tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_main.html (2671B)

      1 <html>
      2  <head>
      3    <link rel='stylesheet' type='text/css'
      4          href='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
      5    <link rel='stylesheet' type='text/css'
      6          href='file_CSP.sjs?testid=style_good&type=text/css' />
      7 
      8 
      9    <style>
     10      /* CSS font embedding tests */
     11      @font-face {
     12        font-family: "arbitrary_good";
     13        src: url('file_CSP.sjs?testid=font_good&type=application/octet-stream');
     14      }
     15      @font-face {
     16        font-family: "arbitrary_bad";
     17        src: url('http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
     18      }
     19 
     20      .div_arbitrary_good { font-family: "arbitrary_good"; }
     21      .div_arbitrary_bad { font-family: "arbitrary_bad"; }
     22    </style>
     23  </head>
     24  <body>
     25    <!-- these should be stopped by CSP.  :) -->
     26    <img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
     27    <audio src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
     28    <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
     29    <iframe src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
     30    <object width="10" height="10">
     31      <param name="movie" value="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
     32      <embed src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
     33    </object>
     34 
     35    <!-- these should load ok.  :) -->
     36    <img src="file_CSP.sjs?testid=img_good&type=img/png" />
     37    <audio src="file_CSP.sjs?testid=media_good&type=audio/vorbis"></audio>
     38    <script src='file_CSP.sjs?testid=script_good&type=text/javascript'></script>
     39    <iframe src='file_CSP.sjs?testid=frame_good&content=PASS'></iframe>
     40 
     41    <object width="10" height="10">
     42      <param name="movie" value="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash">
     43      <embed src="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash"></embed>
     44    </object>
     45 
     46    <!-- XHR tests... they're taken care of in this script,
     47         and since the URI doesn't have any 'testid' values,
     48         it will just be ignored by the test framework.  -->
     49    <script src='file_main.js'></script>
     50 
     51    <!-- Support elements for the @font-face test -->
     52    <div class="div_arbitrary_good">arbitrary good</div>
     53    <div class="div_arbitrary_bad">arbitrary_bad</div>
     54  </body>
     55 </html>