object-src-url-embed-allowed.html (705B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <!-- 8 Content-Security-Policy: 9 object-src 'self'; 10 script-src 'self' 'unsafe-inline'; 11 report-uri /reporting/resources/report.py?op=put&reportID={{$id}} 12 --> 13 </head> 14 15 <body> 16 <embed height="40" width="40" type="image/png" 17 src="/content-security-policy/support/pass.png"></embed> 18 <!-- 19 We rely on the report because we can't rely on the onload event for 20 "allowed" tests as it is not fired for object and embed 21 --> 22 <script src='../support/checkReport.sub.js?reportExists=false'></script> 23 </body> 24 25 </html>