LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
    <script src="/js-test-resources/js-test-pre.js"></script>
    <script src="../resources/securitypolicyviolation-test.js"></script>
    <script>
        description('Check that a SecurityPolicyViolationEvent is fired upon blocking an image injected via script.');

        var expectations = {
            'documentURI': document.location.toString(),
            'referrer': document.referrer,
            'blockedURI': 'http://127.0.0.1:8000/security/resources/abe.png',
            'violatedDirective': 'img-src',
            'effectiveDirective': 'img-src',
            'originalPolicy': 'img-src \'none\'',
            'sourceFile': 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js',
            'lineNumber': 3,
            'columnNumber': 2,
            'statusCode': 200,
        };

        function run() {
            var script = document.createElement('script');
            script.src = '../resources/inject-image.js';
            document.body.appendChild(script);
        }
    </script>
    <script src="/js-test-resources/js-test-post.js"></script>
</head>
<body>
</body>
</html>