| <!DOCTYPE html> |
| <meta http-equiv="Content-Security-Policy" content="img-src *.{{host}}:{{ports[http][0]}}"> |
| <html> |
| <head> |
| <title>img-src with full host and wildcard blocks correctly.</title> |
| <script src='/resources/testharness.js'></script> |
| <script src='/resources/testharnessreport.js'></script> |
| </head> |
| <body> |
| <div id='log'/> |
| |
| <script> |
| var t1 = async_test("img src does not match full host and wildcard csp directive"); |
| </script> |
| <img src='http://{{host}}:{{ports[http][0]}}/content-security-policy/support/fail.png' |
| onload='t1.step(function() { assert_unreached("Image should have loaded"); t1.done(); });' |
| onerror='t1.done();'> |
| |
| </body> |
| </html> |