worker-function-function-blocked.sub.html (1309B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self';"> 7 <title>worker-function-function-blocked</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["Function() function blocked"]'></script> 11 <script src='../support/alertAssert.sub.js?alerts=[]'></script> 12 </head> 13 14 <body> 15 <p>This test loads a worker, delivered with its own policy. 16 The Function constructor should be forbidden by that 17 policy. No report should be generated because the worker 18 policy does not set a report-uri (although this parent 19 resource does).</p> 20 <script> 21 window.addEventListener('securitypolicyviolation', function(e) { 22 log('Fail'); 23 }); 24 try { 25 var worker = new Worker('/content-security-policy/script-src/support/worker-function-function.js'); 26 worker.onmessage = function(event) { 27 log(event.data); 28 }; 29 } catch (e) { 30 log(e); 31 } 32 33 </script> 34 <div id="log"></div> 35 </body> 36 37 </html>