27 lines
920 B
HTML
27 lines
920 B
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="Content-Security-Policy"
|
|
content= "img-src 'none'; script-src 'unsafe-inline'; report-uri http://www.example.com; frame-ancestors https:; sandbox allow-scripts">
|
|
<title>Bug 663570 - Implement Content Security Policy via meta tag</title>
|
|
</head>
|
|
<body>
|
|
|
|
<!-- try to load an image which is forbidden by meta CSP -->
|
|
<img id="testimage"></img>
|
|
|
|
<script type="application/javascript">
|
|
var myImg = document.getElementById("testimage");
|
|
myImg.onload = function(e) {
|
|
window.parent.postMessage({result: "img-loaded"}, "*");
|
|
};
|
|
myImg.onerror = function(e) {
|
|
window.parent.postMessage({result: "img-blocked"}, "*");
|
|
};
|
|
//Image should be tried to load only after onload/onerror event declaration.
|
|
myImg.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
|
|
</script>
|
|
|
|
</body>
|
|
</html>
|