blob: a3b6bbeeb8f1de0b1872330cb0268cb0f6e8d029 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src='resources/multiple-iframe-test.js'></script>
<script>
var security = '%73%65%63%75%72%69%74%79';
var resources = '%72%65%73%6f%75%72%63%65%73';
var tests = [
['no', 'script-src 127.0.0.1:*/sec', 'resources/script.js'],
['no', 'script-src 127.0.0.1:*/sec/', 'resources/script.js'],
['no', 'script-src 127.0.0.1:8000/not-security', 'resources/script.js'],
['no', 'script-src 127.0.0.1:8000/security%3bnot-contentSecurityPolicy', 'resources/script.js'],
['no', 'script-src 127.0.0.1:8000/security/contentSecurityPolicy/resources/', 'http://127.0.0.1:8000/security/contentSecurityPolicy/RESOURCES/script.js'],
['yes', 'script-src 127.0.0.1:*/' + security + '/', 'resources/script.js'],
['yes', 'script-src 127.0.0.1:*/security/', resources + '/script.js'],
['yes', 'script-src 127.0.0.1:*/' + security + '/', resources + '/script.js'],
];
</script>
</head>
<body onload="test()">
<p>
Resources should be rejected unless they match a whitelisted path.
</p>