window.html (1911B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 5 <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> 6 7 <body> 8 9 <script> 10 function wait_for_error_from_window(w, test) { 11 window.addEventListener('message', test.step_func(e => { 12 if (e.source != w) 13 return; 14 assert_equals(e.data, "error"); 15 w.close(); 16 test.done(); 17 })); 18 } 19 20 async_test(t => { 21 var w = window.open(); 22 23 var img = document.createElement('img'); 24 img.onerror = t.step_func_done(_ => w.close()); 25 img.onload = t.unreached_func(); 26 img.src = "/images/red-16x16.png"; 27 w.document.body.appendChild(img); 28 }, "window.open() inherits policy."); 29 30 async_test(t => { 31 var w = window.open(); 32 33 wait_for_error_from_window(w, t); 34 35 w.document.write(` 36 <img src='/images/red-16x16.png' 37 onload='window.opener.postMessage("load", "*");' 38 onerror='window.opener.postMessage("error", "*");' 39 > 40 `); 41 }, "`document.write` into `window.open()` inherits policy."); 42 43 async_test(t => { 44 var b = new Blob( 45 [` 46 <img src='${window.origin}/images/red-16x16.png' 47 onload='window.opener.postMessage("load", "*");' 48 onerror='window.opener.postMessage("error", "*");' 49 > 50 `], {type:"text/html"}); 51 52 wait_for_error_from_window(window.open(URL.createObjectURL(b)), t); 53 }, "window.open('blob:...') inherits policy."); 54 55 // Navigation to top-level `data:` is blocked. 56 57 async_test(t => { 58 var url = 59 `javascript:"<img src='${window.origin}/images/red-16x16.png' 60 onload='window.opener.postMessage(\\"load\\", \\"*\\");' 61 onerror='window.opener.postMessage(\\"error\\", \\"*\\");' 62 >"`; 63 64 wait_for_error_from_window(window.open(url), t); 65 }, "window.open('javascript:...') inherits policy."); 66 </script>