Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /mixed-content/blob.https.sub.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<html>
<head>
<title>Mixed-Content: blob tests</title>
<meta charset="utf-8">
<meta name="description" content="Test a request to a blob: URL is mixed content if the blob's origin is not potentially trustworthy.">
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
async function try_fetch_request(url) {
try {
const response = await fetch(url);
return response.ok;
} catch(e) {
return false;
}
}
function try_script_load(url) {
return new Promise(resolve => {
let script = document.createElement("script");
script.onload = () => resolve(true);
script.onerror = () => resolve(false);
script.src = url;
document.body.appendChild(script);
});
}
const popup_http = "http://{{domains[]}}:{{ports[http][0]}}/mixed-content/resources/blob-popup.html";
const popup_https = "https://{{domains[]}}:{{ports[https][0]}}/mixed-content/resources/blob-popup.html";
[popup_https, popup_http].forEach(popup_url => {
promise_test(t => {
return new Promise(resolve => {
window.addEventListener("message", resolve, {once: true});
window.open(popup_url);
}).then(async function(event) {
let data = event.data;
assert_equals(await try_fetch_request(data.js_blob_url),
data.potentially_trustworthy,
"Fetch request");
assert_equals(await try_script_load(data.js_blob_url),
data.potentially_trustworthy,
"Script load");
event.source.close();
});
});
});
</script>
</body>
</html>