blob: dcbcd8c3a15e89b32bb975517a39cfda56546485 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
/**
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
var tests = 3;
SimpleTest.waitForExplicitFinish();
testDone = function(event) {
if (!--tests) SimpleTest.finish();
}
// Workers don't inherit CSP
worker = new Worker("csp_worker.js");
worker.postMessage({ do: "eval" });
worker.onmessage = function(event) {
is(event.data, 42, "Eval succeeded!");
testDone();
}
// blob: workers *do* inherit CSP
xhr = new XMLHttpRequest;
xhr.open("GET", "csp_worker.js");
xhr.responseType = "blob";
xhr.send();
xhr.onload = (e) => {
uri = URL.createObjectURL(e.target.response);
worker = new Worker(uri);
worker.postMessage({ do: "eval" })
worker.onmessage = function(event) {
is(event.data, "Error: call to eval() blocked by CSP", "Eval threw");
testDone();
}
}
xhr = new XMLHttpRequest;
xhr.open("GET", "csp_worker.js");
xhr.responseType = "blob";
xhr.send();
xhr.onload = (e) => {
uri = URL.createObjectURL(e.target.response);
worker = new Worker(uri);
worker.postMessage({ do: "nest", uri: uri, level: 3 })
worker.onmessage = function(event) {
is(event.data, "Error: call to eval() blocked by CSP", "Eval threw in nested worker");
testDone();
}
}
|
