| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000"> |
| <script> |
| if (window.testRunner) { |
| testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1); |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| function onload() { |
| if (window.testRunner) { |
| anchor = document.getElementById('anchor'); |
| anchor.click(); |
| } |
| } |
| </script> |
| </head> |
| <body onload="onload();"> |
| <p> |
| Tests whether "ping" attribute of an <at> / "anchor" tag is subject |
| to CSP enforcement (via 'connect-src'). |
| </p> |
| <p> |
| <!-- Note that ping's URL has different origin from what was specified |
| in the content-src content security policy in the header above. --> |
| <a href="/resources/notify-done.html" |
| ping="https://localhost:8443/resources/dummy.txt" |
| id="anchor" |
| >Link</a> |
| </p> |
| </body> |
| </html> |