script-js-mislabeled-as-html.sub.html (806B)
1 <!DOCTYPE html> 2 <!-- Test verifies that script mislabeled as html will execute with and without 3 CORB (CORB should allow the script after sniffing). 4 --> 5 <meta charset="utf-8"> 6 <script src="/resources/testharness.js"></script> 7 <script src="/resources/testharnessreport.js"></script> 8 <div id=log></div> 9 10 <script> 11 setup({ single_test: true }); 12 window.has_executed_script = false; 13 </script> 14 15 <!-- www1 is cross-origin, so the HTTP response is CORB-eligible --> 16 <script src="http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/js-mislabeled-as-html.js"> 17 </script> 18 19 <script> 20 // Verify what observable effects the <script> tag above had. 21 // Assertion should hold with and without CORB: 22 assert_true(window.has_executed_script, 23 'The cross-origin script should execute'); 24 done(); 25 </script>