File: script-js-mislabeled-as-html.sub.html

package info (click to toggle)
firefox-esr 78.15.0esr-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,301,156 kB
  • sloc: cpp: 5,665,905; javascript: 4,798,386; ansic: 2,878,233; python: 977,004; asm: 270,347; xml: 181,456; java: 111,756; sh: 72,926; makefile: 21,819; perl: 13,380; cs: 4,725; yacc: 4,565; objc: 3,026; pascal: 1,787; lex: 1,720; ada: 1,681; exp: 505; php: 436; lisp: 260; awk: 152; ruby: 103; csh: 80; sed: 53; sql: 45
file content (25 lines) | stat: -rw-r--r-- 806 bytes parent folder | download | duplicates (30) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
<!DOCTYPE html>
<!-- Test verifies that script mislabeled as html will execute with and without
  CORB (CORB should allow the script after sniffing).
-->
<meta charset="utf-8">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<div id=log></div>

<script>
setup({ single_test: true });
window.has_executed_script = false;
</script>

<!-- www1 is cross-origin, so the HTTP response is CORB-eligible -->
<script src="http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/js-mislabeled-as-html.js">
</script>

<script>
// Verify what observable effects the <script> tag above had.
// Assertion should hold with and without CORB:
assert_true(window.has_executed_script,
            'The cross-origin script should execute');
done();
</script>