script-src-strict_dynamic_in_img-src.html (1093B)
1 <!DOCTYPE HTML> 2 <html> 3 4 <head> 5 <title>`strict-dynamic` does not drop allowed source expressions in `img-src`.</title> 6 <script src='/resources/testharness.js' nonce='dummy'></script> 7 <script src='/resources/testharnessreport.js' nonce='dummy'></script> 8 9 <!-- CSP served: img-src 'strict-dynamic' 'self' --> 10 </head> 11 12 <body> 13 <h1>`strict-dynamic` does not drop allowed source expressions in `img-src`.</h1> 14 <div id='log'></div> 15 16 <script nonce='dummy'> 17 window.addEventListener('securitypolicyviolation', function(e) { 18 assert_unreached('No CSP violation report has fired.'); 19 }); 20 21 async_test(function(t) { 22 var e = document.createElement('img'); 23 e.id = 'allowedImage'; 24 e.src = '/content-security-policy/support/pass.png'; 25 e.onerror = t.unreached_func('Error should not be triggered.'); 26 e.onload = t.step_func_done(); 27 document.body.appendChild(e); 28 }, '`strict-dynamic` does not drop allowed source expressions in `img-src`.'); 29 </script> 30 </body> 31 32 </html>