style-css-mislabeled-as-html-nosniff.sub.html (1552B)
1 <!DOCTYPE html> 2 <!-- Test verifies that a stylesheet mislabeled as html won't execute with and 3 without CORB if the nosniff response header is present. 4 5 The expected behavior is covered by the Fetch spec at 6 https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff? 7 8 See also the following tests: 9 - fetch/nosniff/stylesheet.html 10 --> 11 <meta charset="utf-8"> 12 <title>CSS is not applied (because of nosniff + non-text/css headers)</title> 13 <script src=/resources/testharness.js></script> 14 <script src=/resources/testharnessreport.js></script> 15 16 <!-- Default style that will be applied if the external stylesheet resource 17 below won't load for any reason. This stylesheet will set h1's 18 color to green (see |default_color| below). --> 19 <style> 20 h1 { color: green; } 21 </style> 22 23 <!-- This stylesheet (if loaded) should set h1#header's color to red 24 (see |external_color| below). --> 25 <!-- www1 is cross-origin, so the HTTP response is CORB-eligible --> 26 <link rel="stylesheet" type="text/css" 27 href="http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/css-mislabeled-as-html-nosniff.css"> 28 29 <body> 30 <h1 id="header">Header example</h1> 31 <p>Paragraph body</p> 32 </body> 33 34 <script> 35 test(() => { 36 let style = getComputedStyle(document.getElementById('header')); 37 const external_color = 'rgb(255, 0, 0)'; // red 38 const default_color = 'rgb(0, 128, 0)'; // green 39 assert_equals(style.getPropertyValue('color'), default_color); 40 assert_not_equals(style.getPropertyValue('color'), external_color); 41 }); 42 </script>