| <!DOCTYPE HTML> |
| <html> |
| <head> |
| <title>Objects loaded using src attribute of <embed> tag are blocked unless their host is listed as an allowed source in the object-src directive</title> |
| <meta name=timeout content=long> |
| <script src='/resources/testharness.js'></script> |
| <script src='/resources/testharnessreport.js'></script> |
| </head> |
| <body onLoad="object_loaded()"> |
| <h1>Objects loaded using src attribute of <embed> tag are blocked unless their host is listed as an allowed source in the object-src directive</h1> |
| <div id="log"></div> |
| |
| <script> |
| var relativeMediaURL = "/support/media/flash.swf"; |
| var pageURL = window.location.toString(); |
| var temp1 = pageURL.split("//"); |
| var temp2 = temp1[1].substring (0, temp1[1].lastIndexOf("/object-src/")); |
| var mediaURL = "http://www2." + temp2 + relativeMediaURL; |
| var htmlStr = "<embed id='flashObject' type='application/x-shockwave-flash' src='" + mediaURL + "' width='200' height='200'></object>"; |
| document.write (htmlStr); |
| </script> |
| |
| <script> |
| var len = navigator.mimeTypes.length; |
| var allTypes = ""; |
| var flashMimeType = "application/x-shockwave-flash"; |
| for ( var i=0;i<len;i++ ) { |
| allTypes+=navigator.mimeTypes[i].type; |
| } |
| |
| var hasMimeType = allTypes.indexOf(flashMimeType) != -1; |
| |
| <!-- The actual test. --> |
| var test1 = async_test("Async SWF load test") |
| |
| function object_loaded() { |
| var elem = document.getElementById("flashObject"); |
| var is_loaded = false; |
| try { |
| <!-- The Flash Player exposes values to JavaScript if a SWF has successfully been loaded. --> |
| var pct_loaded = elem.PercentLoaded(); |
| is_loaded = true; |
| } catch (e) {} |
| |
| if (hasMimeType) { |
| test1.step(function() {assert_false(is_loaded, "External object loaded.")}); |
| var s = document.createElement('script'); |
| s.async = true; |
| s.defer = true; |
| s.src = "../support/checkReport.sub.js?reportField=violated-directive&reportValue=object-src%20%27self%27" |
| document.lastChild.appendChild(s); |
| } else { |
| //test1.step(function() {}); |
| test1.set_status(test1.NOTRUN, "No Flash Player, cannot run test."); |
| test1.phase = test1.phases.HAS_RESULT; |
| } |
| test1.done(); |
| } |
| </script> |
| </body> |
| </html> |