testing/web-platform/tests/content-security-policy/blink-contrib/icon-blocked.sub.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

<!DOCTYPE html>
<html>
<script>
    function createLink(rel, src) {
        var link = document.createElement('link');
        link.rel = rel;
        link.href = src;
        document.head.appendChild(link);
    }
    window.addEventListener('DOMContentLoaded', function() {
        createLink('icon', 'http://localhost/foo?q=from_icon'); {}
    });

</script>
<p>Use callbacks to show that favicons are not loaded in violation of CSP when link tags are dynamically added to the page.</p>

</html>