blob: c1e6ddd659d97c72007a5f7b19c666cbce990add [file] [log] [blame]
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="worker-src blob:; script-src 'unsafe-inline'">
if (window.testRunner) {
<p>This tests that the Content Security Policy of the parent origin (this page) blocks a Web Worker from importing a script from a different origin, not listed in script-src, through a redirect.</p>
<pre id="result"></pre>
function reportResultAndNotifyDone(message)
document.getElementById("result").textContent = message;
if (window.testRunner)
var script = [
'var exception;',
'try {',
' importScripts("");',
'} catch (e) {',
' exception = e;',
'var expectedExceptionCode = 19; // DOMException.NETWORK_ERR',
'if (!exception)',
' self.postMessage("FAIL should throw " + expectedExceptionCode + ". But did not throw an exception.");',
'else {',
' if (exception.code == expectedExceptionCode)',
' self.postMessage("PASS threw exception " + exception + ".");',
' else',
' self.postMessage("FAIL should throw " + expectedExceptionCode + ". Threw exception " + exception + ".");',
var worker;
try {
worker = new Worker(window.URL.createObjectURL(new Blob([script])));
worker.onmessage = function (event) { reportResultAndNotifyDone(; };
} catch (exception) {
reportResultAndNotifyDone("FAIL should not have thrown an exception when creating worker. Threw exception " + exception + ".");