Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!DOCTYPE html>
<!-- Test verifies that script mislabeled as html won't execute with and without CORB
if the nosniff response header is present.
The expected behavior is covered by the Fetch spec at
See also the following tests:
- fetch/nosniff/importscripts.html
- fetch/nosniff/script.html
- fetch/nosniff/worker.html
-->
<meta charset="utf-8">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<div id=log></div>
<script>
setup({ single_test: true });
window.has_executed_script = false;
</script>
<!-- www1 is cross-origin, so the HTTP response is CORB-eligible -->
</script>
<script>
// Verify what observable effects the <script> tag above had.
// Assertion should hold with and without CORB:
assert_false(window.has_executed_script,
'The cross-origin script should not be executed');
done();
</script>