diff options
| author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
|---|---|---|
| committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
| commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
| tree | 10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html | |
| parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
| download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip | |
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html b/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html new file mode 100644 index 000000000..fac12b52a --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html @@ -0,0 +1,49 @@ +<!DOCTYPE html> +<html> + +<head> + <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> + <title>worker-connect-src-blocked</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="../support/logTest.sub.js?logs=[]"></script> + <script src='../support/alertAssert.sub.js?alerts=["TEST COMPLETE"]'></script> + <!-- enforcing policy: +connect-src 'self'; script-src 'self' 'unsafe-inline'; child-src *; +--> + +</head> +<p>This test loads a worker, from a guid. + The worker should be blocked from loading with a child-src policy of * + as the blob: scheme must be specified explicitly. + A report should be sent to the report-uri specified + with this resource.</p> +<body> + <script> + try { + var blob = new Blob([ + "postMessage('FAIL');" + + "postMessage('TEST COMPLETE');" + ], + {type : 'application/javascript'}); + var url = URL.createObjectURL(blob); + var worker = new Worker(url); + worker.onmessage = function(event) { + alert_assert(event.data); + }; + worker.onerror = function(event) { + event.preventDefault(); + alert_assert('TEST COMPLETE'); + } + } catch (e) { + alert_assert('TEST COMPLETE'); + } + function timeout() { + alert_assert('TEST COMPLETE'); + } + </script> + <div id="log"></div> + <script async defer src="../support/checkReport.sub.js?reportExists=true&reportField=violated-directive&reportValue=child-src%20'self'"></script> +</body> + +</html> |