OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <script src="/resources/testharness.js"></script> |
| 5 <script src="/resources/testharnessreport.js"></script> |
| 6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc
ript> |
| 7 <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8
000 http://example.test:8000"> |
| 8 </head> |
| 9 <body> |
| 10 <script> |
| 11 // The filesystem test takes some nesting to setup: |
| 12 setup({explicit_done: true}); |
| 13 |
| 14 async_test(t => { |
| 15 assert_allowed_image_in_document(t, document, "http://127.0.0.1:8000/resourc
es/square.png?top-level"); |
| 16 assert_allowed_image_in_document(t, document, "http://example.test:8000/reso
urces/square.png?top-level"); |
| 17 }, "Policy applied in top-level."); |
| 18 |
| 19 async_test(t => { |
| 20 var w = window.open(); |
| 21 w.document.head.innerHTML = "<meta http-equiv='content-security-policy' cont
ent='img-src http://127.0.0.1:8000'>"; |
| 22 assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/resou
rces/square.png?blank-frame"); |
| 23 assert_blocked_image_in_document(t, w.document, "http://example.test:8000/re
sources/square.png?blank-frame"); |
| 24 }, "Image loaded via about:blank window blocked."); |
| 25 |
| 26 async_test(t => { |
| 27 var b = new Blob([], {type: "text/html"}); |
| 28 var w = window.open(URL.createObjectURL(b)); |
| 29 w.onload = _ => { |
| 30 w.document.head.innerHTML = "<meta http-equiv='content-security-policy' co
ntent='img-src http://127.0.0.1:8000'>"; |
| 31 assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/res
ources/square.png?blob-frame"); |
| 32 assert_blocked_image_in_document(t, w.document, "http://example.test:8000/
resources/square.png?blob-frame"); |
| 33 }; |
| 34 }, "Image loaded via 'blob:' window blocked."); |
| 35 |
| 36 async_test(t => { |
| 37 window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => { |
| 38 fs.root.getFile('worker.js', { create: true }, entry => { |
| 39 entry.createWriter(w => { |
| 40 w.onwriteend = _ => { |
| 41 var w = window.open(entry.toURL()); |
| 42 w.onload = _ => { |
| 43 w.document.head.innerHTML = "<meta http-equiv='content-security-po
licy' content='img-src http://127.0.0.1:8000'>"; |
| 44 assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:
8000/resources/square.png?filesystem-frame"); |
| 45 assert_blocked_image_in_document(t, w.document, "http://example.te
st:8000/resources/square.png?filesystem-frame"); |
| 46 }; |
| 47 |
| 48 // explicit_done: yay. |
| 49 done(); |
| 50 }; |
| 51 w.onerror = t.unreached_func(); |
| 52 |
| 53 var b = new Blob([], {type: "text/html"}); |
| 54 w.write(b); |
| 55 }); |
| 56 }); |
| 57 }); |
| 58 }, "Image loaded via 'filesystem:' window blocked."); |
| 59 </script> |
| 60 </body> |
| 61 </html> |
OLD | NEW |