| <!DOCTYPE HTML> |
| <!-- |
| | This test was modified to not use the HTML4 intrinsic event 'img onload='. |
| --> |
| <html> |
| <head> |
| <title>img element src attribute must match src list.</title> |
| <script src='/resources/testharness.js'></script> |
| <script src='/resources/testharnessreport.js'></script> |
| </head> |
| <body> |
| <h1>img element src attribute must match src list.</h1> |
| <p> |
| <div id='log'></div> |
| |
| <script type="text/javascript"> |
| var t1 = async_test("img-src for relative path should load."); |
| var t2 = async_test("img-src from unapproved domains should not load"); |
| var t3 = async_test("img-src from approved domains should load"); |
| </script> |
| |
| <div id='t1'></div> |
| <div id='t2'></div> |
| <div id='t3'></div> |
| |
| <script> |
| var t1img = document.createElement('img'); |
| t1img.onerror = function() {t1.step(function() { assert_unreached("The img should have loaded."); t1.done(); })} |
| t1img.onload = function() {t1.done();} |
| t1img.src = '/content-security-policy/support/pass.png'; |
| var t1div = document.getElementById('t1'); |
| t1div.appendChild(t1img); |
| |
| var t2img = document.createElement('img'); |
| t2img.onerror = function() {t2.done();} |
| t2img.onload = function() {t2.step(function() { assert_unreached("Image from unapproved domain was loaded."); t2.done(); })} |
| t2img.src = 'http://www1.web-platform.test/content-security-policy/support/fail.png'; |
| var t2div = document.getElementById('t1'); |
| t2div.appendChild(t2img); |
| |
| var t3img = document.createElement('img'); |
| t3img.onerror = function() {t3.step(function() { assert_unreached(); t3.done();})} |
| t3img.onload = function() {t3.done();} |
| t3img.src = location.protocol + '//www.' + location.hostname + ':' + location.port + |
| '/content-security-policy/support/pass.png'; |
| var t3div = document.getElementById('t3'); |
| t3div.appendChild(t3img); |
| |
| var report = document.createElement('script'); |
| report.src = '../support/checkReport.sub.js?reportField=violated-directive&reportValue=img-src%20%27self%27%20www.' + location.hostname + (location.port ? ':' + location.port : ''); |
| t3div.appendChild(report); |
| |
| </script> |
| |
| |
| </body> |
| </html> |