File: origin-policy-single-report.https.tentative.html

package info (click to toggle)
firefox-esr 68.10.0esr-1~deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 3,143,932 kB
  • sloc: cpp: 5,227,879; javascript: 4,315,531; ansic: 2,467,042; python: 794,975; java: 349,993; asm: 232,034; xml: 228,320; sh: 82,008; lisp: 41,202; makefile: 22,347; perl: 15,555; objc: 5,277; cs: 4,725; yacc: 1,778; ada: 1,681; pascal: 1,673; lex: 1,417; exp: 527; php: 436; ruby: 225; awk: 162; sed: 53; csh: 44
file content (30 lines) | stat: -rw-r--r-- 938 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
<!DOCTYPE HTML>
<html>
<head>
  <script src='/resources/testharness.js'></script>
  <script src='/resources/testharnessreport.js'></script>
</head>
<body>
  <iframe id=frame></iframe>
  <script>
    async_test(t => {
      let violations = [];
      window.addEventListener("message", (e) => {
        violations.push(e);
        t.step_timeout(() => {
          assert_equals(violations.length, 1);
          t.done();
        });
      });

      let forbidden_image = "<img src=https://127.0.0.1:1234/bla.jpg>";
      let event_bouncer = "<script>document.addEventListener(" +
          "'securitypolicyviolation'," +
          "(e) => window.parent.postMessage(e.blockedURI, '*'));</sc" +
          "ript>";
      document.getElementById("frame").src =
        "data:text/html;charset=utf-8," + event_bouncer + forbidden_image;
    }, "Origin-Policy-based CSP violation should trigger 1 violation event");
  </script>
</body>
</html>