| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script> |
| <meta http-equiv="content-security-policy" content="img-src 'none'"> |
| </head> |
| <body> |
| <script> |
| // The filesystem test takes some nesting to setup: |
| setup({explicit_done: true}); |
| |
| async_test(t => { |
| assert_blocked_image_in_document(t, document, "http://example.test:8000/resources/square.png?img-in-top-level"); |
| }, "Image loaded in top-level blocked."); |
| |
| async_test(t => { |
| var frame = document.createElement("iframe"); |
| frame.onload = _ => { |
| assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-blank-frame"); |
| }; |
| document.body.appendChild(frame); |
| }, "Image loaded via about:blank frame blocked."); |
| |
| async_test(t => { |
| var frame = document.createElement("iframe"); |
| frame.setAttribute("srcdoc", ""); |
| frame.onload = _ => { |
| assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-srcdoc-frame"); |
| }; |
| document.body.appendChild(frame); |
| }, "Image loaded via srcdoc frame blocked."); |
| |
| async_test(t => { |
| var b = new Blob([], {type: "text/html"}); |
| |
| var frame = document.createElement("iframe"); |
| frame.src = URL.createObjectURL(b); |
| frame.onload = _ => { |
| assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-blob-frame"); |
| }; |
| document.body.appendChild(frame); |
| }, "Image loaded via 'blob:' frame blocked."); |
| |
| async_test(t => { |
| window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => { |
| fs.root.getFile('worker.js', { create: true }, entry => { |
| entry.createWriter(w => { |
| w.onwriteend = _ => { |
| var u = entry.toURL(); |
| |
| var frame = document.createElement("iframe"); |
| frame.src = URL.createObjectURL(b); |
| frame.onload = _ => { |
| assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-filsystem-frame"); |
| }; |
| document.body.appendChild(frame); |
| |
| // explicit_done: yay. |
| done(); |
| }; |
| w.onerror = t.unreached_func(); |
| |
| var b = new Blob([], {type: "text/html"}); |
| w.write(b); |
| }); |
| }); |
| }); |
| }, "Image loaded via 'filesystem:' frame blocked."); |
| </script> |
| </body> |
| </html> |