third_party/WebKit/LayoutTests/external/wpt/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html - chromium/src - Git at Google

 <!DOCTYPE html>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/content-security-policy/support/testharness-helper.js"></script>
 <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
 <body>
 <script>
   async_test(t => {
     waitUntilEvent(window, "securitypolicyviolation")
       .then(t.step_func_done(e => {
         assert_equals(e.documentURI, document.location.toString());
         assert_equals(e.referrer, document.referrer);
         assert_equals(e.blockedURI, "http://{{domains[www]}}:{{ports[http][0]}}/content-security-policy/support/fail.png");
         assert_equals(e.violatedDirective, "img-src");
         assert_equals(e.effectiveDirective, "img-src");
         assert_equals(e.originalPolicy, "img-src \'none\'");
         assert_equals(e.disposition, "enforce");
         assert_equals(e.sourceFile, "");
         assert_equals(e.lineNumber, 0);
         assert_equals(e.columnNumber, 0);
         assert_equals(e.statusCode, 200);
       }));

     var s = document.createElement("script");
     s.src = "{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/support/inject-image.sub.js";
     document.body.appendChild(s);
   }, "Non-redirected cross-origin URLs are not stripped.");
 </script>
	<!DOCTYPE html>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/content-security-policy/support/testharness-helper.js"></script>
	<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
	<body>
	<script>
	async_test(t => {
	waitUntilEvent(window, "securitypolicyviolation")
	.then(t.step_func_done(e => {
	assert_equals(e.documentURI, document.location.toString());
	assert_equals(e.referrer, document.referrer);
	assert_equals(e.blockedURI, "http://{{domains[www]}}:{{ports[http][0]}}/content-security-policy/support/fail.png");
	assert_equals(e.violatedDirective, "img-src");
	assert_equals(e.effectiveDirective, "img-src");
	assert_equals(e.originalPolicy, "img-src \'none\'");
	assert_equals(e.disposition, "enforce");
	assert_equals(e.sourceFile, "");
	assert_equals(e.lineNumber, 0);
	assert_equals(e.columnNumber, 0);
	assert_equals(e.statusCode, 200);
	}));

	var s = document.createElement("script");
	s.src = "{{location[scheme]}}://{{domains[www2]}}:{{location[port]}}/content-security-policy/support/inject-image.sub.js";
	document.body.appendChild(s);
	}, "Non-redirected cross-origin URLs are not stripped.");
	</script>