file_meta_element.html (920B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <meta http-equiv="Content-Security-Policy" 6 content= "img-src 'none'; script-src 'unsafe-inline'; report-uri http://www.example.com; frame-ancestors https:; sandbox allow-scripts"> 7 <title>Bug 663570 - Implement Content Security Policy via meta tag</title> 8 </head> 9 <body> 10 11 <!-- try to load an image which is forbidden by meta CSP --> 12 <img id="testimage"></img> 13 14 <script type="application/javascript"> 15 var myImg = document.getElementById("testimage"); 16 myImg.onload = function(e) { 17 window.parent.postMessage({result: "img-loaded"}, "*"); 18 }; 19 myImg.onerror = function(e) { 20 window.parent.postMessage({result: "img-blocked"}, "*"); 21 }; 22 //Image should be tried to load only after onload/onerror event declaration. 23 myImg.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png"; 24 </script> 25 26 </body> 27 </html>