- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 16 Jul 2013 09:16:56 -0700
- To: Matt Wobensmith <mwobensmith@mozilla.com>
- Cc: "public-webappsec-testsuite@w3.org" <public-webappsec-testsuite@w3.org>
- Message-ID: <CAEeYn8hS1siTBSHQH=Es5u5p7aeig-0YjaXmdVe3ZU=A-mdytQ@mail.gmail.com>
Matt, My guess is that you're right and we would require files of the appropriate media types for the plugins we want to test. I think it would be fine to check these in as binaries under support/media/, but of course we need to either create them or find ones available with the correct license. As far as testing for plugin support, I guess you could do standard feature detection or accept header processing. Or you could use plugin types with DOM access and have them call back in to the page and make the test fail if they load. Finally, you could make some of these manual tests where the tester is asked to visually confirm whether the plugin rendered and assess the test status. You can see an example of a manual test in the MANIFEST, CSP_1_7.php, the test for javascript: uris. Hope this helps. -Brad On Mon, Jul 15, 2013 at 4:44 PM, Matt Wobensmith <mwobensmith@mozilla.com>wrote: > Hi - > > This is probably answered in some important documentation that I have yet > to read. Apologies if so, and tell me if that is the case. > > I'm making my first tests for the CSP suite. I've decided to tackle > section 2.1, object-src directive. This appears to require external files > (SWF, applet) unless I can figure out ways to test without actually needing > them. > > So my questions would be: > > - Do I require external files? (I think I do.) > - Where do these external files go in the CSP and/or site tree? > - When we write tests that assume plugins exist, do we have any guidelines > around that? > > Thanks in advance for any help. > > Best, > > Matt Wobensmith > QA Engineer > Mozilla Corporation > > >
Received on Tuesday, 16 July 2013 16:17:24 UTC