third_party/web_platform_tests/content-security-policy/img-src/img-src-4_1.html - cobalt - Git at Google

 <!DOCTYPE HTML>
 <!--
  | This test was modified to not use the HTML4 intrinsic event 'img onload='.
  -->
 <html>
 <head>
     <title>img element src attribute must match src list.</title>
     <script src='/resources/testharness.js'></script>
     <script src='/resources/testharnessreport.js'></script>
 </head>
 <body>
     <h1>img element src attribute must match src list.</h1>
     <p>
     <div id='log'></div>

     <script type="text/javascript">
       var t1 = async_test("img-src for relative path should load.");
       var t2 = async_test("img-src from unapproved domains should not load");
       var t3 = async_test("img-src from approved domains should load");
     </script>

     <div id='t1'></div>
     <div id='t2'></div>
     <div id='t3'></div>

     <script>
       var t1img = document.createElement('img');
       t1img.onerror = function() {t1.step(function() { assert_unreached("The img should have loaded."); t1.done(); })}
       t1img.onload = function() {t1.done();}
       t1img.src = '/content-security-policy/support/pass.png';
       var t1div = document.getElementById('t1');
       t1div.appendChild(t1img);

       var t2img = document.createElement('img');
       t2img.onerror = function() {t2.done();}
       t2img.onload = function() {t2.step(function() { assert_unreached("Image from unapproved domain was loaded."); t2.done(); })}
       t2img.src = 'http://www1.web-platform.test/content-security-policy/support/fail.png';
       var t2div = document.getElementById('t1');
       t2div.appendChild(t2img);

       var t3img = document.createElement('img');
       t3img.onerror = function() {t3.step(function() { assert_unreached(); t3.done();})}
       t3img.onload = function() {t3.done();}
       t3img.src = location.protocol + '//www.' + location.hostname + ':' + location.port +
            '/content-security-policy/support/pass.png';
       var t3div = document.getElementById('t3');
       t3div.appendChild(t3img);

       var report = document.createElement('script');
       report.src = '../support/checkReport.sub.js?reportField=violated-directive&reportValue=img-src%20%27self%27%20www.' + location.hostname + (location.port ? ':' + location.port : '');
       t3div.appendChild(report);

     </script>


 </body>
 </html>
	<!DOCTYPE HTML>
	<!--
	\| This test was modified to not use the HTML4 intrinsic event 'img onload='.
	-->
	<html>
	<head>
	<title>img element src attribute must match src list.</title>
	<script src='/resources/testharness.js'></script>
	<script src='/resources/testharnessreport.js'></script>
	</head>
	<body>
	<h1>img element src attribute must match src list.</h1>
	<p>
	<div id='log'></div>

	<script type="text/javascript">
	var t1 = async_test("img-src for relative path should load.");
	var t2 = async_test("img-src from unapproved domains should not load");
	var t3 = async_test("img-src from approved domains should load");
	</script>

	<div id='t1'></div>
	<div id='t2'></div>
	<div id='t3'></div>

	<script>
	var t1img = document.createElement('img');
	t1img.onerror = function() {t1.step(function() { assert_unreached("The img should have loaded."); t1.done(); })}
	t1img.onload = function() {t1.done();}
	t1img.src = '/content-security-policy/support/pass.png';
	var t1div = document.getElementById('t1');
	t1div.appendChild(t1img);

	var t2img = document.createElement('img');
	t2img.onerror = function() {t2.done();}
	t2img.onload = function() {t2.step(function() { assert_unreached("Image from unapproved domain was loaded."); t2.done(); })}
	t2img.src = 'http://www1.web-platform.test/content-security-policy/support/fail.png';
	var t2div = document.getElementById('t1');
	t2div.appendChild(t2img);

	var t3img = document.createElement('img');
	t3img.onerror = function() {t3.step(function() { assert_unreached(); t3.done();})}
	t3img.onload = function() {t3.done();}
	t3img.src = location.protocol + '//www.' + location.hostname + ':' + location.port +
	'/content-security-policy/support/pass.png';
	var t3div = document.getElementById('t3');
	t3div.appendChild(t3img);

	var report = document.createElement('script');
	report.src = '../support/checkReport.sub.js?reportField=violated-directive&reportValue=img-src%20%27self%27%20www.' + location.hostname + (location.port ? ':' + location.port : '');
	t3div.appendChild(report);

	</script>


	</body>
	</html>