icon-allowed.sub.html (1028B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta http-equiv="Content-Security-Policy" content="img-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';"> 5 <script src='/resources/testharness.js'></script> 6 <script src='/resources/testharnessreport.js'></script> 7 </head> 8 <body> 9 <p>Use callbacks to show that favicons are loaded as allowed by CSP when link tags are dynamically added to the page.</p> 10 <script> 11 var t = async_test("Test that image loads"); 12 window.addEventListener("securitypolicyviolation", t.unreached_func("Should not have triggered any violation events")); 13 14 function createLink(rel, src) { 15 var link = document.createElement('link'); 16 link.rel = rel; 17 link.href = src; 18 link.onload = t.done(); 19 link.onerror = t.unreached_func('The image should have loaded'); 20 document.body.appendChild(link); 21 } 22 window.addEventListener('DOMContentLoaded', function() { 23 createLink('icon', '../support/pass.png'); 24 }); 25 26 </script> 27 </body> 28 </html>