media-src-blocked.sub.html (3704B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Media element src attribute must match src list - 'none' negative test</title> 5 <meta http-equiv="Content-Security-Policy" content="script-src * 'unsafe-inline'; media-src 'none'; connect-src 'self';"> 6 <script src='/resources/testharness.js'></script> 7 <script src='/resources/testharnessreport.js'></script> 8 <script src='/common/get-host-info.sub.js'></script> 9 </head> 10 <body> 11 <h1>Media element src attribute must match src list - 'none' negative test</h1> 12 <div id='log'></div> 13 14 <script> 15 const otherOrigin = get_host_info().OTHER_ORIGIN; 16 const audioUrl = otherOrigin + "/media/sound_5.oga"; 17 const videoUrl = otherOrigin + "/media/A4.webm"; 18 19 // Asynchronously returns the next `securitypolicyviolation` event. 20 async function nextViolation() { 21 return await new Promise((resolve) => { 22 window.addEventListener("securitypolicyviolation", resolve, { 23 once: true, 24 }); 25 }); 26 } 27 28 promise_test(t => new Promise((resolve, reject) => { 29 const violationPromise = nextViolation(); 30 31 const video = document.createElement("video"); 32 video.type = "video/webm"; 33 video.src = videoUrl; 34 video.onloadeddata = reject; 35 video.onerror = () => { resolve(violationPromise); }; 36 37 document.body.appendChild(video); 38 }).then((violation) => { 39 assert_equals(violation.violatedDirective, "media-src", "directive"); 40 assert_equals(violation.blockedURI, videoUrl, "blocked URI"); 41 }), "Disallowed async video src"); 42 43 promise_test(t => new Promise((resolve, reject) => { 44 const violationPromise = nextViolation(); 45 46 const video = document.createElement("video"); 47 video.oncanplay = reject; 48 video.onloadedmetadata = reject; 49 video.onloadeddata = reject; 50 51 const source = document.createElement("source"); 52 source.type = "video/webm"; 53 source.src = videoUrl; 54 source.onerror = () => { resolve(violationPromise); }; 55 56 video.appendChild(source); 57 document.body.appendChild(video); 58 }).then((violation) => { 59 assert_equals(violation.violatedDirective, "media-src", "directive"); 60 assert_equals(violation.blockedURI, videoUrl, "blocked URI"); 61 }), "Disallowed async video source element"); 62 63 promise_test(t => new Promise((resolve, reject) => { 64 const violationPromise = nextViolation(); 65 66 const audio = document.createElement("audio"); 67 audio.type = "audio/webm"; 68 audio.src = audioUrl; 69 audio.oncanplay = reject; 70 audio.onloadedmetadata = reject; 71 audio.onloadeddata = reject; 72 audio.onerror = () => { resolve(violationPromise); }; 73 74 document.body.appendChild(audio); 75 }).then((violation) => { 76 assert_equals(violation.violatedDirective, "media-src", "directive"); 77 assert_equals(violation.blockedURI, audioUrl, "blocked URI"); 78 }), "Disallowed audio src"); 79 80 promise_test(t => new Promise((resolve, reject) => { 81 const violationPromise = nextViolation(); 82 83 const audio = document.createElement("audio"); 84 audio.oncanplay = reject; 85 audio.onloadedmetadata = reject; 86 audio.onloadeddata = reject; 87 88 const source = document.createElement("source"); 89 source.type = "audio/webm"; 90 source.src = audioUrl; 91 source.onerror = () => { resolve(violationPromise); }; 92 93 audio.appendChild(source); 94 document.body.appendChild(audio); 95 }).then((violation) => { 96 assert_equals(violation.violatedDirective, "media-src", "directive"); 97 assert_equals(violation.blockedURI, audioUrl, "blocked URI"); 98 }), "Disallowed audio source element"); 99 </script> 100 </body> 101 </html>