JavaScriptBench
diff --git a/Collapse file
‎LayoutTests/ChangeLog‎
Copy file name to clipboardExpand all lines: LayoutTests/ChangeLog
+40Lines changed: 40 additions & 0 deletions b/Collapse file
‎LayoutTests/ChangeLog‎
Copy file name to clipboardExpand all lines: LayoutTests/ChangeLog
+40Lines changed: 40 additions & 0 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html‎
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html
+9-2Lines changed: 9 additions & 2 deletions b/Collapse file
‎LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html‎
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html
+9-2Lines changed: 9 additions & 2 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin-expected.txt‎
Copy file name to clipboard
+5Lines changed: 5 additions & 0 deletions b/Collapse file
‎LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin-expected.txt‎
Copy file name to clipboard
+5Lines changed: 5 additions & 0 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html‎
Copy file name to clipboard
+23Lines changed: 23 additions & 0 deletions b/Collapse file
‎LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html‎
Copy file name to clipboard
+23Lines changed: 23 additions & 0 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-images-expected.txt‎
Copy file name to clipboard
+17Lines changed: 17 additions & 0 deletions b/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-images-expected.txt‎
Copy file name to clipboard
+17Lines changed: 17 additions & 0 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-images-parallel-expected.txt‎
Copy file name to clipboard
+17Lines changed: 17 additions & 0 deletions b/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-images-parallel-expected.txt‎
Copy file name to clipboard
+17Lines changed: 17 additions & 0 deletions
diff --git a/Collapse file
‎…oss-origin-cached-resource-parallel.html‎ ‎…cross-origin-cached-images-parallel.html‎LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html
+11-12Lines changed: 11 additions & 12 deletions b/Collapse file
‎…oss-origin-cached-resource-parallel.html‎ ‎…cross-origin-cached-images-parallel.html‎LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html
+11-12Lines changed: 11 additions & 12 deletions
diff --git a/Collapse file
‎…curity/cross-origin-cached-resource.html‎ ‎…security/cross-origin-cached-images.html‎LayoutTests/http/tests/security/cross-origin-cached-resource.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images.html LayoutTests/http/tests/security/cross-origin-cached-resource.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images.html
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/security/cross-origin-cached-images.html
+9-10Lines changed: 9 additions & 10 deletions b/Collapse file
‎…curity/cross-origin-cached-resource.html‎ ‎…security/cross-origin-cached-images.html‎LayoutTests/http/tests/security/cross-origin-cached-resource.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images.html LayoutTests/http/tests/security/cross-origin-cached-resource.html renamed to LayoutTests/http/tests/security/cross-origin-cached-images.html
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/security/cross-origin-cached-images.html
+9-10Lines changed: 9 additions & 10 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt‎
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt
-19Lines changed: 0 additions & 19 deletions b/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt‎
Copy file name to clipboardExpand all lines: LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt
-19Lines changed: 0 additions & 19 deletions
diff --git a/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-scripts-expected.txt‎
Copy file name to clipboard
+13Lines changed: 13 additions & 0 deletions b/Collapse file
‎LayoutTests/http/tests/security/cross-origin-cached-scripts-expected.txt‎
Copy file name to clipboard
+13Lines changed: 13 additions & 0 deletions
@@ -1,3 +1,43 @@
+2016-09-12  Youenn Fablet  <youenn@apple.com>
+
+        ScriptElement should use FetchOptions::mode according its crossOrigin attribute
+        https://bugs.webkit.org/show_bug.cgi?id=161686
+
+        Reviewed by Darin Adler.
+
+        Added new tests.
+        Updated cookie test for robustness as the order of the cookie items when more than one may not be preserved.
+
+        Moved one of the blink test to http/tests as it requires HTTP to run properly.
+        Updated blink test expectation as it is run from file, while it should be run from http.
+
+        Copied a similar test to http/tests/local to ensure that script load fails when served from the filesystem , CORS check failing.
+        The test was previously passing in WebKit as the test file was served from filesystem and was granted universal access.
+        The CORS checks were done through SecurityOrigin::canRequest which was testing that first.
+        With the patch, CORS checks are done at a lower level and do not take in to account universal access.
+        This aligns with Chrome and Firefox behavior.
+
+        * http/tests/local/script-crossorigin-loads-fail-origin-expected.txt: Added.
+        * http/tests/local/script-crossorigin-loads-fail-origin.html: Copied from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
+        * http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: Sorting the cookie to make the test more resistant.
+        * http/tests/security/cross-origin-cached-images-expected.txt: Added.
+        * http/tests/security/cross-origin-cached-images-parallel-expected.txt: Added.
+        * http/tests/security/cross-origin-cached-images-parallel.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html.
+        * http/tests/security/cross-origin-cached-images.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource.html.
+        * http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Removed.
+        * http/tests/security/cross-origin-cached-scripts-expected.txt: Added.
+        * http/tests/security/cross-origin-cached-scripts-parallel-expected.txt: Added.
+        * http/tests/security/cross-origin-cached-scripts-parallel.html: Added.
+        * http/tests/security/cross-origin-cached-scripts.html: Added.
+        * http/tests/security/resources/cors-script.php: Updated according chromium script to activate CORS credentials header if requested.
+        * http/tests/security/resources/cross-origin-cached-resource-iframe.html:
+        * http/tests/security/resources/notify-loaded.js: Added.
+        * http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt.
+        * http/tests/security/script-crossorigin-loads-correctly-credentials.html: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
+        * http/tests/security/script-with-dataurl-expected.txt: Added.
+        * http/tests/security/script-with-dataurl.html: Added.
+        * http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt:
+
 2016-09-12  Fujii Hironori  <Hironori.Fujii@sony.com>
 
         [GTK] Fix lint warnings of LayoutTests/platform/gtk/TestExpectations
 
@@ -21,11 +21,18 @@
         alert("Unknown message.");
 }
 
+function sortCookie(cookie)
+{
+    var items = cookie.split("; ");
+    items.sort();
+    return items.join("; ");
+}
+
 var stage = 1;
 function showCookies()
 {
-    alert("Test stage " + stage++ + " document.cookie is: " + document.cookie);
-    parent.window.postMessage("done", "*");    
+    alert("Test stage " + stage++ + " document.cookie is: " + sortCookie(document.cookie));
+    parent.window.postMessage("done", "*");
 }
 
 function sendXHR(queryCommand)
 
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Origin  is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+This test fails if the script loads correctly.
+
+PASS
@@ -0,0 +1,23 @@
+<body>
+<p>This test fails if the script loads correctly.</p>
+<pre></pre>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+function done(msg) {
+    document.querySelector("pre").innerHTML = msg;
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+var script = document.createElement("script");
+script.crossOrigin = "use-credentials";
+// We are serving the test from the filesystem, so it should fail as authorized origin is 127.0.0.1:8000.
+script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=true";
+script.onload = function() { done("FAIL"); }
+script.onerror = function() { done("PASS");}
+document.body.appendChild(script);
+</script>
@@ -0,0 +1,17 @@
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+Tests source origin difference for cached resources.
+
+Trying to load sequentially the same image from different origins.
+Test 1 PASS: Loaded img http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 2 PASS: Loaded img http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8080 (crossOrigin=anonymous)
+Test 3 PASS: Loaded img http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8000 (crossOrigin=anonymous)
+Test 4 PASS: Did not load img http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080 (crossOrigin=anonymous)
+Test 5 PASS: Loaded img http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000
+Test 6 PASS: Loaded img http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 7 PASS: Loaded img http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080
+Test 8 PASS: Did not load img http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080 (crossOrigin=anonymous)
+     
+     
@@ -0,0 +1,17 @@
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+Tests source origin difference for cached resources.
+
+Trying to load sequentially the same image from different origins.
+Test 1 PASS: Loaded img http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 2 PASS: Loaded img http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8080 (crossOrigin=anonymous)
+Test 3 PASS: Loaded img http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200 from localhost:8000 (crossOrigin=anonymous)
+Test 4 PASS: Did not load img http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200 from localhost:8080 (crossOrigin=anonymous)
+Test 5 PASS: Loaded img http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000
+Test 6 PASS: Loaded img http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 7 PASS: Loaded img http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200 from localhost:8080
+Test 8 PASS: Did not load img http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200 from localhost:8080 (crossOrigin=anonymous)
+     
+     
@@ -1,8 +1,7 @@
 <html>
 <body>
 <p>Tests source origin difference for cached resources.</p
-<p>Trying to load sequentially the same image from various origins.</p>
-<p>All images should load.</p>
+<p>Trying to load sequentially the same image from different origins.</p>
 <div id="console"></div>
 <div>
     <iframe id="iframe1"></iframe>
@@ -40,28 +39,28 @@
 var iframeURL8080 = "http://localhost:8080/security/resources/cross-origin-cached-resource-iframe.html";
 
 var allowAllImage1 = "http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache";
-var allow8000Image1 = "http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
+var allow8000Image1 = "http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200";
 
 var allowAllImage2 = "http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache";
-var allow8000Image2 = "http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
+var allow8000Image2 = "http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200";
 
 document.getElementById('iframe1').src = iframeURL8000 + "#" +
-    encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
 document.getElementById('iframe2').src = iframeURL8080 + "#" +
-    encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
 document.getElementById('iframe3').src = iframeURL8000 + "#" +
-    encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
 document.getElementById('iframe4').src = iframeURL8080 + "#" +
-    encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
 
 document.getElementById('iframe5').src = iframeURL8000 + "#" +
-    encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, id: 5}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, id: 5}));
 document.getElementById('iframe6').src = iframeURL8000 + "#" +
-    encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
 document.getElementById('iframe7').src = iframeURL8080 + "#" +
-    encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:true, id: 7}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:true, id: 7}));
 document.getElementById('iframe8').src = iframeURL8080 + "#" +
-    encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
+    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
 </script>
 </body>
 </html>
@@ -1,8 +1,7 @@
 <html>
 <body>
 <p>Tests source origin difference for cached resources.</p
-<p>Trying to load sequentially the same image from various origins.</p>
-<p>All images should load.</p>
+<p>Trying to load sequentially the same image from different origins.</p>
 <div id="console"></div>
 <div>
     <iframe id="iframe1"></iframe>
@@ -43,31 +42,31 @@
     // Four first tests try to load an image with a given origin and then the same image (in cache) with a different origin.
     if (counter == 1)
         document.getElementById('iframe1').src = iframeURL8000 + "#" +
-            encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
     else if (counter == 2)
         document.getElementById('iframe2').src = iframeURL8080 + "#" +
-            encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
     else if (counter == 3)
         document.getElementById('iframe3').src = iframeURL8000 + "#" +
-            encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
     // Fourth image load should fail since requesting image from localhost:8080 while only allowed from localhost:8000.
     else if (counter == 4)
         document.getElementById('iframe4').src = iframeURL8080 + "#" +
-            encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
 
     // Four next tests try to load a cross-origin image without cors and then with cors.
     else if (counter == 5)
         document.getElementById('iframe5').src = iframeURL8000 + "#" +
-            encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, id: 5}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, id: 5}));
     else if (counter == 6)
         document.getElementById('iframe6').src = iframeURL8000 + "#" +
-            encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
     else if (counter == 7)
         document.getElementById('iframe7').src = iframeURL8080 + "#" +
-            encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:true, id: 7}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:true, id: 7}));
     else if (counter == 8)
         document.getElementById('iframe8').src = iframeURL8080 + "#" +
-            encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
+            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
     else if (window.testRunner)
         testRunner.notifyDone();
 }
 
@@ -0,0 +1,13 @@
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
+Tests source origin difference for cached resources.
+
+Trying to load sequentially the same script from different origins.
+Test 1 PASS: Loaded script http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&name=notify-loaded.js from localhost:8000 (crossOrigin=anonymous)
+Test 2 PASS: Did not load script http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&name=notify-loaded.js from localhost:8080 (crossOrigin=anonymous)
+Test 3 PASS: Loaded script http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&name=notify-loaded.js from localhost:8080
+Test 4 PASS: Did not load script http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&name=notify-loaded.js from localhost:8080 (crossOrigin=anonymous)
+  
+