Revision 9b9293f0a667ca23ded04060894c2ce9e4a3e19c authored by Brian Birtles on 15 February 2018, 11:42:52 UTC, committed by moz-wptsync-bot on 15 February 2018, 11:42:52 UTC
These tests test the behavior introduced in the following changesets to the Web Animations specification: 1. https://github.com/w3c/csswg-drafts/commit/5af5e276badf4df0271bcfa0b8e7837fff24133a 2. https://github.com/w3c/csswg-drafts/commit/673f6fc1269829743c707c53dcb04092f958de35 which can be viewed as a merged diff at: https://gist.github.com/birtles/d147eb2e0e2d4d37fadf217abd709411 See the following spec issues: 1. https://github.com/w3c/csswg-drafts/issues/2059 2. https://github.com/w3c/csswg-drafts/issues/2266 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1436659 gecko-commit: 7465cb110ae5ec2e2ca73182caf5293f0efc8fd5 gecko-integration-branch: central gecko-reviewers: hiro
1 parent eb7491d
securecontext.http.html
<!DOCTYPE html>
<meta charset="utf-8">
<title>WebAuthn Secure Context Tests</title>
<link rel="author" title="Adam Powers" href="mailto:adam@fidoalliance.org">
<link rel="help" href="https://w3c.github.io/webauthn/#iface-credential">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src=helpers.js></script>
<body></body>
<script>
standardSetup(function() {
"use strict";
// See https://www.w3.org/TR/secure-contexts/
// Section 1.1 - 1.4 for list of examples referenced below
// Example 1
// http://example.com/ opened in a top-level browsing context is not a secure context, as it was not delivered over an authenticated and encrypted channel.
test (() => {
assert_false (typeof navigator.credentials === "object" && typeof navigator.credentials.create === "function");
}, "no navigator.credentials.create in non-secure context");
// Example 4: TODO
// If a non-secure context opens https://example.com/ in a new window, then things are more complicated. The new window’s status depends on how it was opened. If the non-secure context can obtain a reference to the secure context, or vice-versa, then the new window is not a secure context.
//
// This means that the following will both produce non-secure contexts:
//<a href="https://example.com/" target="_blank">Link!</a>
// <script>
// var w = window.open("https://example.com/");
// < /script>
// Example 6: TODO
// If https://example.com/ was somehow able to frame http://non-secure.example.com/ (perhaps the user has overridden mixed content checking?), the top-level frame would remain secure, but the framed content is not a secure context.
// Example 7: TODO
// If, on the other hand, https://example.com/ is framed inside of http://non-secure.example.com/, then it is not a secure context, as its ancestor is not delivered over an authenticated and encrypted channel.
// Example 9: TODO
// If http://non-secure.example.com/ in a top-level browsing context frames https://example.com/, which runs https://example.com/worker.js, then neither the framed document nor the worker are secure contexts.
// Example 12: TODO
// https://example.com/ nested in http://non-secure.example.com/ may not connect to the secure worker, as it is not a secure context.
// Example 13: TODO
// Likewise, if https://example.com/ nested in http://non-secure.example.com/ runs https://example.com/worker.js as a Shared Worker, then both the document and the worker are considered non-secure.
});
</script>
Computing file changes ...
