def test_unsafe_inline_enabled_yes_case01(self):
"""
Test case in which site provides "unsafe-inline" related CSP for
script.
"""
hrds = {}
hrds[CSP_HEADER_FIREFOX] = CSP_DIRECTIVE_SCRIPT + " '" + \
CSP_DIRECTIVE_VALUE_UNSAFE_INLINE + "'"
hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_SCRIPT + " 'self';" + \
CSP_DIRECTIVE_REPORT_URI + " /myrelativeuri"
csp_headers = Headers(hrds.items())
http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
self.assertTrue(unsafe_inline_enabled(http_response))
def test_unsafe_inline_enabled_no_case01(self):
"""
Test case in which site do not provides "unsafe-inline" related CSP
(no directive value "unsafe-inline").
"""
hrds = {}
hrds[CSP_HEADER_FIREFOX] = CSP_DIRECTIVE_SCRIPT + " 'self'"
hrds[CSP_HEADER_W3C_REPORT_ONLY] = CSP_DIRECTIVE_DEFAULT + \
" 'self';" + CSP_DIRECTIVE_REPORT_URI + " http://example.com"
hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_SCRIPT + " 'self';" + \
CSP_DIRECTIVE_REPORT_URI + " /myrelativeuri"
csp_headers = Headers(hrds.items())
http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
self.assertFalse(unsafe_inline_enabled(http_response))
