summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html25
1 files changed, 25 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html
new file mode 100644
index 0000000000..9bffad09b3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<meta http-equiv="content-security-policy" content="img-src 'self'">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body></body>
+<script>
+ async_test(t => {
+ const i = document.createElement("img");
+
+ const target = "http://{{hosts[alt][]}}:{{ports[http][0]}}/content-security-policy/support/fail.png";
+ const url = window.origin + "/common/redirect.py?location=" + encodeURIComponent(target);
+
+ window.addEventListener('securitypolicyviolation', t.step_func_done((e) => {
+ assert_equals(e.blockedURI, url);
+ }));
+
+ i.onload = t.step_func(() => {
+ assert_unreached("Img should be blocked.");
+ });
+ i.src = url;
+
+ document.body.appendChild(i);
+ }, "The blocked URI in the security policy violation event should be the original URI before redirects.");
+</script>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 00:24:21 +0000