diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/csp/file_bug1777572.html | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp/file_bug1777572.html')
-rw-r--r-- | dom/security/test/csp/file_bug1777572.html | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_bug1777572.html b/dom/security/test/csp/file_bug1777572.html new file mode 100644 index 0000000000..51f2a80d28 --- /dev/null +++ b/dom/security/test/csp/file_bug1777572.html @@ -0,0 +1,43 @@ +<!DOCTYPE html> +<html> +<head> + <meta http-equiv="Content-Security-Policy" content="img-src https://*;"> + <script> + async function timeout (cmd) { + const timer = new Promise((resolve, reject) => { + const id = setTimeout(() => { + clearTimeout(id) + reject(new Error('Promise timed out!')) + }, 750) + }) + return Promise.race([cmd, timer]) + } + + let ourOpener = window.opener; + + if (location.search.includes("close")) { + window.close(); + } + + document.addEventListener('DOMContentLoaded', async () => { + const frame = document.createElementNS('http://www.w3.org/1999/xhtml', 'frame'); + const image = document.createElementNS('http://www.w3.org/2000/svg', 'image'); + document.documentElement.appendChild(frame) + image.setAttribute('href', 'a.png') + for (let i = 0; i < 5; ++i) { + try { await timeout(image.decode()) } catch (e) {} + } + let w = window.open(); + // Need to run SpecialPowers in the newly opened window to avoid + // .wrap throwing because of dead objects. + let csp = w.eval("SpecialPowers.wrap(document).cspJSON;"); + ourOpener.postMessage(csp, "*"); + w.close(); + + if (!location.search.includes("close")) { + window.close(); + } + }) + </script> +</head> +</html> |