blob: c8a90c79b3f7f5136dbad30dd3299fc57365b272 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
<!DOCTYPE html>
<!-- Test verifies that cross-origin blob URIs are blocked both with and
without CORB.
-->
<meta charset="utf-8">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<div id=log></div>
<script>
async_test(function(t) {
function step1_createSubframe() {
addEventListener("message", function(e) {
t.step(function() { step2_processSubframeMsg(e.data); })
});
var subframe = document.createElement("iframe")
// www1 is cross-origin, to ensure that the received blob will be cross-origin.
subframe.src = 'http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/subframe-that-posts-html-containing-blob-url-to-parent.html';
document.body.appendChild(subframe);
}
function step2_processSubframeMsg(msg) {
assert_false(msg.hasOwnProperty('error'), 'unexpected property found: "error"');
assert_equals(msg.blob_type, 'text/html');
assert_equals(msg.blob_size, 147);
// With and without CORB loading of a cross-origin blob should be blocked
// (this is verified by expecting |script.onerror|, but not |script.onload|
// below).
var script = document.createElement("script")
script.src = msg.blob_url;
script.onerror = t.step_func_done(function(){})
script.onload = t.unreached_func("Unexpected load event")
document.body.appendChild(script)
}
step1_createSubframe();
});
</script>
|
