Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-09-13 00:18:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 614fd870e47c9f4e76291e5af4e32b676c0acac0

Browse source
This commit is contained in:
WPT Sync Bot 2018-12-04 20:30:20 -05:00
parent 063bd7ac19
commit b49ffaa0f7
137 changed files with 4756 additions and 721 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tests/wpt/web-platform-tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html Normal file
View file

@ -0,0 +1,17 @@
<!DOCTYPE html>
<html>
<head>
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
</head>
<!-- This tests that navigating a main window to a local scheme preserves the current CSP.
We need to test this in a main window with no parent/opener so we use
a link with target=_blank and rel=noopener. -->
<body>
<iframe src="support/navigate-self-to-blob.html?csp=script-src%20%27nonce-abc%27&report_id={{$id:uuid()}}"></iframe>
<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27&reportID={{$id}}'></script>
</body>
</html>

0
tests/wpt/web-platform-tests/content-security-policy/inheritance/blob-url-self-navigate-inherits.sub.html → tests/wpt/web-platform-tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html
View file

102
tests/wpt/web-platform-tests/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html Normal file
View file

@ -0,0 +1,102 @@
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta http-equiv="Content-Security-Policy" content="img-src 'self'">
<body>
<script>
function wait_for_error_from_frame(frame, test) {
window.addEventListener('message', test.step_func(e => {
if (e.source != frame.contentWindow)
return;
assert_equals(e.data, "load");
frame.remove();
test.done();
}));
}
async_test(t => {
var i = document.createElement('iframe');
document.body.appendChild(i);
var img = document.createElement('img');
img.onload = t.step_func_done(_ => i.remove());
img.onerror = t.unreached_func();
i.contentDocument.body.appendChild(img);
img.src = "{{location[server]}}/images/red-16x16.png";
}, "<iframe>'s about:blank inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
i.srcdoc = `
<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>
`;
wait_for_error_from_frame(i, t);
document.body.appendChild(i);
}, "<iframe srcdoc>'s inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
var b = new Blob(
[`
<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>
`], {type:"text/html"});
i.src = URL.createObjectURL(b);
wait_for_error_from_frame(i, t);
document.body.appendChild(i);
}, "<iframe src='blob:...'>'s inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
i.src = `data:text/html,<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>`;
wait_for_error_from_frame(i, t);
document.body.appendChild(i);
}, "<iframe src='data:...'>'s inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
i.src = `javascript:"<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage(\\"load\\", \\"*\\");'
onerror='window.top.postMessage(\\"error\\", \\"*\\");'
>"`;
wait_for_error_from_frame(i, t);
document.body.appendChild(i);
}, "<iframe src='javascript:...'>'s inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
var b = new Blob(
[`
<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>
`], {type:"text/html"});
i.src = URL.createObjectURL(b);
i.sandbox = 'allow-scripts';
wait_for_error_from_frame(i, t);
document.body.appendChild(i);
}, "<iframe sandbox src='blob:...'>'s inherits policy. (opaque origin sandbox)");
</script>

28
tests/wpt/web-platform-tests/content-security-policy/inheritance/iframe.html → tests/wpt/web-platform-tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
View file

@ -25,13 +25,13 @@
img.onerror = t.step_func_done(_ => i.remove());
img.onload = t.unreached_func();
i.contentDocument.body.appendChild(img);
img.src = "/images/red-16x16.png";
img.src = "{{location[server]}}/images/red-16x16.png";
}, "<iframe>'s about:blank inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
i.srcdoc = `
<img src='/images/red-16x16.png'
<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>
@ -46,7 +46,7 @@
var i = document.createElement('iframe');
var b = new Blob(
[`
<img src='${window.origin}/images/red-16x16.png'
<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>
@ -60,7 +60,7 @@
async_test(t => {
var i = document.createElement('iframe');
i.src = `data:text/html,<img src='${window.origin}/images/red-16x16.png'
i.src = `data:text/html,<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>`;
@ -72,7 +72,7 @@
async_test(t => {
var i = document.createElement('iframe');
i.src = `javascript:"<img src='${window.origin}/images/red-16x16.png'
i.src = `javascript:"<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage(\\"load\\", \\"*\\");'
onerror='window.top.postMessage(\\"error\\", \\"*\\");'
>"`;
@ -81,4 +81,22 @@
document.body.appendChild(i);
}, "<iframe src='javascript:...'>'s inherits policy.");
async_test(t => {
var i = document.createElement('iframe');
var b = new Blob(
[`
<img src='{{location[server]}}/images/red-16x16.png'
onload='window.top.postMessage("load", "*");'
onerror='window.top.postMessage("error", "*");'
>
`], {type:"text/html"});
i.src = URL.createObjectURL(b);
i.sandbox = 'allow-scripts';
wait_for_error_from_frame(i, t);
document.body.appendChild(i);
}, "<iframe sandbox src='blob:...'>'s inherits policy. (opaque origin sandbox)");
</script>

23
tests/wpt/web-platform-tests/content-security-policy/inheritance/sandboxed-blob-scheme.html Normal file
View file

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
</head>
<body>
<script nonce='abc'>
var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
var blob = new Blob([blob_string], {type : 'text/html'});
var url = URL.createObjectURL(blob);
var i = document.createElement('iframe');
i.src = url;
i.sandbox = "allow-scripts";
document.body.appendChild(i);
</script>
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers Normal file
View file

@ -0,0 +1,5 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: sandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}

21
tests/wpt/web-platform-tests/content-security-policy/inheritance/sandboxed-data-scheme.html Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html>
<head>
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
</head>
<body>
<script nonce='abc'>
var url = "data:text/html,<script>alert(document.domain)<\/scr"+"ipt>";
var i = document.createElement('iframe');
i.src = url;
i.sandbox = "allow-scripts";
document.body.appendChild(i);
</script>
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers Normal file
View file

@ -0,0 +1,5 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: sandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}

22
tests/wpt/web-platform-tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
</head>
<body>
<script nonce='abc'>
var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
var blob = new Blob([blob_string], {type : 'text/html'});
var url = URL.createObjectURL(blob);
var i = document.createElement('iframe');
i.src = url;
document.body.appendChild(i);
</script>
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers Normal file
View file

@ -0,0 +1,5 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: unsandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}

20
tests/wpt/web-platform-tests/content-security-policy/inheritance/unsandboxed-data-scheme.html Normal file
View file

@ -0,0 +1,20 @@
<!DOCTYPE html>
<html>
<head>
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
</head>
<body>
<script nonce='abc'>
var url = "data:text/html,<script>alert(document.domain)<\/scri"+"pt>";
var i = document.createElement('iframe');
i.src = url;
document.body.appendChild(i);
</script>
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
</body>
</html>

5
tests/wpt/web-platform-tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers Normal file
View file

@ -0,0 +1,5 @@
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: unsandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}

22
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-empty.sub.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="plugin-types ;">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test('Should not load the object because plugin-types allows no plugins');
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "plugin-types");
assert_equals(e.blockedURI, "");
}));
</script>
<object type="application/x-shockwave-flash" data="/content-security-policy/support/media/flash.swf"></object>
</body>
</html>

22
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-mismatched-data.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="plugin-types application/pdf;">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test('Should not load the object because its declared type does not match its actual type');
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "plugin-types");
assert_equals(e.blockedURI, "");
}));
</script>
<object type="application/pdf" data="data:application/x-shockwave-flash,asdf"></object>
</body>
</html>

29
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-mismatched-data.sub.html
View file

@ -1,29 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>plugintypes-mismatched-data</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["After object"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
This tests that plugin content that doesn&apos;t match the declared type doesn&apos;t load, even if the document&apos;s CSP would allow it. This test passes if &quot;FAIL!&quot; isn&apos;t logged.
<object type="application/x-invalid-type" data="data:application/x-webkit-test-netscape,logifloaded" log="FAIL!"></object>
<script>
log("After object");
</script>
<div id="log"></div>
</body>
</html>

22
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-mismatched-url.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="plugin-types application/pdf;">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test('Should not load the object because its declared type does not match its actual type');
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "plugin-types");
assert_equals(e.blockedURI, "");
}));
</script>
<object type="application/pdf" data="/content-security-policy/support/media/flash.swf"></object>
</body>
</html>

29
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-mismatched-url.sub.html
View file

@ -1,29 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>plugintypes-mismatched-url</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["After object"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
This tests that plugin content that doesn&apos;t match the declared type doesn&apos;t load, even if the document&apos;s CSP would allow it. This test passes if no iframe is dumped (meaning that no PluginDocument was created).
<object type="application/x-invalid-type" data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object>
<script>
log("After object");
</script>
<div id="log"></div>
</body>
</html>

23
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-notype-data.html Normal file
View file

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="plugin-types application/pdf;">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test('Should not load the object because it does not have a declared type');
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "plugin-types");
assert_equals(e.blockedURI, "");
}));
</script>
<!-- Objects need to declare an explicit type -->
<object data="data:application/x-shockwave-flash,asdf"></object>
</body>
</html>

26
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-notype-data.sub.html
View file

@ -1,26 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>plugintypes-notype-data</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS: object tag onerror handler fired","violated-directive=plugin-types"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there&apos;s a CSP report and &quot;FAIL!&quot; isn&apos;t logged.
<object data="data:application/x-webkit-test-netscape" onload="log('FAIL');" onerror="log('PASS: object tag onerror handler fired');"></object>
<div id="log"></div>
</body>
</html>

23
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-notype-url.html Normal file
View file

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="plugin-types application/pdf;">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test('Should not load the object because it does not have a declared type');
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "plugin-types");
assert_equals(e.blockedURI, "");
}));
</script>
<!-- Objects need to declare an explicit type -->
<object data="/content-security-policy/support/media/flash.swf"></object>
</body>
</html>

26
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-notype-url.sub.html
View file

@ -1,26 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>plugintypes-notype-url</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=plugin-types"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
Given a `plugin-types` directive, plugins have to declare a type explicitly. No declared type, no load. This test passes if there&apos;s an error report is sent.
<object data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object>
<div id="log"></div>
</body>
</html>

16
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html Normal file
View file

@ -0,0 +1,16 @@
<!DOCTYPE html>
<html>
<head>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<object type="application/x-shockwave-flash"></object>
<!-- we rely on the report because we can't rely on the onload event for
"allowed" tests as it is not fired for object and embed -->
<script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
</body>
</html>

2
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html.sub.headers Normal file
View file

@ -0,0 +1,2 @@
Set-Cookie: plugintypes-nourl-allowed={{$id:uuid()}}; Path=/content-security-policy/plugin-types/
Content-Security-Policy: plugin-types application/x-shockwave-flash; report-uri ../support/report.py?op=put&reportID={{$id}}

29
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.sub.html
View file

@ -1,29 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-webkit-test-netscape; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>plugintypes-nourl-allowed</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["After object"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("Fail");
});
</script>
This test passes if there isn&apos;t a CSP violation sayingthe plugin was blocked.
<object type="application/x-webkit-test-netscape"></object>
<script>
log("After object");
</script>
<div id="log"></div>
</body>
</html>

22
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-nourl-blocked.html Normal file
View file

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="plugin-types application/pdf;">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
var t = async_test('Should not load the object because it does not match plugin-types');
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.violatedDirective, "plugin-types");
assert_equals(e.blockedURI, "");
}));
</script>
<object type="application/x-shockwave-flash"></object>
</body>
</html>

26
tests/wpt/web-platform-tests/content-security-policy/plugin-types/plugintypes-nourl-blocked.sub.html
View file

@ -1,26 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
<meta http-equiv="Content-Security-Policy" content="plugin-types text/plain; script-src 'self' 'unsafe-inline'; connect-src 'self';">
<title>plugintypes-nourl-blocked</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["violated-directive=plugin-types"]'></script>
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>
<body>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("violated-directive=" + e.violatedDirective);
});
</script>
This test passes if there is a CSP violation saying the plugin was blocked.
<object type="application/x-webkit-test-netscape"></object>
<div id="log"></div>
</body>
</html>