<!DOCTYPE HTML> <html> <head> <title>Test if "script-src: sha-... " Allowlists "javascript:" URIs</title> <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> <script src="/tests/SimpleTest/SimpleTest.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> </head> <body> <iframe></iframe> <script class="testbody"> SimpleTest.requestCompleteLog(); SimpleTest.waitForExplicitFinish(); let frame = document.querySelector("iframe"); window.addEventListener("message", (msg) => { ok(false, "The CSP did not block javascript:uri"); SimpleTest.finish(); }); document.addEventListener("securitypolicyviolation", () => { ok(true, "The CSP did block javascript:uri"); SimpleTest.finish(); }); frame.addEventListener("load", () => { let link = frame.contentWindow.document.querySelector("a"); frame.contentWindow.document.addEventListener("securitypolicyviolation", () => { ok(true, "The CSP did block javascript:uri"); SimpleTest.finish(); }) link.click(); }); frame.src = "file_bug1452037.html"; </script> </body> </html>