OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <script src="/resources/testharness.js"></script> |
| 5 <script src="/resources/testharnessreport.js"></script> |
| 6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc
ript> |
| 7 <meta http-equiv="content-security-policy" content="img-src 'none'"> |
| 8 </head> |
| 9 <body> |
| 10 <script> |
| 11 // The filesystem test takes some nesting to setup: |
| 12 setup({explicit_done: true}); |
| 13 |
| 14 async_test(t => { |
| 15 assert_blocked_image_in_document(t, document, "http://example.test:8000/reso
urces/square.png?img-in-top-level"); |
| 16 }, "Image loaded in top-level blocked."); |
| 17 |
| 18 async_test(t => { |
| 19 var frame = document.createElement("iframe"); |
| 20 frame.onload = _ => { |
| 21 assert_blocked_image_in_document(t, frame.contentDocument, "http://example
.test:8000/resources/square.png?img-in-blank-frame"); |
| 22 }; |
| 23 document.body.appendChild(frame); |
| 24 }, "Image loaded via about:blank frame blocked."); |
| 25 |
| 26 async_test(t => { |
| 27 var frame = document.createElement("iframe"); |
| 28 frame.setAttribute("srcdoc", ""); |
| 29 frame.onload = _ => { |
| 30 assert_blocked_image_in_document(t, frame.contentDocument, "http://example
.test:8000/resources/square.png?img-in-srcdoc-frame"); |
| 31 }; |
| 32 document.body.appendChild(frame); |
| 33 }, "Image loaded via srcdoc frame blocked."); |
| 34 |
| 35 async_test(t => { |
| 36 var b = new Blob([], {type: "text/html"}); |
| 37 |
| 38 var frame = document.createElement("iframe"); |
| 39 frame.src = URL.createObjectURL(b); |
| 40 frame.onload = _ => { |
| 41 assert_blocked_image_in_document(t, frame.contentDocument, "http://example
.test:8000/resources/square.png?img-in-blob-frame"); |
| 42 }; |
| 43 document.body.appendChild(frame); |
| 44 }, "Image loaded via 'blob:' frame blocked."); |
| 45 |
| 46 async_test(t => { |
| 47 window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => { |
| 48 fs.root.getFile('worker.js', { create: true }, entry => { |
| 49 entry.createWriter(w => { |
| 50 w.onwriteend = _ => { |
| 51 var u = entry.toURL(); |
| 52 |
| 53 var frame = document.createElement("iframe"); |
| 54 frame.src = URL.createObjectURL(b); |
| 55 frame.onload = _ => { |
| 56 assert_blocked_image_in_document(t, frame.contentDocument, "http:/
/example.test:8000/resources/square.png?img-in-filsystem-frame"); |
| 57 }; |
| 58 document.body.appendChild(frame); |
| 59 |
| 60 // explicit_done: yay. |
| 61 done(); |
| 62 }; |
| 63 w.onerror = t.unreached_func(); |
| 64 |
| 65 var b = new Blob([], {type: "text/html"}); |
| 66 w.write(b); |
| 67 }); |
| 68 }); |
| 69 }); |
| 70 }, "Image loaded via 'filesystem:' frame blocked."); |
| 71 </script> |
| 72 </body> |
| 73 </html> |
OLD | NEW |