chromium/src/third_party/blink/web_tests/http/tests/navigation/pushstate-whitelisted-auth-denied.html - manifest_repos/chromium_src - Git at Google

 <script src="../resources/testharness.js"></script>
 <script src="../resources/testharnessreport.js"></script>
 <script>
 test(function () {
     testRunner.addOriginAccessAllowListEntry(location.origin, location.protocol, '', false);
 }, 'testRunner.addOriginAccessAllowListEntry is required for this test');

 test(function () {
     // http://username@password:localhost:8000/... should be blocked.
     var originWithAuth = new URL(document.URL);
     originWithAuth.username += 'username';
     originWithAuth.password += 'password';
     originWithAuth = originWithAuth.href;

     assert_throws_dom('SecurityError', function () {
         history.pushState(null, null, originWithAuth);
     });
 }, 'pushState that changes credentials should fail with SecurityError (even with whitelisted origins)');
 </script>
	<script src="../resources/testharness.js"></script>
	<script src="../resources/testharnessreport.js"></script>
	<script>
	test(function () {
	testRunner.addOriginAccessAllowListEntry(location.origin, location.protocol, '', false);
	}, 'testRunner.addOriginAccessAllowListEntry is required for this test');

	test(function () {
	// http://username@password:localhost:8000/... should be blocked.
	var originWithAuth = new URL(document.URL);
	originWithAuth.username += 'username';
	originWithAuth.password += 'password';
	originWithAuth = originWithAuth.href;

	assert_throws_dom('SecurityError', function () {
	history.pushState(null, null, originWithAuth);
	});
	}, 'pushState that changes credentials should fail with SecurityError (even with whitelisted origins)');
	</script>