File: script-js-mislabeled-as-html.sub.html

package info (click to toggle)
thunderbird 1%3A91.13.0-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,953,400 kB
  • sloc: cpp: 6,084,049; javascript: 4,790,441; ansic: 3,341,496; python: 862,958; asm: 366,542; xml: 204,277; java: 152,477; sh: 111,436; makefile: 21,388; perl: 15,312; yacc: 4,583; objc: 3,026; lex: 1,720; exp: 762; pascal: 635; awk: 564; sql: 453; php: 436; lisp: 432; ruby: 99; sed: 69; csh: 45
file content (25 lines) | stat: -rw-r--r-- 806 bytes parent folder | download | duplicates (27) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
<!DOCTYPE html>
<!-- Test verifies that script mislabeled as html will execute with and without
  CORB (CORB should allow the script after sniffing).
-->
<meta charset="utf-8">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<div id=log></div>

<script>
setup({ single_test: true });
window.has_executed_script = false;
</script>

<!-- www1 is cross-origin, so the HTTP response is CORB-eligible -->
<script src="http://{{domains[www1]}}:{{ports[http][0]}}/fetch/corb/resources/js-mislabeled-as-html.js">
</script>

<script>
// Verify what observable effects the <script> tag above had.
// Assertion should hold with and without CORB:
assert_true(window.has_executed_script,
            'The cross-origin script should execute');
done();
</script>