content/base/test/csp/file_CSP_main_spec_compliant.html@6474c204b198
content/base/test/csp/file_CSP_main_spec_compliant.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <html>
2 <head>
3 <link rel='stylesheet' type='text/css'
4 href='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=style_spec_compliant_bad&type=text/css' />
5 <link rel='stylesheet' type='text/css'
6 href='file_CSP.sjs?testid=style_spec_compliant_good&type=text/css' />
9 <style>
10 /* CSS font embedding tests */
11 @font-face {
12 font-family: "arbitrary_good";
13 src: url('file_CSP.sjs?testid=font_spec_compliant_good&type=application/octet-stream');
14 }
15 @font-face {
16 font-family: "arbitrary_bad";
17 src: url('http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=font_spec_compliant_bad&type=application/octet-stream');
18 }
20 .div_arbitrary_good { font-family: "arbitrary_good"; }
21 .div_arbitrary_bad { font-family: "arbitrary_bad"; }
22 </style>
23 </head>
24 <body>
25 <!-- these should be stopped by CSP. :) -->
26 <img src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=img_spec_compliant_bad&type=img/png"> </img>
27 <audio src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=media_spec_compliant_bad&type=audio/vorbis"></audio>
28 <script src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=script_spec_compliant_bad&type=text/javascript'></script>
29 <iframe src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=frame_spec_compliant_bad&content=FAIL'></iframe>
30 <object width="10" height="10">
31 <param name="movie" value="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_spec_compliant_bad&type=application/x-shockwave-flash">
32 <embed src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_spec_compliant_bad&type=application/x-shockwave-flash"></embed>
33 </object>
35 <!-- these should load ok. :) -->
36 <img src="file_CSP.sjs?testid=img_spec_compliant_good&type=img/png" />
37 <audio src="file_CSP.sjs?testid=media_spec_compliant_good&type=audio/vorbis"></audio>
38 <script src='file_CSP.sjs?testid=script_spec_compliant_good&type=text/javascript'></script>
39 <iframe src='file_CSP.sjs?testid=frame_spec_compliant_good&content=PASS'></iframe>
41 <object width="10" height="10">
42 <param name="movie" value="file_CSP.sjs?testid=object_spec_compliant_good&type=application/x-shockwave-flash">
43 <embed src="file_CSP.sjs?testid=object_spec_compliant_good&type=application/x-shockwave-flash"></embed>
44 </object>
46 <!-- XHR tests... they're taken care of in this script,
47 and since the URI doesn't have any 'testid' values,
48 it will just be ignored by the test framework. -->
49 <script src='file_CSP_main_spec_compliant.js'></script>
51 <!-- Support elements for the @font-face test -->
52 <div class="div_arbitrary_good">arbitrary good</div>
53 <div class="div_arbitrary_bad">arbitrary_bad</div>
54 </body>
55 </html>
