testing/web-platform/tests/content-security-policy/style-src/import-style-blocked.sub.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

<!DOCTYPE html>
<html>
  <head>
    <title>import-style-disallowed</title>
    <meta
      http-equiv="Content-Security-Policy"
      content="style-src 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self';"
    />
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
  </head>

  <body>
    <body>
      <script>
        promise_test((t) => {
          let check_spv = new Promise((resolve, reject) => {
            window.addEventListener("securitypolicyviolation", (e) => {
              if (e.blockedURI.endsWith("blocked.css")) {
                resolve();
              }
            });
          });

          return Promise.all([
            promise_rejects_js(t, TypeError, import("./resources/blocked.css", { with: { type: "css" } })),
            check_spv,
          ]);
        });
      </script>
    </body>
  </body>
</html>