img-src-wildcard-allowed.html (1494B)
1 <!DOCTYPE html> 2 <meta http-equiv="Content-Security-Policy" content="img-src *;"> 3 <html> 4 <head> 5 <title>img element src attribute must match src list.</title> 6 <script src='/resources/testharness.js'></script> 7 <script src='/resources/testharnessreport.js'></script> 8 </head> 9 <body> 10 <div id='log'></div> 11 12 <script> 13 var t1 = async_test("img-src with wildcard should match all"); 14 </script> 15 <img src='/content-security-policy/support/pass.png' 16 onload='t1.done();' 17 onerror='t1.step(function() { assert_unreached("Image should have loaded"); t1.done(); });'> 18 19 <script> 20 async_test(function(t) { 21 22 var pngBase64 = "iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAIAAAD/gAIDAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAnklEQVR42u3QMQEAAAgDoGlyo1vBzwciUJlw1ApkyZIlS5YsBbJkyZIlS5YCWbJkyZIlS4EsWbJkyZKlQJYsWbJkyVIgS5YsWbJkKZAlS5YsWbIUyJIlS5YsWQpkyZIlS5YsBbJkyZIlS5YCWbJkyZIlS4EsWbJkyZKlQJYsWbJkyVIgS5YsWbJkKZAlS5YsWbIUyJIlS5YsWQpkyfq2MosBSIeKONMAAAAASUVORK5CYII="; 23 24 blobContents = [atob(pngBase64)]; 25 blob = new Blob(blobContents, {type: "image/png"}); 26 img = document.createElement("img"); 27 img.onerror = function (e) { 28 t.done(); 29 }; 30 img.onload = function () { 31 assert_unreached("Should not load blob img"); 32 t.done(); 33 }; 34 blobURL = window.URL.createObjectURL(blob); 35 img.src = blobURL; 36 37 },"img-src with wildcard should not match blob"); 38 </script> 39 </body> 40 </html>