| <!DOCTYPE html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/content-security-policy/support/testharness-helper.js"></script> |
| <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> |
| <body> |
| <script> |
| async_test(t => { |
| waitUntilEvent(window, "securitypolicyviolation") |
| .then(t.step_func_done(e => { |
| assert_equals(e.documentURI, document.location.toString()); |
| assert_equals(e.referrer, document.referrer); |
| assert_equals(e.blockedURI, "http://{{hosts[alt][]}}:{{ports[http][0]}}/content-security-policy/support/fail.png"); |
| assert_equals(e.violatedDirective, "img-src"); |
| assert_equals(e.effectiveDirective, "img-src"); |
| assert_equals(e.originalPolicy, "img-src \'none\'"); |
| assert_equals(e.disposition, "enforce"); |
| assert_equals(new URL(e.sourceFile).pathname, "/content-security-policy/support/inject-image.sub.js"); |
| assert_equals(e.lineNumber, 2); |
| assert_equals(e.columnNumber, 0); |
| assert_equals(e.statusCode, 200); |
| })); |
| |
| var s = document.createElement("script"); |
| s.src = "{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/support/inject-image.sub.js"; |
| document.body.appendChild(s); |
| }, "Non-redirected cross-origin URLs are not stripped."); |
| </script> |