[ tor-browser ].git.dasho

report-strips-username-password.html (661B)

      1 <!DOCTYPE html>
      2 <head>
      3  <script src="/resources/testharness.js"></script>
      4  <script src="/resources/testharnessreport.js"></script>
      5  <script src="/content-security-policy/support/testharness-helper.js"></script>
      6  <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
      7 </head>
      8 <body>
      9  <script>
     10  async_test(t => {
     11    addEventListener("securitypolicyviolation", t.step_func_done(e => {
     12      assert_equals(e.blockedURI, "https://evil.com/img.png");
     13    }));
     14 
     15    var i = document.createElement("img");
     16    i.src = "https://user:password@evil.com/img.png";
     17  }, "Reported blockedURI does not contain username or password.");
     18  </script>
     19 </body>

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE