diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:43:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:43:14 +0000 |
commit | 8dd16259287f58f9273002717ec4d27e97127719 (patch) | |
tree | 3863e62a53829a84037444beab3abd4ed9dfc7d0 /testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js | |
parent | Releasing progress-linux version 126.0.1-1~progress7.99u1. (diff) | |
download | firefox-8dd16259287f58f9273002717ec4d27e97127719.tar.xz firefox-8dd16259287f58f9273002717ec4d27e97127719.zip |
Merging upstream version 127.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js b/testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js new file mode 100644 index 0000000000..d210cc6670 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/wildcard-host-part.sub.window.js @@ -0,0 +1,27 @@ +setup(_ => { + const meta = document.createElement("meta"); + meta.httpEquiv = "content-security-policy"; + meta.content = "img-src http://*:{{ports[http][0]}}"; + document.head.appendChild(meta); +}); + +async_test((t) => { + const img = document.createElement("img"); + img.onerror = t.step_func_done(); + img.onload = t.unreached_func("`data:` image should have been blocked."); + img.src = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" +}, "Host wildcard doesn't affect scheme matching."); + +async_test((t) => { + const img = document.createElement("img"); + img.onload = t.step_func_done(); + img.onerror = t.unreached_func("Image from www2 host should have loaded."); + img.src = "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/pass.png"; +}, "Host wildcard allows arbitrary hosts (www1)."); + +async_test((t) => { + const img = document.createElement("img"); + img.onload = t.step_func_done(); + img.onerror = t.unreached_func("Image from www2 host should have loaded."); + img.src = "http://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/pass.png"; +}, "Host wildcard allows arbitrary hosts (www2)."); |