diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /testing/web-platform/tests/fetch/corb/style-css-mislabeled-as-html-nosniff.sub.html | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fetch/corb/style-css-mislabeled-as-html-nosniff.sub.html')
-rw-r--r-- | testing/web-platform/tests/fetch/corb/style-css-mislabeled-as-html-nosniff.sub.html | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/corb/style-css-mislabeled-as-html-nosniff.sub.html b/testing/web-platform/tests/fetch/corb/style-css-mislabeled-as-html-nosniff.sub.html new file mode 100644 index 0000000000..8fef0dc59e --- /dev/null +++ b/testing/web-platform/tests/fetch/corb/style-css-mislabeled-as-html-nosniff.sub.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<!-- Test verifies that a stylesheet mislabeled as html won't execute with and + without CORB if the nosniff response header is present. + + The expected behavior is covered by the Fetch spec at + https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff? + + See also the following tests: + - fetch/nosniff/stylesheet.html +--> +<meta charset="utf-8"> +<title>CSS is not applied (because of nosniff + non-text/css headers)</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> + +<!-- Default style that will be applied if the external stylesheet resource + below won't load for any reason. This stylesheet will set h1's + color to green (see |default_color| below). --> +<style> +h1 { color: green; } +</style> + +<!-- This stylesheet (if loaded) should set h1#header's color to red + (see |external_color| below). --> +<!-- www1 is cross-origin, so the HTTP response is CORB-eligible --> +<link rel="stylesheet" type="text/css" + href="http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/css-mislabeled-as-html-nosniff.css"> + +<body> + <h1 id="header">Header example</h1> + <p>Paragraph body</p> +</body> + +<script> +test(() => { + let style = getComputedStyle(document.getElementById('header')); + const external_color = 'rgb(255, 0, 0)'; // red + const default_color = 'rgb(0, 128, 0)'; // green + assert_equals(style.getPropertyValue('color'), default_color); + assert_not_equals(style.getPropertyValue('color'), external_color); +}); +</script> |