| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="img-src https:; script-src 'unsafe-inline'"> |
| <script> |
| if (window.testRunner) { |
| testRunner.waitUntilDone(); |
| testRunner.dumpAsText(); |
| } |
| |
| function test1() { |
| var img = document.createElement('img'); |
| img.onload = function () { |
| alert('FAIL (1/3)'); |
| test2(); |
| }; |
| img.onerror = function () { |
| alert('PASS (1/3)'); |
| test2(); |
| }; |
| img.src = "../resources/abe.png"; |
| } |
| |
| function test2() { |
| internals.registerURLSchemeAsBypassingContentSecurityPolicy('http'); |
| var img = document.createElement('img'); |
| img.onload = function () { |
| alert('PASS (2/3)'); |
| test3(); |
| }; |
| img.onerror = function () { |
| alert('FAIL (2/3)'); |
| test3(); |
| }; |
| img.src = "../resources/abe.png"; |
| } |
| |
| function test3() { |
| internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http'); |
| var img = document.createElement('img'); |
| img.onload = function () { |
| alert('FAIL (3/3)'); |
| finishTesting(); |
| }; |
| img.onerror = function () { |
| alert('PASS (3/3)'); |
| finishTesting(); |
| }; |
| img.src = "../resources/abe.png"; |
| } |
| |
| function finishTesting() { |
| if (window.testRunner) { |
| setTimeout(function () { testRunner.notifyDone(); }, 0); |
| } |
| return true; |
| } |
| </script> |
| </head> |
| <body onload='test1();'> |
| <p> |
| This test ensures that registering a scheme as bypassing CSP actually bypasses CSP. |
| This test passes if three PASSes are generated. |
| </p> |
| </body> |
| </html> |
