| OLD | NEW |
|---|
| (Empty) | |
| 1 <!DOCTYPE HTML> |
| 2 <html> |
| 3 |
| 4 <head> |
| 5 <title>Objects loaded using data attribute of <object> tag are blocked
unless their host is listed as an allowed source in the object-src directive</t
itle> |
| 6 <meta name=timeout content=long> |
| 7 <script src='/resources/testharness.js'></script> |
| 8 <script src='/resources/testharnessreport.js'></script> |
| 9 </head> |
| 10 |
| 11 <body onLoad="object_loaded()"> |
| 12 <h1>Objects loaded using data attribute of <object> tag are blocked un
less their host is listed as an allowed source in the object-src directive</h1> |
| 13 <div id="log"></div> |
| 14 |
| 15 <script> |
| 16 var relativeMediaURL = "/support/media/flash.swf"; |
| 17 var pageURL = window.location.toString(); |
| 18 var temp1 = pageURL.split("//"); |
| 19 var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/")); |
| 20 var mediaURL = "http://www2." + temp2 + relativeMediaURL; |
| 21 var htmlStr = "<object id='flashObject' type='application/x-shockwave-fl
ash' data='" + mediaURL + "' width='200' height='200'></object>"; |
| 22 document.write(htmlStr); |
| 23 </script> |
| 24 |
| 25 <script> |
| 26 var len = navigator.mimeTypes.length; |
| 27 var allTypes = ""; |
| 28 var flashMimeType = "application/x-shockwave-flash"; |
| 29 for (var i = 0; i < len; i++) { |
| 30 allTypes += navigator.mimeTypes[i].type; |
| 31 } |
| 32 |
| 33 var hasMimeType = allTypes.indexOf(flashMimeType) != -1; |
| 34 |
| 35 <!-- The actual test. --> |
| 36 var test1 = async_test("Async SWF load test") |
| 37 |
| 38 function object_loaded() { |
| 39 var elem = document.getElementById("flashObject"); |
| 40 var is_loaded = false; |
| 41 try { |
| 42 <!-- The Flash Player exposes values to JavaScript if a SWF has
successfully been loaded. --> |
| 43 var pct_loaded = elem.PercentLoaded(); |
| 44 is_loaded = true; |
| 45 } catch (e) {} |
| 46 |
| 47 if (hasMimeType) { |
| 48 test1.step(function () { |
| 49 assert_false(is_loaded, "External object loaded.") |
| 50 }); |
| 51 var s = document.createElement('script'); |
| 52 s.async = true; |
| 53 s.defer = true; |
| 54 s.src = "../support/checkReport.sub.js?reportField=violated-dire
ctive&reportValue=object-src%20%27self%27" |
| 55 document.lastChild.appendChild(s); |
| 56 } else { |
| 57 test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test
."); |
| 58 test1.phase = test1.phases.HAS_RESULT; |
| 59 } |
| 60 test1.done(); |
| 61 } |
| 62 </script> |
| 63 |
| 64 </body> |
| 65 |
| 66 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2695813009:
Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db (Closed)
