summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/object-src/object-src-2_1.html
blob: db29fd394c9ff2515df6633c23962676356da997 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<!DOCTYPE HTML>
<html>

<head>
    <title>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
    <meta name=timeout content=long>
    <script src='/resources/testharness.js'></script>
    <script src='/resources/testharnessreport.js'></script>
</head>

<body onLoad="object_loaded()">
    <h1>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
    <div id="log"></div>

    <script>
        var relativeMediaURL = "/support/media/flash.swf";
        var pageURL = window.location.toString();
        var temp1 = pageURL.split("//");
        var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/"));
        var mediaURL = "http://www2." + temp2 + relativeMediaURL;
        var htmlStr = "<object id='flashObject' type='application/x-shockwave-flash' data='" + mediaURL + "' width='200' height='200'></object>";
        document.write(htmlStr);
    </script>

    <script>
        var len = navigator.mimeTypes.length;
        var allTypes = "";
        var flashMimeType = "application/x-shockwave-flash";
        for (var i = 0; i < len; i++) {
            allTypes += navigator.mimeTypes[i].type;
        }

        var hasMimeType = allTypes.indexOf(flashMimeType) != -1;

        <!-- The actual test. -->
        var test1 = async_test("Async SWF load test")

        function object_loaded() {
            var elem = document.getElementById("flashObject");
            var is_loaded = false;
            try {
                <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
                var pct_loaded = elem.PercentLoaded();
                is_loaded = true;
            } catch (e) {}

            if (hasMimeType) {
                test1.step(function () {
                    assert_false(is_loaded, "External object loaded.")
                });
                var s = document.createElement('script');
                s.async = true;
                s.defer = true;
                s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
                document.lastChild.appendChild(s);
            } else {
                test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
                test1.phase = test1.phases.HAS_RESULT;
            }
            test1.done();
        }
    </script>

</body>

</html>