Bug 1733579 [wpt PR 31041] - [CSP] Added new policy violation source: wasm-eval, a=testonly

Automatic update from web-platform-tests
[CSP] Added new policy violation source: wasm-eval

This extends the suite of policy violation sources to include
a WebAssembly specific source: wasm-eval.

This has also been reflected in the PR
(w3c/webappsec-csp#293 (review))
against the CSP spec.

Added test for proper security violation event of the right form.

Bug: 948834
Change-Id: I0b76fd725136b7ddda92e629f147f5ba77c50ffb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3197842
Commit-Queue: Francis McCabe <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Reviewed-by: Mike West <[email protected]>
Reviewed-by: Antonio Sartori <[email protected]>
Reviewed-by: Andrey Kosyakov <[email protected]>
Reviewed-by: David Tseng <[email protected]>
Cr-Commit-Position: refs/heads/main@{#931206}

--

wpt-commits: 6ccfe6fafab233ee6063b7bfeabb107ad847a205
wpt-pr: 31041

Author: fgmccabe

testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js

@@ -0,0 +1,18 @@
+// META: global=window,worker
+let code = new Uint8Array([0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0]);
+async_test(t => {
+  self.addEventListener('securitypolicyviolation', t.step_func_done(e => {
+    assert_equals(e.violatedDirective, "script-src");
+    assert_equals(e.originalPolicy, "default-src 'self' 'unsafe-inline'")
+    assert_equals(e.blockedURI, "wasm-eval")
+  }));
+}, "Securitypolicyviolation event looks like it should");
+
+promise_test(t => {
+  return promise_rejects_js(
+      t, WebAssembly.CompileError,
+      WebAssembly.instantiate(code));
+});
+
+
+

testing/web-platform/tests/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.headers

@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self' 'unsafe-inline'