OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="/resources/testharness.js"></script> | 4 <script src="/resources/testharness.js"></script> |
5 <script src="/resources/testharnessreport.js"></script> | 5 <script src="/resources/testharnessreport.js"></script> |
6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc
ript> | 6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc
ript> |
7 <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8
000 http://example.test:8000"> | 7 <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8
000 http://example.test:8000"> |
8 </head> | 8 </head> |
9 <body> | 9 <body> |
10 <script> | 10 <script> |
11 async_test(t => { | 11 async_test(t => { |
12 assert_allowed_image_in_document(t, document, "http://example.test:8000/reso
urces/square.png?img-in-top-level"); | 12 assert_allowed_image_in_document(t, document, "http://example.test:8000/reso
urces/square.png?img-in-top-level"); |
13 }, "Image loaded in top-level blocked."); | 13 }, "Image loaded in top-level blocked."); |
14 | 14 |
15 async_test(t => { | 15 async_test(t => { |
16 window.addEventListener("message", t.step_func(e => { | 16 window.addEventListener("message", t.step_func(e => { |
17 assert_equals(e.data, "blocked"); | 17 assert_equals(e.data, "blocked"); |
18 t.done(); | 18 t.done(); |
19 })); | 19 })); |
20 | 20 |
21 window.open("data:text/html," + | 21 var win = window.open("about:blank"); |
22 "<meta http-equiv='content-security-policy' content='img-src htt
p://127.0.0.1:8000'>" + | 22 win.document.write( |
23 "<script>" + | 23 "<meta http-equiv='content-security-policy'" + |
24 " var i = document.createElement('img');" + | 24 " content='img-src http://127.0.0.1:8000'>" + |
25 " i.onload = _ => opener.postMessage('loaded', '*');" + | 25 "<script>" + |
26 " i.onerror = _ => opener.postMessage('blocked', '*');" + | 26 " var i = document.createElement('img');" + |
27 " i.src = 'http://example.test:8000/resources/square.png?data-f
rame'" + | 27 " i.onload = _ => opener.postMessage('loaded', '*');" + |
28 "</scr" + "ipt>"); | 28 " i.onerror = _ => opener.postMessage('blocked', '*');" + |
| 29 " i.src = 'http://example.test:8000/resources/square.png?data-frame'" + |
| 30 "</scr" + "ipt>"); |
29 }, "Image loaded via data: frame blocked."); | 31 }, "Image loaded via data: frame blocked."); |
30 </script> | 32 </script> |
31 </body> | 33 </body> |
32 </html> | 34 </html> |
OLD | NEW |