tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

combine-header-and-meta-policies.sub.html (1696B)


      1 <!DOCTYPE html>
      2 <html>
      3 
      4 <head>
      5    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
      6    <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
      7    <title>combine-header-and-meta-policies</title>
      8    <script src="/resources/testharness.js"></script>
      9    <script src="/resources/testharnessreport.js"></script>
     10    <script src='../support/logTest.sub.js?logs=["TEST COMPLETE", "violated-directive=img-src", "violated-directive=style-src-elem"]'></script>
     11    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
     12    <!-- enforcing multiple policies:
     13 Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; style-src 'self'
     14 Content-Security-Policy: img-src 'none'
     15 -->
     16 </head>
     17 
     18 <body>
     19 <p>Test passes if both style and image are blocked and a report is generated for the
     20    style block from the header-supplied policy.</p>
     21 
     22    <script>
     23        window.addEventListener('securitypolicyviolation', function(e) {
     24            log("violated-directive=" + e.violatedDirective);
     25        });
     26 
     27        var img = document.createElement('img');
     28        img.src = '../support/fail.png';
     29        img.onerror = function() {
     30            log("TEST COMPLETE");
     31        };
     32        img.onload = function() {
     33            log("FAIL");
     34        };
     35        document.body.appendChild(img);
     36 
     37    </script>
     38    <style>
     39        body {
     40            background-color: blue;
     41        }
     42 
     43    </style>
     44    <script>
     45        var el = document.querySelector('body');
     46        test(function() {
     47            assert_equals(window.getComputedStyle(el).color, "rgb(0, 0, 0)")
     48        });
     49 
     50    </script>
     51    <div id="log"></div>
     52 </body>
     53 
     54 </html>