LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <meta http-equiv="Content-Security-Policy" content="img-src https:; script-src 'unsafe-inline'">
 <script>
     if (window.testRunner) {
         testRunner.waitUntilDone();
         testRunner.dumpAsText();
     }

     function test1() {
         var img = document.createElement('img');
         img.onload = function () {
             alert('FAIL (1/3)');
             test2();
         };
         img.onerror = function () {
             alert('PASS (1/3)');
             test2();
         };
         img.src = "../resources/abe.png";
     }

     function test2() {
         internals.registerURLSchemeAsBypassingContentSecurityPolicy('http');
         var img = document.createElement('img');
         img.onload = function () {
             alert('PASS (2/3)');
             test3();
         };
         img.onerror = function () {
             alert('FAIL (2/3)');
             test3();
         };
         img.src = "../resources/abe.png";
     }

     function test3() {
         internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
         var img = document.createElement('img');
         img.onload = function () {
             alert('FAIL (3/3)');
             finishTesting();
         };
         img.onerror = function () {
             alert('PASS (3/3)');
             finishTesting();
         };
         img.src = "../resources/abe.png";
     }

     function finishTesting() {
         if (window.testRunner) {
             setTimeout(function () { testRunner.notifyDone(); }, 0);
         }
         return true;
     }
 </script>
 </head>
 <body onload='test1();'>
     <p>
         This test ensures that registering a scheme as bypassing CSP actually bypasses CSP.
         This test passes if three PASSes are generated.
     </p>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="img-src https:; script-src 'unsafe-inline'">
	<script>
	if (window.testRunner) {
	testRunner.waitUntilDone();
	testRunner.dumpAsText();
	}

	function test1() {
	var img = document.createElement('img');
	img.onload = function () {
	alert('FAIL (1/3)');
	test2();
	};
	img.onerror = function () {
	alert('PASS (1/3)');
	test2();
	};
	img.src = "../resources/abe.png";
	}

	function test2() {
	internals.registerURLSchemeAsBypassingContentSecurityPolicy('http');
	var img = document.createElement('img');
	img.onload = function () {
	alert('PASS (2/3)');
	test3();
	};
	img.onerror = function () {
	alert('FAIL (2/3)');
	test3();
	};
	img.src = "../resources/abe.png";
	}

	function test3() {
	internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http');
	var img = document.createElement('img');
	img.onload = function () {
	alert('FAIL (3/3)');
	finishTesting();
	};
	img.onerror = function () {
	alert('PASS (3/3)');
	finishTesting();
	};
	img.src = "../resources/abe.png";
	}

	function finishTesting() {
	if (window.testRunner) {
	setTimeout(function () { testRunner.notifyDone(); }, 0);
	}
	return true;
	}
	</script>
	</head>
	<body onload='test1();'>
	<p>
	This test ensures that registering a scheme as bypassing CSP actually bypasses CSP.
	This test passes if three PASSes are generated.
	</p>
	</body>
	</html>