1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/file_CSP_main_spec_compliant.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,55 @@
1.4 +<html>
1.5 + <head>
1.6 + <link rel='stylesheet' type='text/css'
1.7 + href='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=style_spec_compliant_bad&type=text/css' />
1.8 + <link rel='stylesheet' type='text/css'
1.9 + href='file_CSP.sjs?testid=style_spec_compliant_good&type=text/css' />
1.10 +
1.11 +
1.12 + <style>
1.13 + /* CSS font embedding tests */
1.14 + @font-face {
1.15 + font-family: "arbitrary_good";
1.16 + src: url('file_CSP.sjs?testid=font_spec_compliant_good&type=application/octet-stream');
1.17 + }
1.18 + @font-face {
1.19 + font-family: "arbitrary_bad";
1.20 + src: url('http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=font_spec_compliant_bad&type=application/octet-stream');
1.21 + }
1.22 +
1.23 + .div_arbitrary_good { font-family: "arbitrary_good"; }
1.24 + .div_arbitrary_bad { font-family: "arbitrary_bad"; }
1.25 + </style>
1.26 + </head>
1.27 + <body>
1.28 + <!-- these should be stopped by CSP. :) -->
1.29 + <img src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=img_spec_compliant_bad&type=img/png"> </img>
1.30 + <audio src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=media_spec_compliant_bad&type=audio/vorbis"></audio>
1.31 + <script src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=script_spec_compliant_bad&type=text/javascript'></script>
1.32 + <iframe src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=frame_spec_compliant_bad&content=FAIL'></iframe>
1.33 + <object width="10" height="10">
1.34 + <param name="movie" value="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_spec_compliant_bad&type=application/x-shockwave-flash">
1.35 + <embed src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_spec_compliant_bad&type=application/x-shockwave-flash"></embed>
1.36 + </object>
1.37 +
1.38 + <!-- these should load ok. :) -->
1.39 + <img src="file_CSP.sjs?testid=img_spec_compliant_good&type=img/png" />
1.40 + <audio src="file_CSP.sjs?testid=media_spec_compliant_good&type=audio/vorbis"></audio>
1.41 + <script src='file_CSP.sjs?testid=script_spec_compliant_good&type=text/javascript'></script>
1.42 + <iframe src='file_CSP.sjs?testid=frame_spec_compliant_good&content=PASS'></iframe>
1.43 +
1.44 + <object width="10" height="10">
1.45 + <param name="movie" value="file_CSP.sjs?testid=object_spec_compliant_good&type=application/x-shockwave-flash">
1.46 + <embed src="file_CSP.sjs?testid=object_spec_compliant_good&type=application/x-shockwave-flash"></embed>
1.47 + </object>
1.48 +
1.49 + <!-- XHR tests... they're taken care of in this script,
1.50 + and since the URI doesn't have any 'testid' values,
1.51 + it will just be ignored by the test framework. -->
1.52 + <script src='file_CSP_main_spec_compliant.js'></script>
1.53 +
1.54 + <!-- Support elements for the @font-face test -->
1.55 + <div class="div_arbitrary_good">arbitrary good</div>
1.56 + <div class="div_arbitrary_bad">arbitrary_bad</div>
1.57 + </body>
1.58 +</html>
