summaryrefslogtreecommitdiffstats
path: root/dom/workers/test/test_csp.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/workers/test/test_csp.js')
-rw-r--r--dom/workers/test/test_csp.js48
1 files changed, 48 insertions, 0 deletions
diff --git a/dom/workers/test/test_csp.js b/dom/workers/test/test_csp.js
new file mode 100644
index 000000000..dcbcd8c3a
--- /dev/null
+++ b/dom/workers/test/test_csp.js
@@ -0,0 +1,48 @@
+/**
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+var tests = 3;
+
+SimpleTest.waitForExplicitFinish();
+
+testDone = function(event) {
+ if (!--tests) SimpleTest.finish();
+}
+
+// Workers don't inherit CSP
+worker = new Worker("csp_worker.js");
+worker.postMessage({ do: "eval" });
+worker.onmessage = function(event) {
+ is(event.data, 42, "Eval succeeded!");
+ testDone();
+}
+
+// blob: workers *do* inherit CSP
+xhr = new XMLHttpRequest;
+xhr.open("GET", "csp_worker.js");
+xhr.responseType = "blob";
+xhr.send();
+xhr.onload = (e) => {
+ uri = URL.createObjectURL(e.target.response);
+ worker = new Worker(uri);
+ worker.postMessage({ do: "eval" })
+ worker.onmessage = function(event) {
+ is(event.data, "Error: call to eval() blocked by CSP", "Eval threw");
+ testDone();
+ }
+}
+
+xhr = new XMLHttpRequest;
+xhr.open("GET", "csp_worker.js");
+xhr.responseType = "blob";
+xhr.send();
+xhr.onload = (e) => {
+ uri = URL.createObjectURL(e.target.response);
+ worker = new Worker(uri);
+ worker.postMessage({ do: "nest", uri: uri, level: 3 })
+ worker.onmessage = function(event) {
+ is(event.data, "Error: call to eval() blocked by CSP", "Eval threw in nested worker");
+ testDone();
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-02 23:20:32 +0000