svg-inline.sub.html (1346B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>svg-policy-with-resource</title> 5 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';"> 6 <script src="/resources/testharness.js"></script> 7 <script src="/resources/testharnessreport.js"></script> 8 <script> 9 var t_spv = async_test("Should fire violation event"); 10 window.addEventListener("securitypolicyviolation", t_spv.step_func_done(function(e) { 11 assert_equals(e.violatedDirective, "script-src-elem"); 12 })); 13 </script> 14 15 </head> 16 17 <body> 18 <p>Tests that an SVG loaded in an iframe with a policy enforces it, not 19 the policy enforced by this parent frame. The SVG should render and 20 not redirect to a different resource.</p> 21 <div id="log"></div> 22 <?xml version="1.0" standalone="no"?> 23 24 <svg width="6cm" height="5cm" viewBox="0 0 600 500" 25 xmlns="http://www.w3.org/2000/svg" version="1.1"> 26 27 <script type="application/ecmascript" 28 xlink:href="http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/support/.js"> 29 </script> 30 31 <circle cx="300" cy="225" r="100" fill="lawngreen"/> 32 33 <text x="300" y="250" 34 font-family="Verdana" 35 font-size="50" 36 text-anchor="middle"> 37 PASS 38 </text> 39 </svg> 40 </body> 41 </html>