diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html new file mode 100644 index 000000000..db29fd394 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html @@ -0,0 +1,66 @@ +<!DOCTYPE HTML> +<html> + +<head> + <title>Objects loaded using data attribute of <object> tag are blocked unless their host is listed as an allowed source in the object-src directive</title> + <meta name=timeout content=long> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> + +<body onLoad="object_loaded()"> + <h1>Objects loaded using data attribute of <object> tag are blocked unless their host is listed as an allowed source in the object-src directive</h1> + <div id="log"></div> + + <script> + var relativeMediaURL = "/support/media/flash.swf"; + var pageURL = window.location.toString(); + var temp1 = pageURL.split("//"); + var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/")); + var mediaURL = "http://www2." + temp2 + relativeMediaURL; + var htmlStr = "<object id='flashObject' type='application/x-shockwave-flash' data='" + mediaURL + "' width='200' height='200'></object>"; + document.write(htmlStr); + </script> + + <script> + var len = navigator.mimeTypes.length; + var allTypes = ""; + var flashMimeType = "application/x-shockwave-flash"; + for (var i = 0; i < len; i++) { + allTypes += navigator.mimeTypes[i].type; + } + + var hasMimeType = allTypes.indexOf(flashMimeType) != -1; + + <!-- The actual test. --> + var test1 = async_test("Async SWF load test") + + function object_loaded() { + var elem = document.getElementById("flashObject"); + var is_loaded = false; + try { + <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. --> + var pct_loaded = elem.PercentLoaded(); + is_loaded = true; + } catch (e) {} + + if (hasMimeType) { + test1.step(function () { + assert_false(is_loaded, "External object loaded.") + }); + var s = document.createElement('script'); + s.async = true; + s.defer = true; + s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27" + document.lastChild.appendChild(s); + } else { + test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test."); + test1.phase = test1.phases.HAS_RESULT; + } + test1.done(); + } + </script> + +</body> + +</html>
\ No newline at end of file |