third_party/blink/web_tests/http/tests/security/script-crossorigin-fails-cross-origin-2.xhtml - chromium/src - Git at Google

 <?xml version="1.0"?>
 <html xmlns='http://www.w3.org/1999/xhtml'>
 <head>
 <title>crossorigin and XHTML</title>
 </head>
 <body>
 <p>In an XHTML document, test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.</p>
 <pre></pre>
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
     testRunner.waitUntilDone();
 }

 var result = "PASS";

 function must_not_fire() {
     result = "FAIL";
 }

 function loaded() {
     document.querySelector("pre").innerHTML = result;
     if (window.testRunner)
         testRunner.notifyDone();
 }
 </script>
 <!-- This script should _not_ load, nor fire onload. -->
 <script crossorigin="anonymous"	src="http://localhost:8000/security/resources/cors-script.php?cors=false&amp;value=FAIL" onload="must_not_fire()"></script>
 <script><![CDATA[loaded();]]></script>
 </body>
 </html>
	<?xml version="1.0"?>
	<html xmlns='http://www.w3.org/1999/xhtml'>
	<head>
	<title>crossorigin and XHTML</title>
	</head>
	<body>
	<p>In an XHTML document, test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.</p>
	<pre></pre>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.waitUntilDone();
	}

	var result = "PASS";

	function must_not_fire() {
	result = "FAIL";
	}

	function loaded() {
	document.querySelector("pre").innerHTML = result;
	if (window.testRunner)
	testRunner.notifyDone();
	}
	</script>
	<!-- This script should _not_ load, nor fire onload. -->
	<script crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.php?cors=false&value=FAIL" onload="must_not_fire()"></script>
	<script><![CDATA[loaded();]]></script>
	</body>
	</html>