test_bug1452037.html (1229B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Test if "script-src: sha-... " Allowlists "javascript:" URIs</title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <iframe></iframe> 11 12 <script class="testbody"> 13 SimpleTest.requestCompleteLog(); 14 SimpleTest.waitForExplicitFinish(); 15 16 let frame = document.querySelector("iframe"); 17 18 window.addEventListener("message", (msg) => { 19 ok(false, "The CSP did not block javascript:uri"); 20 SimpleTest.finish(); 21 }); 22 23 document.addEventListener("securitypolicyviolation", () => { 24 ok(true, "The CSP did block javascript:uri"); 25 SimpleTest.finish(); 26 }); 27 28 frame.addEventListener("load", () => { 29 let link = frame.contentWindow.document.querySelector("a"); 30 frame.contentWindow.document.addEventListener("securitypolicyviolation", () => { 31 ok(true, "The CSP did block javascript:uri"); 32 SimpleTest.finish(); 33 }) 34 link.click(); 35 }); 36 frame.src = "file_bug1452037.html"; 37 38 39 </script> 40 </body> 41 </html>