blob: d210cc6670f66ce5b1c2c5b6534638a8cdb6997d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
setup(_ => {
const meta = document.createElement("meta");
meta.httpEquiv = "content-security-policy";
meta.content = "img-src http://*:{{ports[http][0]}}";
document.head.appendChild(meta);
});
async_test((t) => {
const img = document.createElement("img");
img.onerror = t.step_func_done();
img.onload = t.unreached_func("`data:` image should have been blocked.");
img.src = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="
}, "Host wildcard doesn't affect scheme matching.");
async_test((t) => {
const img = document.createElement("img");
img.onload = t.step_func_done();
img.onerror = t.unreached_func("Image from www2 host should have loaded.");
img.src = "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/pass.png";
}, "Host wildcard allows arbitrary hosts (www1).");
async_test((t) => {
const img = document.createElement("img");
img.onload = t.step_func_done();
img.onerror = t.unreached_func("Image from www2 host should have loaded.");
img.src = "http://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/pass.png";
}, "Host wildcard allows arbitrary hosts (www2).");
|
