diff options
Diffstat (limited to 'testing/web-platform/tests/fetch/corb/script-html-via-cross-origin-blob-url.sub.html')
-rw-r--r-- | testing/web-platform/tests/fetch/corb/script-html-via-cross-origin-blob-url.sub.html | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/corb/script-html-via-cross-origin-blob-url.sub.html b/testing/web-platform/tests/fetch/corb/script-html-via-cross-origin-blob-url.sub.html new file mode 100644 index 0000000000..c8a90c79b3 --- /dev/null +++ b/testing/web-platform/tests/fetch/corb/script-html-via-cross-origin-blob-url.sub.html @@ -0,0 +1,38 @@ +<!DOCTYPE html> +<!-- Test verifies that cross-origin blob URIs are blocked both with and + without CORB. +--> +<meta charset="utf-8"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<div id=log></div> +<script> +async_test(function(t) { + function step1_createSubframe() { + addEventListener("message", function(e) { + t.step(function() { step2_processSubframeMsg(e.data); }) + }); + var subframe = document.createElement("iframe") + // www1 is cross-origin, to ensure that the received blob will be cross-origin. + subframe.src = 'http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/subframe-that-posts-html-containing-blob-url-to-parent.html'; + document.body.appendChild(subframe); + } + + function step2_processSubframeMsg(msg) { + assert_false(msg.hasOwnProperty('error'), 'unexpected property found: "error"'); + assert_equals(msg.blob_type, 'text/html'); + assert_equals(msg.blob_size, 147); + + // With and without CORB loading of a cross-origin blob should be blocked + // (this is verified by expecting |script.onerror|, but not |script.onload| + // below). + var script = document.createElement("script") + script.src = msg.blob_url; + script.onerror = t.step_func_done(function(){}) + script.onload = t.unreached_func("Unexpected load event") + document.body.appendChild(script) + } + + step1_createSubframe(); +}); +</script> |