| <script src="../resources/testharness.js"></script> |
| <script src="../resources/testharnessreport.js"></script> |
| <script> |
| test(function () { |
| testRunner.addOriginAccessAllowListEntry(location.origin, location.protocol, '', false); |
| }, 'testRunner.addOriginAccessAllowListEntry is required for this test'); |
| |
| test(function () { |
| // http://username@password:localhost:8000/... should be blocked. |
| var originWithAuth = new URL(document.URL); |
| originWithAuth.username += 'username'; |
| originWithAuth.password += 'password'; |
| originWithAuth = originWithAuth.href; |
| |
| assert_throws_dom('SecurityError', function () { |
| history.pushState(null, null, originWithAuth); |
| }); |
| }, 'pushState that changes credentials should fail with SecurityError (even with whitelisted origins)'); |
| </script> |