generic-0_1-img-src.html (1459B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>default-src should cascade to img-src directive</title> 5 <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline';"> 6 <script src='/resources/testharness.js'></script> 7 <script src='/resources/testharnessreport.js'></script> 8 <script src='../support/siblingPath.js'></script> 9 </head> 10 <body> 11 <h1>default-src should cascade to img-src directive</h1> 12 <div id='log'></div> 13 14 <script> 15 var imgsrc = async_test("Verify cascading of default-src to img-src policy"); 16 var onerrorFired = false; 17 var t_spv = async_test("Should fire violation events for every failed violation"); 18 19 window.addEventListener("securitypolicyviolation", t_spv.step_func_done(function(e) { 20 assert_equals(e.violatedDirective, "img-src"); 21 })); 22 </script> 23 24 <img id='imgfail' src='' 25 onload='imgsrc.step(function() { assert_unreached("Image load was not blocked."); });' 26 onerror='onerrorFired = true;'> 27 <img src='../support/pass.png' 28 onload='imgsrc.step(function() { assert_true(true, "Image load was blocked."); });'> 29 30 <script> 31 document.getElementById('imgfail').src = buildSiblingPath('www1', '../support/fail.png'); 32 onload = function() { 33 imgsrc.step(function() { assert_true(onerrorFired, "onerror handler for blocked img didn't fire");}); 34 imgsrc.done(); 35 } 36 </script> 37 </body> 38 </html>