| #!/usr/bin/env python3 |
| |
| import sys |
| |
| sys.stdout.write( |
| 'Content-Type: text/javascript; charset=UTF-8\r\n\r\n' |
| 'importScripts("/js-test-resources/js-test.js");\n' |
| '\n' |
| '// This is not a comprehensive list.\n' |
| 'var bannedMIMETypes = [\n' |
| ' "audio/mp4",\n' |
| ' "audio/mpeg",\n' |
| ' "audio/ogg",\n' |
| ' "audio/wav",\n' |
| ' "audio/x-aiff",\n' |
| ' "image/gif",\n' |
| ' "image/png",\n' |
| ' "text/csv",\n' |
| ' "video/mpeg",\n' |
| ' "video/ogg",\n' |
| ' "video/quicktime",\n' |
| '];\n' |
| '\n' |
| 'self.scriptsSuccessfullyLoaded = 0;\n' |
| '\n' |
| 'description("Test that an external JavaScript script is blocked if has a banned MIME type.");\n' |
| '\n' |
| 'for (let mimeType of bannedMIMETypes) {\n' |
| ' try {\n' |
| ' importScripts(`../../security/contentTypeOptions/resources/script-with-header.pl?mime=${mimeType}&no-content-type-options=1`);\n' |
| ' } catch (e) { }\n' |
| '}\n' |
| '\n' |
| 'try {\n' |
| ' // For some reason this causes "SyntaxError: Invalid character \'\ufffd\'" when non-script MIME types are allowed to be executed.\n' |
| ' importScripts("../../security/resources/abe-that-increments-scriptsSuccessfullyLoaded.jpg");\n' |
| '} catch (e) { }\n' |
| '\n' |
| 'shouldBeZero("self.scriptsSuccessfullyLoaded");\n' |
| 'finishJSTest();\n' |
| ) |