blob: 91c3845617fbd2d38af04bd7e4006ebce296613b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
<!DOCTYPE html>
<html>
<head>
<title>XMLHttpRequest: send() - non same-origin</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<base>
<link rel="help" href="https://xhr.spec.whatwg.org/#cross-origin-request-steps" data-tested-assertations="/following::DL[2]/DT[1] /following::DL[2]/DD[1]" />
<link rel="help" href="https://xhr.spec.whatwg.org/#cross-origin-request-event-rules" data-tested-assertations="/following::DL[1]/DT[2] /following::DL[1]/DD[2]" />
</head>
<body>
<div id="log"></div>
<script src="/common/get-host-info.sub.js"></script>
<script>
// Setting base URL before running the tests
var host_info = get_host_info();
document.getElementsByTagName("base")[0].setAttribute("href", host_info.HTTP_REMOTE_ORIGIN);
function url(url) {
test(function() {
var client = new XMLHttpRequest()
client.open("GET", url, false)
assert_throws("NetworkError", function() { client.send() })
}, document.title + " (" + url + ")")
}
url("mailto:test@example.org")
url("tel:+31600000000")
url(host_info.HTTP_REMOTE_ORIGIN)
url("javascript:alert('FAIL')")
url("folder.txt")
</script>
</body>
</html>
|
