Index: LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html |
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html b/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html |
index 155823be9342039cf1a1c53df927099dc0ccf461..33e21c8a2a89dd3f71a2ef7661b49a2f200e3f1a 100644 |
--- a/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html |
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html |
@@ -2,29 +2,29 @@ |
<html> |
<head> |
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' 'self'"> |
- </head> |
- <body> |
- <p> |
- blob: URLs are same-origin with the page in which they were created, |
- and should therefore match the 'self' source in CSP directives. |
- </p> |
- |
+ <script src="/resources/testharness.js"></script> |
+ <script src="/resources/testharnessreport.js"></script> |
<script> |
- if (window.testRunner) { |
- testRunner.dumpAsText(); |
- testRunner.waitUntilDone(); |
- } |
- function pass() { |
- alert("PASS (1/1)!"); |
- if (window.testRunner) |
- testRunner.notifyDone(); |
- } |
+ var t = async_test("blob: does not match 'self' (see step 2 of http://www.w3.org/TR/CSP2/#match-source-expression)"); |
+ |
+ t.step(function () { |
+ var b = new Blob(['assert_unreached();'], { type: 'application/javascript' }); |
- var b = new Blob(['pass();'], { type: 'application/javascript' }); |
+ var script = document.createElement('script'); |
+ |
+ script.addEventListener('load', t.step_func(function () { |
+ assert_unreached(); |
+ })); |
- var script = document.createElement('script'); |
- script.src = URL.createObjectURL(b); |
- document.body.appendChild(script); |
+ script.addEventListener('error', t.step_func(function () { |
+ t.done(); |
+ })); |
+ |
+ script.src = URL.createObjectURL(b); |
+ document.head.appendChild(script); |
+ }); |
</script> |
+ </head> |
+ <body> |
</body> |
</html> |