parsing-nosniff.window.js (1133B)
1 promise_test(() => fetch("resources/x-content-type-options.json").then(res => res.json()).then(runTests), "Loading JSONā¦"); 2 3 function runTests(allTestData) { 4 for (let i = 0; i < allTestData.length; i++) { 5 const testData = allTestData[i], 6 input = encodeURIComponent(testData.input); 7 promise_test(t => { 8 let resolve; 9 const promise = new Promise(r => resolve = r); 10 const script = document.createElement("script"); 11 t.add_cleanup(() => script.remove()); 12 // A <script> element loading a classic script does not care about the MIME type, unless 13 // X-Content-Type-Options: nosniff is specified, in which case a JavaScript MIME type is 14 // enforced, which x/x is not. 15 if (testData.nosniff) { 16 script.onerror = resolve; 17 script.onload = t.unreached_func("Script should not have loaded"); 18 } else { 19 script.onerror = t.unreached_func("Script should have loaded"); 20 script.onload = resolve; 21 } 22 script.src = "resources/nosniff.py?nosniff=" + input; 23 document.body.appendChild(script); 24 return promise; 25 }, input); 26 } 27 }