img-src-4_1.sub.html (1335B)
1 <!DOCTYPE HTML> 2 <meta http-equiv="Content-Security-Policy" content="img-src 'self' {{domains[www]}}:{{ports[http][0]}}"> 3 <html> 4 <head> 5 <title>img element src attribute must match src list.</title> 6 <script src='/resources/testharness.js'></script> 7 <script src='/resources/testharnessreport.js'></script> 8 </head> 9 <body> 10 <div id='log'></div> 11 12 <script> 13 async_test(function(t) { 14 i = new Image(); 15 i.onload = t.step_func_done(); 16 i.onerror = t.unreached_func("The img should have loaded"); 17 i.src = '/content-security-policy/support/pass.png'; 18 }, "img-src for relative path should load"); 19 20 async_test(function(t) { 21 i = new Image(); 22 i.onload = t.unreached_func("Image from unapproved domain was loaded."); 23 i.onerror = t.step_func_done(); 24 i.src = 'http://{{domains[www1]}}/content-security-policy/support/fail.png'; 25 }, "img-src from unapproved domains should not load"); 26 27 async_test(function(t) { 28 i = new Image(); 29 i.onload = t.step_func_done(); 30 i.onerror = t.unreached_func("The img should have loaded"); 31 i.src = location.protocol + '//{{domains[www]}}:{{ports[http][0]}}/content-security-policy/support/pass.png'; 32 }, "img-src from approved domains should load"); 33 </script> 34 </body> 35 </html>