| <!DOCTYPE html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| |
| <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> |
| |
| <body> |
| |
| <script> |
| function wait_for_error_from_frame(frame, test) { |
| window.addEventListener('message', test.step_func(e => { |
| if (e.source != frame.contentWindow) |
| return; |
| assert_equals(e.data, "error"); |
| frame.remove(); |
| test.done(); |
| })); |
| } |
| |
| function wait_for_error_from_window(opened_window, test) { |
| window.addEventListener('message', test.step_func(e => { |
| if (e.source != opened_window) |
| return; |
| assert_equals(e.data, "error"); |
| opened_window.close(); |
| test.done(); |
| })); |
| } |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| document.body.appendChild(i); |
| |
| var img = document.createElement('img'); |
| img.onerror = t.step_func_done(_ => i.remove()); |
| img.onload = t.unreached_func(); |
| i.contentDocument.body.appendChild(img); |
| img.src = "{{location[server]}}/images/red-16x16.png"; |
| }, "<iframe>'s about:blank inherits policy."); |
| |
| async_test(t => { |
| var w = window.open("about:blank"); |
| |
| let then = t.step_func(() => { |
| then = () => {}; |
| var img = w.document.createElement('img'); |
| img.onerror = t.step_func_done(_ => w.close()); |
| img.onload = t.unreached_func(); |
| w.document.body.appendChild(img); |
| img.src = "{{location[server]}}/images/red-16x16.png"; |
| }); |
| |
| // There are now interoperable way to wait for the initial about:blank |
| // document to load. Chrome loads it synchronously, hence we can't wait for |
| // w.onload. On the other side Firefox loads the initial empty document |
| // later and we can wait for the onload event. |
| w.onload = then; |
| setTimeout(then, 200); |
| |
| // Navigations to about:blank happens synchronously. There is no need to |
| // wait for the document to load. |
| }, "window about:blank inherits policy."); |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.srcdoc = ` |
| <img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.top.postMessage("load", "*");' |
| onerror='window.top.postMessage("error", "*");' |
| > |
| `; |
| |
| wait_for_error_from_frame(i, t); |
| |
| document.body.appendChild(i); |
| }, "<iframe srcdoc>'s inherits policy."); |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| var b = new Blob( |
| [` |
| <img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.top.postMessage("load", "*");' |
| onerror='window.top.postMessage("error", "*");' |
| > |
| `], {type:"text/html"}); |
| i.src = URL.createObjectURL(b); |
| |
| wait_for_error_from_frame(i, t); |
| |
| document.body.appendChild(i); |
| }, "<iframe src='blob:...'>'s inherits policy."); |
| |
| async_test(t => { |
| var b = new Blob( |
| [` |
| <img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.opener.postMessage("load", "*");' |
| onerror='window.opener.postMessage("error", "*");' |
| > |
| `], {type:"text/html"}); |
| let url = URL.createObjectURL(b); |
| var w = window.open(url); |
| wait_for_error_from_window(w, t); |
| }, "window url='blob:...' inherits policy."); |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.src = `data:text/html,<img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.top.postMessage("load", "*");' |
| onerror='window.top.postMessage("error", "*");' |
| >`; |
| |
| wait_for_error_from_frame(i, t); |
| |
| document.body.appendChild(i); |
| }, "<iframe src='data:...'>'s inherits policy."); |
| |
| // Opening a window toward a data-url isn't allowed anymore. Hence, it can't |
| // be tested. |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.src = `javascript:"<img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.top.postMessage(\\"load\\", \\"*\\");' |
| onerror='window.top.postMessage(\\"error\\", \\"*\\");' |
| >"`; |
| |
| wait_for_error_from_frame(i, t); |
| |
| document.body.appendChild(i); |
| }, "<iframe src='javascript:...'>'s inherits policy (static <img> is blocked)"); |
| |
| async_test(t => { |
| let url = `javascript:"<img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.opener.postMessage(\\"load\\", \\"*\\");' |
| onerror='window.opener.postMessage(\\"error\\", \\"*\\");' |
| >"`; |
| |
| let w = window.open(url); |
| wait_for_error_from_window(w, t); |
| }, "window url='javascript:...'>'s inherits policy (static <img> is blocked)"); |
| |
| // Same as the previous javascript-URL test, but instead of loading the <img> |
| // from the new document, this one is created from the initial empty document, |
| // while evaluating the javascript-url. |
| // See https://crbug.com/1064676 |
| async_test(t => { |
| let url = `javascript: |
| let img = document.createElement('img'); |
| img.onload = () => window.top.postMessage('load', '*'); |
| img.onerror = () => window.top.postMessage('error', '*'); |
| img.src = '{{location[server]}}/images/red-16x16.png'; |
| document.body.appendChild(img); |
| `; |
| var i = document.createElement('iframe'); |
| i.src = encodeURI(url.replace(/\n/g, "")); |
| wait_for_error_from_frame(i, t); |
| |
| document.body.appendChild(i); |
| }, "<iframe src='javascript:...'>'s inherits policy (dynamically inserted <img> is blocked)"); |
| |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| var b = new Blob( |
| [` |
| <img src='{{location[server]}}/images/red-16x16.png' |
| onload='window.top.postMessage("load", "*");' |
| onerror='window.top.postMessage("error", "*");' |
| > |
| `], {type:"text/html"}); |
| i.src = URL.createObjectURL(b); |
| i.sandbox = 'allow-scripts'; |
| |
| wait_for_error_from_frame(i, t); |
| |
| document.body.appendChild(i); |
| }, "<iframe sandbox src='blob:...'>'s inherits policy. (opaque origin sandbox)"); |
| |
| </script> |