27 lines
790 B
HTML
27 lines
790 B
HTML
<html>
|
|
<head> <meta charset="utf-8"> </head>
|
|
<body>
|
|
|
|
<!-- this should be allowed (no CSP)-->
|
|
<img src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img_good&type=img/png"> </img>
|
|
|
|
|
|
<script type="text/javascript">
|
|
var req = new XMLHttpRequest();
|
|
req.onload = function() {
|
|
//this should be allowed (no CSP)
|
|
try {
|
|
var img = document.createElement("img");
|
|
img.src="http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img2_good&type=img/png";
|
|
document.body.appendChild(img);
|
|
} catch(e) {
|
|
console.log("yo: "+e);
|
|
}
|
|
};
|
|
req.open("get", "file_bug941404_xhr.html", true);
|
|
req.responseType = "document";
|
|
req.send();
|
|
</script>
|
|
|
|
</body>
|
|
</html>
|