img-src-targeting.html (869B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta http-equiv="Content-Security-Policy" content="img-src 'none';"> 5 <script src='/resources/testharness.js'></script> 6 <script src='/resources/testharnessreport.js'></script> 7 </head> 8 <body> 9 <p>Check that img-src sets correct target</p> 10 <script> 11 var t = async_test("Test that image does not load"); 12 var t_spv = async_test("Test that spv event is fired"); 13 window.addEventListener("securitypolicyviolation", t_spv.step_func_done(function(e) { 14 assert_equals(e.violatedDirective, 'img-src'); 15 assert_equals(e.target, document); 16 assert_true(e.blockedURI.endsWith('/support/fail.png')); 17 })); 18 </script> 19 <img src='/content-security-policy/support/fail.png' 20 onload='t.step(function() { assert_unreached("Image should not have loaded"); t.done(); });' 21 onerror='t.done();'> 22 </body> 23 24 </html>