diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html new file mode 100644 index 000000000..a868834ac --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html @@ -0,0 +1,61 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Objects loaded using src attribute of <embed> tag are blocked unless their host is listed as an allowed source in the object-src directive</title> + <meta name=timeout content=long> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body onLoad="object_loaded()"> + <h1>Objects loaded using src attribute of <embed> tag are blocked unless their host is listed as an allowed source in the object-src directive</h1> + <div id="log"></div> + + <script> + var relativeMediaURL = "/support/media/flash.swf"; + var pageURL = window.location.toString(); + var temp1 = pageURL.split("//"); + var temp2 = temp1[1].substring (0, temp1[1].lastIndexOf("/object-src/")); + var mediaURL = "http://www2." + temp2 + relativeMediaURL; + var htmlStr = "<embed id='flashObject' type='application/x-shockwave-flash' src='" + mediaURL + "' width='200' height='200'></object>"; + document.write (htmlStr); + </script> + + <script> + var len = navigator.mimeTypes.length; + var allTypes = ""; + var flashMimeType = "application/x-shockwave-flash"; + for ( var i=0;i<len;i++ ) { + allTypes+=navigator.mimeTypes[i].type; + } + + var hasMimeType = allTypes.indexOf(flashMimeType) != -1; + + <!-- The actual test. --> + var test1 = async_test("Async SWF load test") + + function object_loaded() { + var elem = document.getElementById("flashObject"); + var is_loaded = false; + try { + <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. --> + var pct_loaded = elem.PercentLoaded(); + is_loaded = true; + } catch (e) {} + + if (hasMimeType) { + test1.step(function() {assert_false(is_loaded, "External object loaded.")}); + var s = document.createElement('script'); + s.async = true; + s.defer = true; + s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27" + document.lastChild.appendChild(s); + } else { + //test1.step(function() {}); + test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test."); + test1.phase = test1.phases.HAS_RESULT; + } + test1.done(); + } + </script> +</body> +</html> |