Completely failed files: 384; Completely failed subtests: 158; Failure level: 158/911 (17.34%)
| Test | Ch73 |
|---|---|
| /content-security-policy/style-src-attr-elem/style-src-attr-blocked-src-allowed.html (1/2, 50.00%, 0.11% of total) | TIMEOUT |
| Should fire a security policy violation event | NOTRUN |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | NOTRUN |
| /content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html (3/3, 100.00%, 0.33% of total) | OK |
| Navigated iframe is upgraded and reported | FAIL |
| Upgraded iframe is reported | FAIL |
| Upgraded image is reported | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | NOTRUN |
| /content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests | TIMEOUT |
| /content-security-policy/navigate-to/form-cross-origin-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html (1/1, 100.00%, 0.11% of total) | OK |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value '*' should render in nested frames. | NOTRUN |
| /content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Test that the child iframe navigation is allowed | NOTRUN |
| /content-security-policy/navigation/javascript-url-navigation-inherits-csp.html (1/1, 100.00%, 0.11% of total) | OK |
| javascript-url-navigation-inherits-csp | FAIL |
| /content-security-policy/navigate-to/link-click-redirected-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/style-src-attr-elem/style-src-elem-allowed-attr-blocked.html (1/2, 50.00%, 0.11% of total) | TIMEOUT |
| Should fire a security policy violation for the attribute | NOTRUN |
| /content-security-policy/navigate-to/parent-navigates-child-blocked.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the parent can't navigate the child because the relevant policy belongs to the navigation initiator (in this case the parent, which has the policy `navigate-to support/wait_for_navigation.html;`) | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/securitypolicyviolation/inside-service-worker.https.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| undefined | TIMEOUT |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames. | NOTRUN |
| /content-security-policy/style-src-attr-elem/style-src-attr-allowed-src-blocked.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| undefined | TIMEOUT |
| /content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html (1/1, 100.00%, 0.11% of total) | OK |
| Should convert the script contents to UTF-8 before hashing | FAIL |
| /content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-self-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'self' should block rendering. | NOTRUN |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames. | NOTRUN |
| /content-security-policy/securitypolicyviolation/inside-dedicated-worker.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| undefined | TIMEOUT |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | NOTRUN |
| /content-security-policy/unsafe-hashes/style_attribute_allowed.html (1/1, 100.00%, 0.11% of total) | OK |
| Test that the inline style attribute is loaded | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | NOTRUN |
| /content-security-policy/media-src/media-src-redir-bug.sub.html (5/5, 100.00%, 0.55% of total) | TIMEOUT |
| In-policy async video source element | NOTRUN |
| In-policy async video source element w/redir | NOTRUN |
| In-policy async video src | NOTRUN |
| Should not fire policy violation events | NOTRUN |
| in-policy async video src w/redir | NOTRUN |
| /content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Should fire a security policy violation event | NOTRUN |
| /content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html (2/2, 100.00%, 0.22% of total) | TIMEOUT |
| Should fire a security policy violation for the inline block | NOTRUN |
| The inline style should not be applied and the attribute style should be applied | FAIL |
| /content-security-policy/securitypolicyviolation/blockeduri-eval.html (1/1, 100.00%, 0.11% of total) | OK |
| Eval violations have a blockedURI of 'eval' | FAIL |
| /content-security-policy/securitypolicyviolation/inside-shared-worker.html (1/3, 33.33%, 0.11% of total) | TIMEOUT |
| SecurityPolicyViolation event fired on global with the correct blockedURI. | TIMEOUT |
| /content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html (1/2, 50.00%, 0.11% of total) | TIMEOUT |
| Test that no spv event is raised | NOTRUN |
| /content-security-policy/reporting/report-same-origin-with-cookies.html (1/3, 33.33%, 0.11% of total) | OK |
| Test report cookies. | FAIL |
| /content-security-policy/media-src/media-src-7_2.html (3/3, 100.00%, 0.33% of total) | TIMEOUT |
| In-policy audio source element | NOTRUN |
| In-policy audio src | NOTRUN |
| Should not fire policy violation events | NOTRUN |
| /content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Test that the javascript: src is not allowed to run | NOTRUN |
| /content-security-policy/media-src/media-src-7_3.sub.html (2/2, 100.00%, 0.22% of total) | TIMEOUT |
| In-policy track element | NOTRUN |
| Should not fire policy violation events | NOTRUN |
| /content-security-policy/navigate-to/href-location-redirected-allowed.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Test that the child iframe navigation is allowed | NOTRUN |
| /content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html (1/1, 100.00%, 0.11% of total) | OK |
| Should convert the script contents to UTF-8 before hashing | FAIL |
| /content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html (1/2, 50.00%, 0.11% of total) | TIMEOUT |
| Should fire a security policy violation for the attribute | NOTRUN |
| /content-security-policy/connect-src/worker-from-guid.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting logs: ["violated-directive=connect-src","xhr blocked","TEST COMPLETE"] | FAIL |
| /content-security-policy/navigate-to/link-click-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/sandbox/window-reuse-sandboxed.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Window object should not be reused | NOTRUN |
| /content-security-policy/navigate-to/form-redirected-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/securitypolicyviolation/idlharness.window.html (8/41, 19.51%, 0.88% of total) | OK |
| SecurityPolicyViolationEvent interface: attribute blockedURL | FAIL |
| SecurityPolicyViolationEvent interface: attribute colno | FAIL |
| SecurityPolicyViolationEvent interface: attribute documentURL | FAIL |
| SecurityPolicyViolationEvent interface: attribute lineno | FAIL |
| SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "blockedURL" with the proper type | FAIL |
| SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "colno" with the proper type | FAIL |
| SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "documentURL" with the proper type | FAIL |
| SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "lineno" with the proper type | FAIL |
| /content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html (1/1, 100.00%, 0.11% of total) | OK |
| Should convert the script contents to UTF-8 before hashing | FAIL |
| /content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting logs: ["violated-directive=script-src","PASS"] | FAIL |
| /content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html (2/2, 100.00%, 0.22% of total) | TIMEOUT |
| Test that the child iframe navigation is not allowed | NOTRUN |
| Violation report status OK. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html (1/1, 100.00%, 0.11% of total) | OK |
| A 'frame-ancestors' CSP directive with '*' should allow rendering. | FAIL |
| /content-security-policy/navigate-to/form-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/script-src/script-src-1_10.html (1/2, 50.00%, 0.11% of total) | OK |
| Test that securitypolicyviolation event is fired | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | NOTRUN |
| /content-security-policy/navigate-to/meta-refresh-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html (1/2, 50.00%, 0.11% of total) | TIMEOUT |
| Should fire a security policy violation for the attribute | NOTRUN |
| /content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html (1/1, 100.00%, 0.11% of total) | OK |
| Should convert the script contents to UTF-8 before hashing | FAIL |
| /content-security-policy/plugin-types/plugintypes-mismatched-url.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Should not load the object because its declared type does not match its actual type | NOTRUN |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'same' should block render in same-origin nested frames. | NOTRUN |
| /content-security-policy/script-src/worker-set-timeout-blocked.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting alerts: ["setTimeout blocked"] | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames. | NOTRUN |
| /content-security-policy/embedded-enforcement/required_csp-header.html (25/70, 35.71%, 2.74% of total) | TIMEOUT |
| Test cross origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe. | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - comma separated | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - gibberish csp | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - html encoded string | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - missing semicolon | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - misspeled 'none' | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - query values in path | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - report-to present | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - report-uri present | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - unknown policy name | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives | TIMEOUT |
| Test cross origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - url encoded string | TIMEOUT |
| Test same origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe. | TIMEOUT |
| Test same origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty. | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - comma separated | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - gibberish csp | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - html encoded string | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - missing semicolon | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - misspeled 'none' | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - query values in path | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - report-to present | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - report-uri present | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - unknown policy name | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives | TIMEOUT |
| Test same origin redirect: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - url encoded string | TIMEOUT |
| /content-security-policy/navigate-to/href-location-redirected-blocked.sub.html (2/2, 100.00%, 0.22% of total) | TIMEOUT |
| Test that the child iframe navigation is not allowed | NOTRUN |
| Violation report status OK. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-none-block.html (1/1, 100.00%, 0.11% of total) | OK |
| A 'frame-ancestors' CSP directive with a value 'none' should block rendering. | FAIL |
| /content-security-policy/style-src/inline-style-attribute-allowed.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting logs: ["PASS"] | FAIL |
| /content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Test that violation report event was fired | FAIL |
| /content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html (1/1, 100.00%, 0.11% of total) | OK |
| `strict-dynamic` does not drop whitelists in `img-src`. | FAIL |
| /content-security-policy/style-src-attr-elem/style-src-elem-allowed-src-blocked.html (1/1, 100.00%, 0.11% of total) | OK |
| Inline style should be applied | FAIL |
| /content-security-policy/style-src/style-blocked.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting logs: ["violated-directive=style-src","PASS"] | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html (1/1, 100.00%, 0.11% of total) | OK |
| A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames. | FAIL |
| /content-security-policy/prefetch-src/prefetch-allowed.html (1/3, 33.33%, 0.11% of total) | OK |
| Prefetch succeeds when allowed by prefetch-src | FAIL |
| /content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html (2/2, 100.00%, 0.22% of total) | TIMEOUT |
| Should fire a security policy violation event | NOTRUN |
| The inline style should not be applied | FAIL |
| /content-security-policy/script-src/worker-importscripts-blocked.sub.html (1/2, 50.00%, 0.11% of total) | OK |
| worker-importscripts-blocked | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate. | NOTRUN |
| /content-security-policy/plugin-types/plugintypes-mismatched-data.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Should not load the object because its declared type does not match its actual type | NOTRUN |
| /content-security-policy/connect-src/worker-connect-src-blocked.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting logs: ["xhr blocked","TEST COMPLETE"] | FAIL |
| /content-security-policy/prefetch-src/prefetch-header-blocked.html (1/3, 33.33%, 0.11% of total) | TIMEOUT |
| Prefetch via `Link` header succeeds when allowed by prefetch-src | TIMEOUT |
| /content-security-policy/form-action/form-action-src-redirect-blocked.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Expecting logs: ["violated-directive=form-action","TEST COMPLETE"] | FAIL |
| /content-security-policy/navigate-to/href-location-allowed.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Test that the child iframe navigation is allowed | NOTRUN |
| /content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html (1/3, 33.33%, 0.11% of total) | OK |
| Violation report status OK. | FAIL |
| /content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html (1/2, 50.00%, 0.11% of total) | OK |
| Violation report status OK. | FAIL |
| /content-security-policy/inside-worker/shared-inheritance.html (3/15, 20.00%, 0.33% of total) | TIMEOUT |
| Cross-origin 'fetch()' in http: | TIMEOUT |
| Cross-origin XHR in http: | TIMEOUT |
| Same-origin => cross-origin 'fetch()' in http: | TIMEOUT |
| /content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html (1/1, 100.00%, 0.11% of total) | OK |
| Test that the child iframe navigation is blocked | FAIL |
| /content-security-policy/navigate-to/href-location-blocked.sub.html (2/2, 100.00%, 0.22% of total) | TIMEOUT |
| Test that the child iframe navigation is not allowed | NOTRUN |
| Violation report status OK. | FAIL |
| /content-security-policy/media-src/media-src-7_1.html (3/3, 100.00%, 0.33% of total) | TIMEOUT |
| In-policy async video source element | NOTRUN |
| In-policy async video src | NOTRUN |
| Should not fire policy violation events | NOTRUN |
| /content-security-policy/media-src/media-src-blocked.sub.html (1/5, 20.00%, 0.11% of total) | TIMEOUT |
| Test that securitypolicyviolation events are fired | TIMEOUT |
| /content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`) | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a URL value should compare against each frame's origin rather than URL, so a nested frame with a sandboxed parent frame should be blocked due to the parent having a unique origin. | NOTRUN |
| /content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Test that the javascript: src is allowed to run | NOTRUN |
| /content-security-policy/prefetch-src/prefetch-blocked.html (1/3, 33.33%, 0.11% of total) | OK |
| Blocked prefetch generates report. | FAIL |
| /content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html (2/2, 100.00%, 0.22% of total) | OK |
| Test that the child iframe navigation is not allowed | FAIL |
| Violation report status OK. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value '*' should render in nested frames. | NOTRUN |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames. | NOTRUN |
| /content-security-policy/frame-ancestors/frame-ancestors-url-block.html (1/1, 100.00%, 0.11% of total) | OK |
| A 'frame-ancestors' CSP directive with a URL which doesn't match this origin should be blocked. | FAIL |
| /content-security-policy/sandbox/window-reuse-unsandboxed.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Window object should be reused | NOTRUN |
| /content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| Test that the javascript: src is not allowed to run | NOTRUN |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames. | NOTRUN |
| /content-security-policy/inheritance/window.html (4/4, 100.00%, 0.44% of total) | TIMEOUT |
| `document.write` into `window.open()` inherits policy. | FAIL |
| window.open('blob:...') inherits policy. | TIMEOUT |
| window.open('javascript:...') inherits policy. | TIMEOUT |
| window.open() inherits policy. | FAIL |
| /content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html (1/1, 100.00%, 0.11% of total) | TIMEOUT |
| A 'frame-ancestors' CSP directive with a value '*' should render in nested frames. | NOTRUN |