test cases re broken inline content (ACTION-582) from Thomas Roessler on 2009-04-16 (public-wsc-wg@w3.org from April 2009)

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 16 Apr 2009 11:53:17 +0200
To: WSC WG public <public-wsc-wg@w3.org>
Message-Id: <30C6D974-BFF0-46C2-A93B-C147CE31ACEF@w3.org>

Here are the situations that I think we need to exercise:

1. inline content.  Page with (a) img, (b) script, (c) iframe, (d)  
frameset, where source URI comes from (i) different origin, (ii) same  
origin.

2. XHR.  Page with same-origin XHR, page with foreign-origin XHR  
(where supported).

For all these cases, we need to look at the following error conditions:

- toplevel page has clean TLS, dependent resource causes TLS error.

- toplevel page has TLS error, user clicks through, dependent resource  
causes same TLS error.
- toplevel page has TLS error, user clicks through, dependent resource  
causes different TLS error.
(These two are only usefully distinct for same-origin dependent  
resources.)

- toplevel page has HTTP, dependent resource causes TLS error.

Am I forgetting anything?
--
Thomas Roessler, W3C  <tlr@w3.org>

Received on Thursday, 16 April 2009 09:53:28 UTC