chromium/src/third_party/blink/web_tests/http/tests/security/contentTypeOptions/block-image-as-script.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <head>
     <title>Block 'image/*' when served as script.</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script>
       window.scriptsSuccessfullyLoaded = 0;
     </script>
 </head>
 <body>
     <script src="resources/script-with-header.pl?mime=image/gif&amp;options=invalid"></script>
     <script src="resources/script-with-header.pl?mime=image/jpeg&amp;options=invalid"></script>
     <script src="resources/script-with-header.pl?mime=IMAGE/PNG&amp;options=invalid"></script>
     <script src="resources/script-with-header.pl?mime=image/x-icon&amp;options=invalid"></script>
     <script src="resources/script-with-header.pl?mime=image/svg+xml&amp;options=invalid"></script>
     <script>
       test(function () {
         assert_equals(window.scriptsSuccessfullyLoaded, 0);
       }, "All image/* scripts should be blocked.");
     </script>
 </body>
 </html>
	<!DOCTYPE html>
	<head>
	<title>Block 'image/*' when served as script.</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script>
	window.scriptsSuccessfullyLoaded = 0;
	</script>
	</head>
	<body>
	<script src="resources/script-with-header.pl?mime=image/gif&options=invalid"></script>
	<script src="resources/script-with-header.pl?mime=image/jpeg&options=invalid"></script>
	<script src="resources/script-with-header.pl?mime=IMAGE/PNG&options=invalid"></script>
	<script src="resources/script-with-header.pl?mime=image/x-icon&options=invalid"></script>
	<script src="resources/script-with-header.pl?mime=image/svg+xml&options=invalid"></script>
	<script>
	test(function () {
	assert_equals(window.scriptsSuccessfullyLoaded, 0);
	}, "All image/* scripts should be blocked.");
	</script>
	</body>
	</html>