blob.https.sub.html (2198B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Mixed-Content: blob tests</title> 5 <meta charset="utf-8"> 6 <meta name="description" content="Test a request to a blob: URL is mixed content if the blob's origin is not potentially trustworthy."> 7 <meta name="help" href="https://w3c.github.io/webappsec-mixed-content/#should-block-fetch"> 8 <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url"> 9 <script src="/resources/testharness.js"></script> 10 <script src="/resources/testharnessreport.js"></script> 11 </head> 12 <body> 13 <script> 14 async function try_fetch_request(url) { 15 try { 16 const response = await fetch(url); 17 return response.ok; 18 } catch(e) { 19 return false; 20 } 21 } 22 23 function try_script_load(url) { 24 return new Promise(resolve => { 25 let script = document.createElement("script"); 26 script.onload = () => resolve(true); 27 script.onerror = () => resolve(false); 28 script.src = url; 29 document.body.appendChild(script); 30 }); 31 } 32 33 const popup_http = "http://{{domains[]}}:{{ports[http][0]}}/mixed-content/resources/blob-popup.html"; 34 const popup_https = "https://{{domains[]}}:{{ports[https][0]}}/mixed-content/resources/blob-popup.html"; 35 [popup_https, popup_http].forEach(popup_url => { 36 promise_test(t => { 37 return new Promise(resolve => { 38 window.addEventListener("message", resolve, {once: true}); 39 window.open(popup_url); 40 }).then(async function(event) { 41 let data = event.data; 42 assert_equals(await try_fetch_request(data.js_blob_url), 43 data.potentially_trustworthy, 44 "Fetch request"); 45 assert_equals(await try_script_load(data.js_blob_url), 46 data.potentially_trustworthy, 47 "Script load"); 48 event.source.close(); 49 }); 50 }); 51 }); 52 </script> 53 </body> 54 </html>