test_nonce_snapshot.html (1062B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Bug 1509738 - Snapshot nonce at load start time</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <iframe style="width:100%;" id="testframe"></iframe> 11 12 <script class="testbody" type="text/javascript"> 13 14 /* Description of the test: 15 * a) the test starts loading a script using allowlisted nonce 16 * b) the nonce of the script gets modified 17 * c) the script hits a 302 server side redirect 18 * d) we ensure the script still loads and does not use the modified nonce 19 */ 20 21 window.addEventListener("message", receiveMessage); 22 function receiveMessage(event) { 23 is(event.data, "script-loaded", "script loaded even though nonce was dynamically modified"); 24 window.removeEventListener("message", receiveMessage); 25 SimpleTest.finish(); 26 } 27 28 29 SimpleTest.waitForExplicitFinish(); 30 let src = "file_nonce_snapshot.sjs?load-frame"; 31 document.getElementById("testframe").src = src; 32 33 </script> 34 </body> 35 </html>