| Andrew Top | 61a8495 | 2019-04-30 15:07:33 -0700 | [diff] [blame] | 1 | <!DOCTYPE html> |
| 2 | <html> |
| 3 | |
| 4 | <head> |
| 5 | <meta id="meta_csp" http-equiv="Content-Security-Policy" content="img-src 'none'"> |
| 6 | <title>meta-modified</title> |
| 7 | <script src="/resources/testharness.js"></script> |
| 8 | <script src="/resources/testharnessreport.js"></script> |
| 9 | <script src='../support/logTest.sub.js?logs=["PASS", "PASS","TEST COMPLETE"]'></script> |
| 10 | </head> |
| 11 | |
| 12 | <body> |
| 13 | <p>Test passes if the image is blocked both before and after policy modification.</p> |
| 14 | |
| 15 | <script> |
| 16 | function testImgSrc() { |
| 17 | var img = document.createElement('img'); |
| 18 | img.src = '../support/fail.png'; |
| 19 | img.onerror = function() { |
| 20 | log("PASS"); |
| 21 | }; |
| 22 | img.onload = function() { |
| 23 | log("FAIL"); |
| 24 | }; |
| 25 | document.body.appendChild(img); |
| 26 | } |
| 27 | testImgSrc(); |
| 28 | document.getElementById("meta_csp").setAttribute("content", "img-src *"); |
| 29 | testImgSrc(); |
| 30 | log("TEST COMPLETE"); |
| 31 | </script> |
| 32 | <div id="log"></div> |
| 33 | </body> |
| 34 | |
| 35 | </html> |
