summaryrefslogtreecommitdiffstats
path: root/dom/security/test/sri/iframe_require-sri-for_main.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/sri/iframe_require-sri-for_main.html')
-rw-r--r--dom/security/test/sri/iframe_require-sri-for_main.html47
1 files changed, 47 insertions, 0 deletions
diff --git a/dom/security/test/sri/iframe_require-sri-for_main.html b/dom/security/test/sri/iframe_require-sri-for_main.html
new file mode 100644
index 000000000..467c699c7
--- /dev/null
+++ b/dom/security/test/sri/iframe_require-sri-for_main.html
@@ -0,0 +1,47 @@
+<script>
+ window.hasCORSLoaded = false; // set through script_crossdomain1.js
+</script>
+
+<!-- script tag cors-enabled. should be loaded -->
+<script src="http://example.com/tests/dom/security/test/sri/script_crossdomain1.js"
+ crossorigin=""
+ integrity="sha512-9Tv2DL1fHvmPQa1RviwKleE/jq72jgxj8XGLyWn3H6Xp/qbtfK/jZINoPFAv2mf0Nn1TxhZYMFULAbzJNGkl4Q=="
+ onload="parent.postMessage('good_sriLoaded', '*');"></script>
+
+<!-- script tag cors but not using SRI. should trigger onerror -->
+<script src="http://example.com/tests/dom/security/test/sri/script_crossdomain5.js"
+ onload="parent.postMessage('bad_nonsriLoaded', '*');"
+ onerror="parent.postMessage('good_nonsriBlocked', '*');"></script>
+
+<!-- svg:script tag with cors but not using SRI. should trigger onerror -->
+<svg xmlns="http://www.w3.org/2000/svg">
+ <script xlink:href="http://example.com/tests/dom/security/test/sri/script_crossdomain3.js"
+ onload="parent.postMessage('bad_svg_nonsriLoaded', '*');"
+ onerror="parent.postMessage('good_svg_nonsriBlocked', '*');"></script>
+ ></script>
+</svg>
+
+<!-- stylesheet with cors and integrity. it should just load fine. -->
+<link rel="stylesheet" href="style1.css"
+ integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
+ onload="parent.postMessage('good_sriLoaded', '*');">
+
+<!-- stylesheet not using SRI, should trigger onerror -->
+<link rel="stylesheet" href="style3.css"
+ onload="parent.postMessage('bad_nonsriLoaded', '*');"
+ onerror="parent.postMessage('good_nonsriBlocked', '*');">
+
+
+<p id="black-text">black text</p>
+<script>
+ // this worker should not load,
+ // given that we can not provide integrity metadata through the constructor
+ w = new Worker("rsf_worker.js");
+ w.onerror = function(e) {
+ if (typeof w == "object") {
+ parent.postMessage("finish", '*');
+ } else {
+ parent.postMessage("error", "*")
+ }
+ }
+</script>
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-03 08:26:10 +0000