1 files changed, 40 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html b/testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html
new file mode 100644
index 0000000000..72326ee6fc
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/img-src/img-src-wildcard-allowed.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<meta http-equiv="Content-Security-Policy" content="img-src *;">
+<html>
+<head>
+    <title>img element src attribute must match src list.</title>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+</head>
+<body>
+    <div id='log'/>
+
+    <script>
+      var t1 = async_test("img-src with wildcard should match all");
+    </script>
+    <img src='/content-security-policy/support/pass.png'
+         onload='t1.done();'
+         onerror='t1.step(function() { assert_unreached("Image should have loaded"); t1.done(); });'>
+
+    <script>
+      async_test(function(t) {
+
+        var pngBase64 = "iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAIAAAD/gAIDAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAnklEQVR42u3QMQEAAAgDoGlyo1vBzwciUJlw1ApkyZIlS5YsBbJkyZIlS5YCWbJkyZIlS4EsWbJkyZKlQJYsWbJkyVIgS5YsWbJkKZAlS5YsWbIUyJIlS5YsWQpkyZIlS5YsBbJkyZIlS5YCWbJkyZIlS4EsWbJkyZKlQJYsWbJkyVIgS5YsWbJkKZAlS5YsWbIUyJIlS5YsWQpkyfq2MosBSIeKONMAAAAASUVORK5CYII=";
+
+        blobContents = [atob(pngBase64)];
+        blob = new Blob(blobContents, {type: "image/png"});
+        img = document.createElement("img");
+        img.onerror = function (e) {
+          t.done();
+        };
+        img.onload = function () {
+          assert_unreached("Should not load blob img");
+          t.done();
+        };
+        blobURL = window.URL.createObjectURL(blob);
+        img.src = blobURL;
+
+      },"img-src with wildcard should not match blob");
+    </script>
+</body>
+</html>