22 lines
662 B
HTML
22 lines
662 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline';">
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
</head>
|
|
|
|
<body>
|
|
<script>
|
|
var t = async_test("Should block the object and fire a spv");
|
|
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
|
|
assert_equals(e.violatedDirective, "object-src");
|
|
}));
|
|
</script>
|
|
|
|
<embed height="40" width="40" type="image/png"
|
|
src="/content-security-policy/support/fail.png"></embed>
|
|
</body>
|
|
|
|
</html>
|