LayoutTests/security/contentSecurityPolicy/image-with-blob-url-blocked-by-img-src-star.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <meta http-equiv="Content-Security-Policy" content="img-src *">
 </head>
 <script>
 if (window.testRunner)
     testRunner.waitUntilDone();

 var fileInput;

 function testFinished()
 {
     if (window.testRunner)
         testRunner.notifyDone();
 }

 function loadImage(event)
 {
     var image = document.createElement("img");
     image.height = "128";
     image.width = "128";
     image.alt = "PASS";
     image.onload = testFinished;
     image.onerror = testFinished;
     image.src = window.URL.createObjectURL(event.target.files[0]);

     document.body.removeChild(fileInput);
     document.body.appendChild(image);
 }

 function runTest()
 {
     if (!window.eventSender)
         return;

     var x = fileInput.offsetLeft + fileInput.offsetWidth / 2;
     var y = fileInput.offsetTop + fileInput.offsetHeight / 2;

     eventSender.beginDragWithFiles(["../../fast/dom/resources/abe.png"]);
     eventSender.mouseMoveTo(x, y);
     eventSender.mouseUp();
 }

 window.onload = function ()
 {
     fileInput = document.getElementById("file");
     fileInput.onchange = loadImage;
     runTest();
 }
 </script>
 <body>
 <p>This tests that loading image with a blob URL is blocked when the page has Content Security Policy &quot;image-src *&quot;. To run this test by hand, select an image file. This test PASSED if you see the word PASS below. Otherwise, it FAILED.</p>
 <input type="file" id="file" accept="image/*">
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="img-src *">
	</head>
	<script>
	if (window.testRunner)
	testRunner.waitUntilDone();

	var fileInput;

	function testFinished()
	{
	if (window.testRunner)
	testRunner.notifyDone();
	}

	function loadImage(event)
	{
	var image = document.createElement("img");
	image.height = "128";
	image.width = "128";
	image.alt = "PASS";
	image.onload = testFinished;
	image.onerror = testFinished;
	image.src = window.URL.createObjectURL(event.target.files[0]);

	document.body.removeChild(fileInput);
	document.body.appendChild(image);
	}

	function runTest()
	{
	if (!window.eventSender)
	return;

	var x = fileInput.offsetLeft + fileInput.offsetWidth / 2;
	var y = fileInput.offsetTop + fileInput.offsetHeight / 2;

	eventSender.beginDragWithFiles(["../../fast/dom/resources/abe.png"]);
	eventSender.mouseMoveTo(x, y);
	eventSender.mouseUp();
	}

	window.onload = function ()
	{
	fileInput = document.getElementById("file");
	fileInput.onchange = loadImage;
	runTest();
	}
	</script>
	<body>
	<p>This tests that loading image with a blob URL is blocked when the page has Content Security Policy "image-src *". To run this test by hand, select an image file. This test PASSED if you see the word PASS below. Otherwise, it FAILED.</p>
	<input type="file" id="file" accept="image/*">
	</body>
	</html>