| CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/resources/abe.png because it does not appear in the img-src directive of the Content Security Policy. |
| Check that a SecurityPolicyViolationEvent strips detail from cross-origin URLs upon blocking an image injected via script. |
| |
| On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". |
| |
| |
| Kicking off the tests: |
| PASS window.e.documentURI is "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html" |
| PASS window.e.referrer is "" |
| PASS window.e.blockedURI is "http://127.0.0.1:8000/security/resources/abe.png" |
| PASS window.e.violatedDirective is "img-src" |
| PASS window.e.effectiveDirective is "img-src" |
| PASS window.e.originalPolicy is "img-src 'none'" |
| PASS window.e.sourceFile is "http://localhost:8000/security/contentSecurityPolicy/resources/inject-image.js" |
| PASS window.e.lineNumber is 3 |
| PASS window.e.columnNumber is 2 |
| PASS window.e.statusCode is 200 |
| PASS successfullyParsed is true |
| |
| TEST COMPLETE |
| |
