W3C home > Mailing lists > Public > www-archive@w3.org > September 2012

RE: CSP 1.0 browser compliance testing

From: Hill, Brad <bhill@paypal-inc.com>
Date: Thu, 13 Sep 2012 20:55:54 +0000
To: Erlend Oftedal <eoftedal@gmail.com>, Odin HÝrthe Omdal <odinho@opera.com>, "public-webappsec-testsuite@w3.org" <public-webappsec-testsuite@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E261630@DEN-EXDDA-S12.corp.ebay.com>
Moving this discussion to public-webappsec-testsuite@w3.org - Erlend, you'll probably want to subscribe there, too.

http://lists.w3.org/Archives/Public/public-webappsec-testsuite/

I created a test VM to mirror the environment at the W3C test server, so we can build tests that are ready-to-run when they are checked in.  This is important since so many of our features rely on making cross-origin requests.  I've attached the PDF deck of the slides I made briefly explaining the system for the last Face-to-face meeting, and I'll send you a link to the VM download once I get it updated.  (working on that today)

-Brad

> -----Original Message-----
> From: Erlend Oftedal [mailto:eoftedal@gmail.com]
> Sent: Thursday, September 13, 2012 1:46 PM
> To: Odin HÝrthe Omdal; public-webappsec@w3.org
> Subject: RE: CSP 1.0 browser compliance testing
> 
> That's the plan. Need to look into the testharness.js framework and see how
> they can be adapted. Do you have any test examples?
> 
> Best regards,
> Erlend
> 
> From: Odin HÝrthe Omdal
> Sent: 10.09.2012 11:56
> To: public-webappsec@w3.org
> Subject: Re: CSP 1.0 browser compliance testing On Fri, 07 Sep 2012 19:41:16
> +0200, Erlend Oftedal <erlend@oftedal.no>
> wrote:
> > Contributions in terms of new tests and QA of the existing ones are
> > highly appreciated (other contributions as well of course). See below
> > if you are interested.
> 
> Hi, this is very cool, Erlend! The web needs more tests!
> 
> I'm wondering about the license on your tests?
> 
> 
> It would be highly beneficial to get this into the w3c test system, so that it can
> run on w3c-test.org. Browser vendors regularly import tests  from w3c into
> their own automatic testing system.
> 
> Even better than having tests, is having tests that are run all the time for
> regression testing ;-)
> 
> 
> However, backend has to be PHP, and frontend has to use testharness.js.
> 
> If the license allows it, I guess one of the hack-sessions on Test The Web
> Forward in Paris ( http://testthewebforward.org/paris-2012.html ) could be to
> port CSP-tests to testharness.js.
> 
> --
> Odin HÝrthe Omdal (Velmont/odinho) ∑ Core, Opera Software,
> http://opera.com




Received on Monday, 17 September 2012 09:50:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 November 2012 14:18:57 GMT