| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> |
| <script src="/js-test-resources/js-test-pre.js"></script> |
| <script src="../resources/securitypolicyviolation-test.js"></script> |
| <script> |
| description('Check that a SecurityPolicyViolationEvent strips detail from cross-origin URLs upon blocking an image injected via script.'); |
| |
| var expectations = { |
| 'documentURI': document.location.toString(), |
| 'referrer': document.referrer, |
| 'blockedURI': 'http://127.0.0.1:8000/security/resources/abe.png', |
| 'violatedDirective': 'img-src \'none\'', |
| 'effectiveDirective': 'img-src', |
| 'originalPolicy': 'img-src \'none\'', |
| 'sourceFile': 'http://localhost:8000', |
| 'lineNumber': 3, |
| 'columnNumber': 2, |
| 'statusCode': 200, |
| }; |
| |
| function run() { |
| var script = document.createElement('script'); |
| script.src = 'http://localhost:8000/security/contentSecurityPolicy/resources/inject-image.js'; |
| document.body.appendChild(script); |
| } |
| </script> |
| <script src="/js-test-resources/js-test-post.js"></script> |
| </head> |
| <body> |
| </body> |
| </html> |