaded, as it failed its integrity check"
+);
+test_loaded(
+  "bare2",
+  ["log:F"],
+  "Bare specifier used for integrity loaded, as its definition should have used the URL"
+);
+test_loaded(
+  "./resources/log.js?pipe=sub&name=InvalidExtra",
  ["log:InvalidExtra"],
-  'script was loaded, as its integrity check passed, despite having an extra' +
-  ' invalid hash');
+  "script was loaded, as its integrity check passed, despite having an extra invalid hash"
+);
+test_loaded(
+  "./resources/log.js?pipe=sub&name=Suffix",
+  ["log:Suffix"],
+  "script was loaded, as its integrity check passed, despite having an invalid suffix"
+);
+test_loaded(
+  "./resources/log.js?pipe=sub&name=Multiple",
+  ["log:Multiple"],
+  "script was loaded, as its integrity check passed given multiple hashes. This also makes sure that the larger hash is picked"
+);
+test_loaded(
+  "./resources/log.js?pipe=sub&name=Bare",
+  ["log:Bare"],
+  "script was loaded, as its integrity check was ignored, as it was defined using a URL that looks like a bare specifier"
+);

-test_loaded("./resources/log.js?pipe=sub&name=Suffix", ["log:Suffix"],
-  'script was loaded, as its integrity check passed, despite having an' +
-  ' invalid suffix');
+promise_test(async () => {
+  log = [];
+  const img = new Image();
+  const promise = new Promise((resolve, reject) => {
+    img.onload = () => {
+      import('./resources/log.js?pipe=sub&name=EventHandlerPass').then(resolve).catch(reject);
+    };
+    img.src = "/images/green.png?1";
+  });

-test_loaded("./resources/log.js?pipe=sub&name=Multiple", ["log:Multiple"],
-  'script was loaded, as its integrity check passed given multiple hashes.' +
-  ' This also makes sure that the larger hash is picked.');
+  await promise;
+  assert_equals(log.length, 1);
+  assert_equals(log[0], "log:EventHandlerPass");
+}, "Script imported inside an event handler was loaded as its valid integrity check passed");

-test_loaded("./resources/log.js?pipe=sub&name=Bare",["log:Bare"],
-  'script was loaded, as its integrity check was ignored, as it was defined' +
-  ' using a URL that looks like a bare specifier');
+promise_test(async t => {
+  log = [];
+  const img = new Image();
+  const promise = new Promise((resolve, reject) => {
+    img.onload = () => {
+      import('./resources/log.js?pipe=sub&name=EventHandlerFail').then(resolve).catch(reject);
+    };
+    img.src = "/images/green.png?2";
+  });
+
+  await promise_rejects_js(t, TypeError, promise);
+}, "Script imported inside an event handler was not loaded as its integrity check failed");
 </script>

--- a/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html
+++ b/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html
@@ -23,6 +23,11 @@ let promise = new Promise((resolve, reject) => {
 </script>
 </head>
 <body>
+<!-- This is testing the part of
+https://html.spec.whatwg.org/multipage/webappapis.html#hostloadimportedmodule
+where step 6's condition is false and referencingScript remains null.
+Therefore, the onload event must be defined as an HTML attribute, outside of any script tag.
+-->
 <img src="/images/green.png?2"
  onload="import('./resources/log.js?pipe=sub&name=NoReferencingScriptValidCheck').then(promiseResolve).catch(promiseReject)">
 <script>
--- a/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html
+++ b/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html
@@ -23,6 +23,11 @@ let promise = new Promise((resolve, reject) => {
 </script>
 </head>
 <body>
+<!-- This is testing the part of
+https://html.spec.whatwg.org/multipage/webappapis.html#hostloadimportedmodule
+where step 6's condition is false and referencingScript remains null.
+Therefore, the onload event must be defined as an HTML attribute, outside of any script tag.
+-->
 <img src="/images/green.png"
  onload="import('./resources/log.js?pipe=sub&name=NoReferencingScriptInvalidCheck').then(promiseResolve).catch(promiseReject)">
 <script type="module">
--- a/testing/web-platform/tests/import-maps/nonimport-integrity.html
+++ b/testing/web-platform/tests/import-maps/nonimport-integrity.html
@@ -23,17 +23,24 @@ let log = [];
 }
 </script>
 <script type="module">
+const test_not_loaded = async (elem) => {
+  const promise = new Promise((resolve, reject) => {
+    elem.onload = () =>  {
+       reject(new Error("It shouldn't have loaded"));
+     };
+    elem.onerror = resolve;
+  });
+  document.head.appendChild(elem);
+  const event = await promise;
+  assert_equals(event.type, "error");
+};
+
 promise_test(async t => {
  log = [];
  const script = document.createElement("script");
  script.type = "module";
  script.src = "./resources/log.js?pipe=sub&name=ModuleNoIntegrity";
-  const promise = new Promise((resolve, reject) => {
-    script.onload = resolve;
-    script.onerror = () => { reject(Error()); };
-  });
-  document.head.appendChild(script);
-  await promise_rejects_js(t, Error, promise);
+  await test_not_loaded(script);
 }, "Script was not loaded as its integrity check was not ignored");

 promise_test(async () => {
@@ -74,12 +81,7 @@ promise_test(async t => {
  script.type = "module";
  script.integrity = "sha384-foobar";
  script.src = "./resources/log.js?pipe=sub&name=ModuleBadIntegrityAttribute";
-  const promise = new Promise((resolve, reject) => {
-    script.onload = resolve;
-    script.onerror = () => { reject(Error()); };
-  });
-  document.head.appendChild(script);
-  await promise_rejects_js(t, Error, promise);
+  await test_not_loaded(script);
 }, "Script was not loaded as its bad integrity attribute was not overridden");

 promise_test(async t => {
@@ -125,12 +127,7 @@ promise_test(async t => {
  link.rel = "modulepreload";
  link.integrity = "sha384-foobar";
  link.href = "./resources/log.js?pipe=sub&name=ModulePreloadBadIntegrityAttribute";
-  const promise = new Promise((resolve, reject) => {
-    link.onload = resolve;
-    link.onerror = () => { reject(Error()); };
-  });
-  document.head.appendChild(link);
-  await promise_rejects_js(t, Error, promise);
+  await test_not_loaded(link);
 }, "Modulepreload was not loaded as its bad integrity attribute was not ignored");

 promise_test(async () => {
--- a/testing/web-platform/tests/import-maps/static-integrity.html
+++ b/testing/web-platform/tests/import-maps/static-integrity.html
@@ -25,8 +25,8 @@ import './resources/log.js?pipe=sub&name=A';
 </script>
 <script type="module">
 test(t => {
-    assert_array_equals(log, []);
-  }, 'Static script did not load as it failed its integrity check');
+  assert_array_equals(log, []);
+}, 'Static script did not load as it failed its integrity check');
 log = [];
 </script>
 <script type="module">
@@ -34,8 +34,8 @@ import './resources/log.js?pipe=sub&name=C';
 </script>
 <script type="module">
 test(t => {
-    assert_array_equals(log, ["log:D"]);
-  }, 'Static script loaded as its integrity check passed');
+  assert_array_equals(log, ["log:D"]);
+}, 'Static script loaded as its integrity check passed');
 log = [];
 </script>
 <script type="module">
@@ -43,9 +43,9 @@ import './resources/log.js?pipe=sub&name=X';
 </script>
 <script type="module">
 test(t => {
-    assert_array_equals(log, []);
-  }, 'Static script did not load as it failed its integrity check, even' +
-     ' without an import defined');
+  assert_array_equals(log, []);
+}, 'Static script did not load as it failed its integrity check, even' +
+   ' without an import defined');
 log = [];
 </script>
 <script type="module">
@@ -53,16 +53,16 @@ import './resources/log.js?pipe=sub&name=Y';
 </script>
 <script type="module">
 test(t => {
-    assert_array_equals(log, ["log:Y"]);
-  }, 'Static script loaded as its integrity check passed without an import' +
-     ' defined');
+  assert_array_equals(log, ["log:Y"]);
+}, 'Static script loaded as its integrity check passed without an import' +
+   ' defined');
 log = [];
 </script>
 <script type="module" src="./resources/log.js?pipe=sub&name=Z">;
 </script>
 <script type="module">
 test(t => {
-    assert_array_equals(log, []);
-  }, 'HTML-based module script did not load as its integrity check failed.');
+  assert_array_equals(log, []);
+}, 'HTML-based module script did not load as its integrity check failed.');
 log = [];
 </script>