| <?xml version="1.0"?> |
| <html xmlns='http://www.w3.org/1999/xhtml'> |
| <head> |
| <title>crossorigin and XHTML</title> |
| </head> |
| <body> |
| <p>In an XHTML document, test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.</p> |
| <pre></pre> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| var result = "PASS"; |
| |
| function must_not_fire() { |
| result = "FAIL"; |
| } |
| |
| function loaded() { |
| document.querySelector("pre").innerHTML = result; |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| </script> |
| <!-- This script should _not_ load, nor fire onload. --> |
| <script crossorigin="anonymous" src="http://localhost:8000/security/resources/cors-script.php?cors=false&value=FAIL" onload="must_not_fire()"></script> |
| <script><![CDATA[loaded();]]></script> |
| </body> |
| </html> |
| |