File: object-src-2_1.html

package info (click to toggle)
thunderbird 1%3A60.9.0-1~deb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 2,339,424 kB
  • sloc: cpp: 5,457,040; ansic: 2,360,385; python: 596,167; asm: 340,963; java: 326,296; xml: 258,830; sh: 84,445; makefile: 23,701; perl: 17,317; objc: 3,768; yacc: 1,766; ada: 1,681; lex: 1,364; pascal: 1,264; cs: 879; exp: 527; php: 436; lisp: 258; ruby: 153; awk: 152; sed: 53; csh: 27
file content (66 lines) | stat: -rw-r--r-- 2,564 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
<!DOCTYPE HTML>
<html>

<head>
    <title>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</title>
    <meta name=timeout content=long>
    <script src='/resources/testharness.js'></script>
    <script src='/resources/testharnessreport.js'></script>
</head>

<body onLoad="object_loaded()">
    <h1>Objects loaded using data attribute of &lt;object&gt; tag are blocked unless their host is listed as an allowed source in the object-src directive</h1>
    <div id="log"></div>

    <script>
        var relativeMediaURL = "/support/media/flash.swf";
        var pageURL = window.location.toString();
        var temp1 = pageURL.split("//");
        var temp2 = temp1[1].substring(0, temp1[1].lastIndexOf("/object-src/"));
        var mediaURL = "http://www2." + temp2 + relativeMediaURL;
        var htmlStr = "<object id='flashObject' type='application/x-shockwave-flash' data='" + mediaURL + "' width='200' height='200'></object>";
        document.write(htmlStr);
    </script>

    <script>
        var len = navigator.mimeTypes.length;
        var allTypes = "";
        var flashMimeType = "application/x-shockwave-flash";
        for (var i = 0; i < len; i++) {
            allTypes += navigator.mimeTypes[i].type;
        }

        var hasMimeType = allTypes.indexOf(flashMimeType) != -1;

        <!-- The actual test. -->
        var test1 = async_test("Async SWF load test")

        function object_loaded() {
            var elem = document.getElementById("flashObject");
            var is_loaded = false;
            try {
                <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. -->
                var pct_loaded = elem.PercentLoaded();
                is_loaded = true;
            } catch (e) {}

            if (hasMimeType) {
                test1.step(function () {
                    assert_false(is_loaded, "External object loaded.")
                });
                var s = document.createElement('script');
                s.async = true;
                s.defer = true;
                s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27"
                document.lastChild.appendChild(s);
            } else {
                test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test.");
                test1.phase = test1.phases.HAS_RESULT;
            }
            test1.done();
        }
    </script>

</body>

</html>