| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src='resources/multiple-iframe-test.js'></script> |
| <script> |
| var security = '%73%65%63%75%72%69%74%79'; |
| var resources = '%72%65%73%6f%75%72%63%65%73'; |
| var tests = [ |
| ['no', 'script-src 127.0.0.1:*/sec', 'resources/script.js'], |
| ['no', 'script-src 127.0.0.1:*/sec/', 'resources/script.js'], |
| ['no', 'script-src 127.0.0.1:8000/not-security', 'resources/script.js'], |
| ['no', 'script-src 127.0.0.1:8000/security%3bnot-contentSecurityPolicy', 'resources/script.js'], |
| ['no', 'script-src 127.0.0.1:8000/security/contentSecurityPolicy/resources/', 'http://127.0.0.1:8000/security/contentSecurityPolicy/RESOURCES/script.js'], |
| ['yes', 'script-src 127.0.0.1:*/' + security + '/', 'resources/script.js'], |
| ['yes', 'script-src 127.0.0.1:*/security/', resources + '/script.js'], |
| ['yes', 'script-src 127.0.0.1:*/' + security + '/', resources + '/script.js'], |
| ]; |
| </script> |
| </head> |
| <body onload="test()"> |
| <p> |
| Resources should be rejected unless they match a whitelisted path. |
| </p> |
