File: wildcard-host-part.sub.window.js

package info (click to toggle)
firefox 143.0.3-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,617,328 kB
  • sloc: cpp: 7,478,492; javascript: 6,417,157; ansic: 3,720,058; python: 1,396,372; xml: 627,523; asm: 438,677; java: 186,156; sh: 63,477; makefile: 19,171; objc: 13,059; perl: 12,983; yacc: 4,583; cs: 3,846; pascal: 3,405; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (27 lines) | stat: -rw-r--r-- 1,183 bytes parent folder | download | duplicates (14) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
setup(_ => {
  const meta = document.createElement("meta");
  meta.httpEquiv = "content-security-policy";
  meta.content = "img-src http://*:{{ports[http][0]}}";
  document.head.appendChild(meta);
});

async_test((t) => {
  const img = document.createElement("img");
  img.onerror = t.step_func_done();
  img.onload = t.unreached_func("`data:` image should have been blocked.");
  img.src = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="
}, "Host wildcard doesn't affect scheme matching.");

async_test((t) => {
  const img = document.createElement("img");
  img.onload = t.step_func_done();
  img.onerror = t.unreached_func("Image from www2 host should have loaded.");
  img.src = "http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/support/pass.png";
}, "Host wildcard allows arbitrary hosts (www1).");

async_test((t) => {
  const img = document.createElement("img");
  img.onload = t.step_func_done();
  img.onerror = t.unreached_func("Image from www2 host should have loaded.");
  img.src = "http://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/pass.png";
}, "Host wildcard allows arbitrary hosts (www2).");