41 lines
1.2 KiB
HTML
41 lines
1.2 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<title>Test if "script-src: sha-... " Allowlists "javascript:" URIs</title>
|
|
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
<iframe></iframe>
|
|
|
|
<script class="testbody">
|
|
SimpleTest.requestCompleteLog();
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
let frame = document.querySelector("iframe");
|
|
|
|
window.addEventListener("message", (msg) => {
|
|
ok(false, "The CSP did not block javascript:uri");
|
|
SimpleTest.finish();
|
|
});
|
|
|
|
document.addEventListener("securitypolicyviolation", () => {
|
|
ok(true, "The CSP did block javascript:uri");
|
|
SimpleTest.finish();
|
|
});
|
|
|
|
frame.addEventListener("load", () => {
|
|
let link = frame.contentWindow.document.querySelector("a");
|
|
frame.contentWindow.document.addEventListener("securitypolicyviolation", () => {
|
|
ok(true, "The CSP did block javascript:uri");
|
|
SimpleTest.finish();
|
|
})
|
|
link.click();
|
|
});
|
|
frame.src = "file_bug1452037.html";
|
|
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|