wildcard-host-part.sub.window.js (1183B)
1 setup(_ => { 2 const meta = document.createElement("meta"); 3 meta.httpEquiv = "content-security-policy"; 4 meta.content = "img-src http://*:{{ports[http][0]}}"; 5 document.head.appendChild(meta); 6 }); 7 8 async_test((t) => { 9 const img = document.createElement("img"); 10 img.onerror = t.step_func_done(); 11 img.onload = t.unreached_func("`data:` image should have been blocked."); 12 img.src = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" 13 }, "Host wildcard doesn't affect scheme matching."); 14 15 async_test((t) => { 16 const img = document.createElement("img"); 17 img.onload = t.step_func_done(); 18 img.onerror = t.unreached_func("Image from www2 host should have loaded."); 19 img.src = "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/pass.png"; 20 }, "Host wildcard allows arbitrary hosts (www1)."); 21 22 async_test((t) => { 23 const img = document.createElement("img"); 24 img.onload = t.step_func_done(); 25 img.onerror = t.unreached_func("Image from www2 host should have loaded."); 26 img.src = "http://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/pass.png"; 27 }, "Host wildcard allows arbitrary hosts (www2).");