Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/security-features/resources/common.sub.js"></script>
<body></body>
<script>
function waitForViolation(el, effective_directive) {
return new Promise(resolve => {
el.addEventListener('securitypolicyviolation', e => {
if (e.effectiveDirective == effective_directive)
resolve(e);
});
});
}
async_test(t => {
var url = getRequestURLs("img-tag",
"same-http-downgrade",
"no-redirect").testUrl;
var i = document.createElement('img');
var loaded = false;
var reported = false;
waitForViolation(window, "img-src")
.then(t.step_func(e => {
reported = true;
if (loaded)
t.done();
}));
i.onload = t.step_func(_ => {
loaded = true;
if (reported)
t.done();
});
i.onerror = t.unreached_func(url + " should load successfully.");
i.src = url;
document.body.appendChild(i);
}, "Upgraded image is reported");
async_test(t => {
var url = getRequestURLs("iframe-tag",
"same-http-downgrade",
"no-redirect").testUrl;
var i = document.createElement('iframe');
var loaded = false;
var reported = false;
waitForViolation(window, "frame-src")
.then(t.step_func(e => {
reported = true;
if (loaded)
t.done();
}));
window.addEventListener("message", t.step_func(e => {
if (e.source == i.contentWindow) {
i.remove();
loaded = true;
if (reported)
t.done();
}
}));
i.src = url;
document.body.appendChild(i);
}, "Upgraded iframe is reported");
async_test(t => {
// Load an HTTPS iframe, then navigate it to an HTTP URL and check that the HTTP URL is both upgraded and reported.
var url = getRequestURLs("iframe-tag",
"same-https",
"no-redirect").testUrl;
var navigate_to = getRequestURLs("iframe-tag",
"cross-http-downgrade",
"no-redirect").testUrl;
var upgraded = new URL(navigate_to);
upgraded.protocol = "https";
var i = document.createElement('iframe');
var loaded = false;
var reported = false;
window.addEventListener("message", t.step_func(e => {
if (e.source == i.contentWindow) {
if (e.data.location == url) {
waitForViolation(window, "frame-src")
.then(t.step_func(e => {
reported = true;
if (loaded)
t.done();
}));
i.contentWindow.location.href = navigate_to;
} else if (e.data.location == upgraded) {
loaded = true;
if (reported)
t.done();
}
}
}));
i.src = url;
document.body.appendChild(i);
}, "Navigated iframe is upgraded and reported");
</script>
</html>