OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <meta http-equiv="Content-Security-Policy" content="plugin-types text/plain"> |
| 5 <script src="../resources/dump-as-text.js"></script> |
| 6 </head> |
| 7 <body> |
| 8 <p> |
| 9 This tests a scenario where an iframe element's src attribute points |
| 10 to a cross-site URI that loads a plugin. In this test the plugin |
| 11 is disallowed by the plugin-types Content Security Policy directive, |
| 12 therefore the test passes if |
| 13 1) there is no "Blink Test Plugin: initializing" console message |
| 14 2) there is a console message indicating CSP violation |
| 15 </p> |
| 16 |
| 17 <!-- the URI below is cross-site from the default layout tests site |
| 18 http://127.0.0.1:8000 --> |
| 19 <!-- we lie in the "type" attribute below, to pass early CSP checks --> |
| 20 <iframe type="text/plain" |
| 21 src="http://localhost:8000/plugins/resources/mock-plugin.pl"></iframe> |
| 22 </body> |
| 23 </html> |
OLD | NEW |