| echo-allow-csp-from.py |
<!DOCTYPE html>
<html>
<head>
<title>This page enforces embedder's policies</title>
<script nonce="123">
document.addEventListener("securitypolicyviolation", function(e) {
var response = {};
response["id"] = "%s";
response["securitypolicyviolation"] = true;
response["blockedURI"] = e.blockedURI;
response["lineNumber"] = e.lineNumber;
window.top.postMessage(response, '*');
});
</script>
</head>
<body>
<script nonce="123">
let img = document.createElement('img');
img.src = "../../support/pass.png";
img.onload = function() { window.top.postMessage("img loaded", '*'); }
document.body.appendChild(img);
</script>
<style>
body {
background-color: maroon;
}
</style>
<script nonce="123">
var response = {};
response["id"] = "%s";
response["loaded"] = true;
window.top.postMessage(response, '*');
</script>
<script>
// Inline script which might be blocked by CSP.
navigator.userAgent;
</script>
</body>
</html>
|
1439 |
| echo-policy-multiple.py |
<!DOCTYPE html>
<html>
<head>
<title>This page sets given CSP upon itself.</title>
</head>
<body>
<script nonce="abc">
var response = {};
response["id"] = "%s";
response["loaded"] = true;
window.top.postMessage(response, '*');
</script>
</body>
</html>
|
782 |
| echo-required-csp.py |
<script>
var i2 = document.createElement('iframe');
i2.src = 'echo-required-csp.py';
i2.csp = "{0}";
document.body.appendChild(i2);
</script> |
1546 |
| embed-img-and-message-top.html |
|
400 |
|
|
18 |
| executor.html |
|
67 |
| testharness-helper.sub.js |
|
5546 |