| <script src="../resources/testharness.js"></script> |
| <script src="../resources/testharnessreport.js"></script> |
| <script> |
| test(function () { |
| testRunner.addOriginAccessAllowListEntry(location.origin, location.protocol, '', false); |
| testRunner.addOriginAccessAllowListEntry(location.origin, 'blob', '', false); |
| }, 'testRunner.addOriginAccessAllowListEntry is required for this test'); |
| |
| test(function () { |
| var blobUrl = URL.createObjectURL(new Blob()); |
| assert_throws_dom('SecurityError', function () { |
| history.pushState(null, null, blobUrl); |
| }); |
| }, 'pushState to blob:-URL should fail with SecurityError (even with whitelisted origins)'); |
| </script> |