xsltprocessor-include-blocked.html (1281B)
1 <!DOCTYPE html> 2 <script nonce="abc" src="/resources/testharness.js"></script> 3 <script nonce="abc" src="/resources/testharnessreport.js"></script> 4 <script nonce="abc" src="/content-security-policy/support/testharness-helper.js"></script> 5 <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'nonce-abc';"> 6 <body> 7 <script nonce="abc"> 8 async_test(t => { 9 waitUntilEvent(window, "securitypolicyviolation").then(t.step_func_done(e => { 10 assert_equals(e.documentURI, document.location.toString()); 11 assert_true(e.blockedURI.endsWith("/support/document.xsl")); 12 })); 13 14 const XSLT_DOC = ` 15 <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> 16 <xsl:include href="/content-security-policy/xslt/support/document.xsl" /> 17 <xsl:template match="/"> 18 <b>test</b> 19 </xsl:template> 20 </xsl:stylesheet>`; 21 22 const parser = new DOMParser(); 23 const xmlDoc = parser.parseFromString(`<root/>`, "application/xml"); 24 const xsltDoc = parser.parseFromString(XSLT_DOC, "application/xml"); 25 26 try { 27 const xsltProcessor = new XSLTProcessor(); 28 xsltProcessor.importStylesheet(xsltDoc); 29 xsltProcessor.transformToFragment(xmlDoc, document); 30 } catch {} 31 }); 32 </script> 33 </body>