1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
<!DOCTYPE HTML>
<html>
<head>
<title>Bug 1388015 - Test if Firefox respect Port in Wildcard Host </title>
<meta http-equiv="Content-Security-Policy" content="img-src https://*:443">
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<img alt="Should be Blocked">
<script class="testbody" type="text/javascript">
SimpleTest.waitForExplicitFinish();
let image = document.querySelector("img");
Promise.race([
new Promise((res) => {
window.addEventListener("securitypolicyviolation", () => res(true), {once:true});
}),
new Promise((res) => {
image.addEventListener("load", () => res(false),{once:true});
})])
.then((result) => {
ok(result, " CSP did block Image with wildcard and mismatched Port");
})
.then(()=> Promise.race([
new Promise((res) => {
window.addEventListener("securitypolicyviolation", () => res(false), {once:true});
}),
new Promise((res) => {
image.addEventListener("load", () => res(true),{once:true});
requestIdleCallback(()=>{
image.src = "https://example.com:443/tests/dom/security/test/csp/file_dummy_pixel.png"
})
})]))
.then((result) => {
ok(result, " CSP did load the Image with wildcard and matching Port");
SimpleTest.finish();
})
image.src = "file_dummy_pixel.png" // mochi.test:8888
</script>
</body>
</html>
|
