base-uri-deny.sub.html (997B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta http-equiv="Content-Security-Policy" content="base-uri {{location[scheme]}}://{{domains[www1]}}:{{ports[http][0]}}/"> 5 <script src='/resources/testharness.js'></script> 6 <script src='/resources/testharnessreport.js'></script> 7 8 <script> 9 var t = async_test("Check that baseURI fires a securitypolicyviolation event when it does not match the csp directive"); 10 window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) { 11 assert_equals(e.blockedURI, "{{location[scheme]}}://{{domains[www2]}}:{{ports[http][0]}}/") 12 assert_equals(e.violatedDirective, "base-uri"); 13 })); 14 </script> 15 16 <base href="{{location[scheme]}}://{{domains[www2]}}:{{ports[http][0]}}/"> 17 <script> 18 test(function() { 19 assert_equals(document.baseURI, window.location.href); 20 t.done(); 21 }, "Check that the baseURI is not set when it does not match the csp directive"); 22 </script> 23 </head> 24 <body> 25 </html>