<!DOCTYPE HTML>
<html>
<head>
<title>Objects loaded using data attribute of <object> tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
<meta name=timeout content=long>
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
</head>
<body onLoad="object_loaded()">
<h1>Objects loaded using data attribute of <object> tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
<div id="log"></div>
<script>
var relativeMediaURL = "/support/media/flash.swf";
var pageURL = window.location.toString();
var temp1 = pageURL.split("//");
var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/"));
var mediaURL = "http://www2." + temp2 + relativeMediaURL;
var htmlStr = "<object id='flashObject' type='application/x-shockwave-flash' data='" + mediaURL + "' width='200' height='200'></object>";
document.write(htmlStr);
</script>
<script>
var len = navigator.mimeTypes.length;
var allTypes = "";
var flashMimeType = "application/x-shockwave-flash";
for (var i = 0; i < len; i++) {
allTypes += navigator.mimeTypes[i].type;
}
var hasMimeType = allTypes.indexOf(flashMimeType) != -1;
<!-- The actual test. -->
var test1 = async_test("Async SWF load test")
function object_loaded() {
var elem = document.getElementById("flashObject");
var is_loaded = false;
try {
<!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
var pct_loaded = elem.PercentLoaded();
is_loaded = true;
} catch (e) {}
if (hasMimeType) {
test1.step(function () {
assert_false(is_loaded, "External object loaded.")
});
var s = document.createElement('script');
s.async = true;
s.defer = true;
s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
document.lastChild.appendChild(s);
} else {
test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
test1.phase = test1.phases.HAS_RESULT;
}
test1.done();
}
</script>
</body>
</html>