diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/img-src')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html | 46 | ||||
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html.sub.headers | 6 |
2 files changed, 52 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html new file mode 100644 index 000000000..edf04fb19 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>img element src attribute must match src list.</title> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <h1>img element src attribute must match src list.</h1> + <p> + <div id='log'></div> + + <script type="text/javascript"> + var t1 = async_test("img-src for relative path should load."); + var t2 = async_test("img-src from unapproved domains should not load"); + var t3 = async_test("img-src from approved domains should load"); + </script> + + <img src='/content-security-policy/support/pass.png' + onerror='t1.step(function() { assert_unreached("The img should have loaded."); t1.done() });' + onload='t1.done();'> + + <img src='http://www1.web-platform.test/content-security-policy/support/fail.png' + onerror='t2.done();' + onload='t2.step(function() { assert_unreached("Image from unapproved domain was loaded."); t2.done()} );'> + + <div id='t3'></div> + + <script> + var t3img = document.createElement('img'); + t3img.onerror = function() {t3.step(function() { assert_unreached(); t3.done();})} + t3img.onload = function() {t3.done();} + t3img.src = location.protocol + '//www.' + location.hostname + ':' + location.port + + '/content-security-policy/support/pass.png'; + var t3div = document.getElementById('t3'); + t3div.appendChild(t3img); + + var report = document.createElement('script'); + report.src = '../support/checkReport.sub.js?reportField=violated-directive&reportValue=img-src%20%27self%27%20www.' + location.hostname + (location.port ? ':' + location.port : ''); + t3div.appendChild(report); + + </script> + + +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html.sub.headers b/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html.sub.headers new file mode 100644 index 000000000..543e48c14 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-4_1.html.sub.headers @@ -0,0 +1,6 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: img-src-4_1={{$id:uuid()}}; Path=/content-security-policy/img-src/ +Content-Security-Policy: img-src 'self' www.{{host}}:{{ports[http][0]}}; report-uri ../support/report.py?op=put&reportID={{$id}} |