summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html')
-rw-r--r--testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html26
1 files changed, 26 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html
new file mode 100644
index 0000000000..ad3d9f3600
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc' blob:">
+<script nonce="abc" src="/resources/testharness.js"></script>
+<script nonce="abc" src="/resources/testharnessreport.js"></script>
+<script nonce="abc">
+ async_test(t => {
+ var watcher = new EventWatcher(t, document, 'securitypolicyviolation');
+ watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
+ assert_equals(e.blockedURI, "eval");
+ assert_equals(e.sourceFile, "blob");
+ assert_equals(e.lineNumber, 3);
+ assert_equals(e.columnNumber, 16);
+ }));
+
+ var scriptText = `
+ try {
+ eval("assert_unreached('no eval')");
+ } catch (e) {
+ assert_equals(e.name, 'EvalError');
+ }
+ `;
+ var s = document.createElement("script");
+ s.src = URL.createObjectURL(new Blob([scriptText], {type: "text/javascript"}));
+ document.head.append(s);
+ }, "Violations from data:-URL scripts have a sourceFile of 'blob'");
+</script>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:06:41 +0000