OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <script src="/resources/testharness.js"></script> |
| 5 <script src="/resources/testharnessreport.js"></script> |
| 6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc
ript> |
| 7 <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8
000 http://example.test:8000"> |
| 8 </head> |
| 9 <body> |
| 10 <script> |
| 11 async_test(t => { |
| 12 assert_allowed_image_in_document(t, document, "http://example.test:8000/reso
urces/square.png?img-in-top-level"); |
| 13 }, "Image loaded in top-level blocked."); |
| 14 |
| 15 async_test(t => { |
| 16 window.addEventListener("message", t.step_func(e => { |
| 17 assert_equals(e.data, "blocked"); |
| 18 t.done(); |
| 19 })); |
| 20 |
| 21 window.open("data:text/html," + |
| 22 "<meta http-equiv='content-security-policy' content='img-src htt
p://127.0.0.1:8000'>" + |
| 23 "<script>" + |
| 24 " var i = document.createElement('img');" + |
| 25 " i.onload = _ => opener.postMessage('loaded', '*');" + |
| 26 " i.onerror = _ => opener.postMessage('blocked', '*');" + |
| 27 " i.src = 'http://example.test:8000/resources/square.png?data-f
rame'" + |
| 28 "</scr" + "ipt>"); |
| 29 }, "Image loaded via data: frame blocked."); |
| 30 </script> |
| 31 </body> |
| 32 </html> |
OLD | NEW |