tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

script-src-blocks-wasm.tentative.sub.html (822B)

      1 <!DOCTYPE html>
      2 <title>script-src blocks Wasm execution</title>
      3 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script>
      7    setup({allow_uncaught_exception: true});
      8 
      9    const test_load = async_test(
     10        "Importing a WebAssembly module should be guarded by script-src CSP.");
     11 
     12    window.log = [];
     13    document.addEventListener("securitypolicyviolation", (e) => {
     14      window.log.push(e.violatedDirective);
     15    });
     16 
     17    window.addEventListener("load", test_load.step_func_done(ev => {
     18      assert_array_equals(log, ["script-src-elem"]);
     19    }));
     20 </script>
     21 <script type="module" src="https://{{hosts[alt][]}}:{{ports[https][0]}}/resources/execute-start.wasm"></script>