blob: ef2ac6f56c69557d7439261f3ba3f27419c4b1d7 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="base-uri 'self'">
<script src="http://localhost:8000/js-test-resources/js-test.js"></script>
<script src="http://localhost:8000/security/contentSecurityPolicy/resources/securitypolicyviolation-test.js"></script>
<script>
description('Check that base URIs cannot be set if they violate the page\'s policy.');
var expectations = {
'documentURI': document.location.toString(),
'referrer': document.referrer,
'blockedURI': 'http://example.com/base',
'violatedDirective': 'base-uri',
'effectiveDirective': 'base-uri',
'originalPolicy': 'base-uri \'self\'',
'sourceFile': document.location.toString(),
'lineNumber': 24
};
function run() {
var base = document.createElement('base');
base.href = 'http://example.com/base';
document.head.appendChild(base);
shouldBe('document.baseURI', 'document.location.href');
}
</script>
</head>
<body>
</body>
</html>