chromium/src/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/cascade/same-origin.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
   <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script>
   <meta http-equiv="content-security-policy" content="img-src 'none'">
 </head>
 <body>
 <script>
   // The filesystem test takes some nesting to setup:
   setup({explicit_done: true});

   async_test(t => {
     assert_blocked_image_in_document(t, document, "http://example.test:8000/resources/square.png?img-in-top-level");
   }, "Image loaded in top-level blocked.");

   async_test(t => {
     var frame = document.createElement("iframe");
     frame.onload = _ => {
       assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-blank-frame");
     };
     document.body.appendChild(frame);
   }, "Image loaded via about:blank frame blocked.");

   async_test(t => {
     var frame = document.createElement("iframe");
     frame.setAttribute("srcdoc", "");
     frame.onload = _ => {
       assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-srcdoc-frame");
     };
     document.body.appendChild(frame);
   }, "Image loaded via srcdoc frame blocked.");

   async_test(t => {
     var b = new Blob([], {type: "text/html"});

     var frame = document.createElement("iframe");
     frame.src = URL.createObjectURL(b);
     frame.onload = _ => {
       assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-blob-frame");
     };
     document.body.appendChild(frame);
   }, "Image loaded via 'blob:' frame blocked.");

   async_test(t => {
     window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => {
       fs.root.getFile('worker.js', { create: true }, entry => {
         entry.createWriter(w => {
           w.onwriteend = _ => {
             var u = entry.toURL();

             var frame = document.createElement("iframe");
             frame.src = URL.createObjectURL(b);
             frame.onload = _ => {
               assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-filsystem-frame");
             };
             document.body.appendChild(frame);

             // explicit_done: yay.
             done();
           };
           w.onerror = t.unreached_func();

           var b = new Blob([], {type: "text/html"});
           w.write(b);
         });
       });
     });
   }, "Image loaded via 'filesystem:' frame blocked.");
 </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script>
	<meta http-equiv="content-security-policy" content="img-src 'none'">
	</head>
	<body>
	<script>
	// The filesystem test takes some nesting to setup:
	setup({explicit_done: true});

	async_test(t => {
	assert_blocked_image_in_document(t, document, "http://example.test:8000/resources/square.png?img-in-top-level");
	}, "Image loaded in top-level blocked.");

	async_test(t => {
	var frame = document.createElement("iframe");
	frame.onload = _ => {
	assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-blank-frame");
	};
	document.body.appendChild(frame);
	}, "Image loaded via about:blank frame blocked.");

	async_test(t => {
	var frame = document.createElement("iframe");
	frame.setAttribute("srcdoc", "");
	frame.onload = _ => {
	assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-srcdoc-frame");
	};
	document.body.appendChild(frame);
	}, "Image loaded via srcdoc frame blocked.");

	async_test(t => {
	var b = new Blob([], {type: "text/html"});

	var frame = document.createElement("iframe");
	frame.src = URL.createObjectURL(b);
	frame.onload = _ => {
	assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-blob-frame");
	};
	document.body.appendChild(frame);
	}, "Image loaded via 'blob:' frame blocked.");

	async_test(t => {
	window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => {
	fs.root.getFile('worker.js', { create: true }, entry => {
	entry.createWriter(w => {
	w.onwriteend = _ => {
	var u = entry.toURL();

	var frame = document.createElement("iframe");
	frame.src = URL.createObjectURL(b);
	frame.onload = _ => {
	assert_blocked_image_in_document(t, frame.contentDocument, "http://example.test:8000/resources/square.png?img-in-filsystem-frame");
	};
	document.body.appendChild(frame);

	// explicit_done: yay.
	done();
	};
	w.onerror = t.unreached_func();

	var b = new Blob([], {type: "text/html"});
	w.write(b);
	});
	});
	});
	}, "Image loaded via 'filesystem:' frame blocked.");
	</script>
	</body>
	</html>