W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

[webappsec] new CSP test suite checkins!

From: Hill, Brad <bhill@paypal-inc.com>
Date: Mon, 6 May 2013 18:37:17 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>, "public-webappsec-testsuite@w3.org" <public-webappsec-testsuite@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E27A0D697@DEN-EXDDA-S12.corp.ebay.com>
Hello WebAppSec'ers.

I've checked in some new test cases as a framework example for CSP at:

http://w3c-test.org/webappsec/tests/csp/submitted/WG/

There is a CSP_ExampleTest.php that is a heavily commented example of how to write a CSP test using supporting infrastructure in the support/ subdirectory.  Of note is support for testing reporting inline with each test case by using a report listener that reflects the report data as a cookie, then loading an iframe that reads the cookie and tests properties of the report.  

These tests are also available to run (prefixed and not) through the test runner at:

http://w3c-test.org/webappsec/tests/testRunner/ 

I've also updated the CSP test assertions wiki page at:

http://www.w3.org/Security/wiki/Test_Assertions_For_Content_Security_Policy

To show myself as signed up for a test assertion and indicate the test file that executes the assertion.

I'd like to encourage folks to pick this up by signing up for assertions and committing tests.  I'm going to try to do at least one per workday going forward - if one or two other volunteers are willing to do the same I think we can be ready to advance CSP to Proposed Recommendation in a few weeks.

As a reminder, the test VM for working with tests can be downloaded from:

https://dl.dropboxusercontent.com/u/76057758/WebAppSecTestVM.tar.bz2 

user/pass is webappsec/webappsec

Thanks,

Brad Hill
Received on Monday, 6 May 2013 18:37:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC