summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_meta_element.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/file_meta_element.html')
-rw-r--r--dom/security/test/csp/file_meta_element.html27
1 files changed, 27 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_meta_element.html b/dom/security/test/csp/file_meta_element.html
new file mode 100644
index 0000000000..17f19c7c86
--- /dev/null
+++ b/dom/security/test/csp/file_meta_element.html
@@ -0,0 +1,27 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta http-equiv="Content-Security-Policy"
+ content= "img-src 'none'; script-src 'unsafe-inline'; report-uri http://www.example.com; frame-ancestors https:; sandbox allow-scripts">
+ <title>Bug 663570 - Implement Content Security Policy via meta tag</title>
+</head>
+<body>
+
+ <!-- try to load an image which is forbidden by meta CSP -->
+ <img id="testimage"></img>
+
+ <script type="application/javascript">
+ var myImg = document.getElementById("testimage");
+ myImg.onload = function(e) {
+ window.parent.postMessage({result: "img-loaded"}, "*");
+ };
+ myImg.onerror = function(e) {
+ window.parent.postMessage({result: "img-blocked"}, "*");
+ };
+ //Image should be tried to load only after onload/onerror event declaration.
+ myImg.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+ </script>
+
+</body>
+</html>