Add support for script-src-attr / elem and style-src-attr / elem directives

These directives can be used in Chrome 75.
Ref: https://www.chromestatus.com/feature/5141352765456384

1 files changed, 24 insertions, 0 deletions

diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb
index a4634626bb..3d60dc1661 100644
--- a/actionpack/test/dispatch/content_security_policy_test.rb
+++ b/actionpack/test/dispatch/content_security_policy_test.rb
@@ -128,12 +128,36 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase
     @policy.script_src false
     assert_no_match %r{script-src}, @policy.build
 
+    @policy.script_src_attr :self
+    assert_match %r{script-src-attr 'self'}, @policy.build
+
+    @policy.script_src_attr false
+    assert_no_match %r{script-src-attr}, @policy.build
+
+    @policy.script_src_elem :self
+    assert_match %r{script-src-elem 'self'}, @policy.build
+
+    @policy.script_src_elem false
+    assert_no_match %r{script-src-elem}, @policy.build
+
     @policy.style_src :self
     assert_match %r{style-src 'self'}, @policy.build
 
     @policy.style_src false
     assert_no_match %r{style-src}, @policy.build
 
+    @policy.style_src_attr :self
+    assert_match %r{style-src-attr 'self'}, @policy.build
+
+    @policy.style_src_attr false
+    assert_no_match %r{style-src-attr}, @policy.build
+
+    @policy.style_src_elem :self
+    assert_match %r{style-src-elem 'self'}, @policy.build
+
+    @policy.style_src_elem false
+    assert_no_match %r{style-src-elem}, @policy.build
+
     @policy.worker_src :self
     assert_match %r{worker-src 'self'}, @policy.build