third_party/WebKit/LayoutTests/http/tests/htmlimports/csp-block-import-non-self.html

   1 <!DOCTYPE html>
   2 <html>
   3 <head>
   4 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
   5 <link id="selfImport"    rel="import" href="resources/hello.html">
   6 <link id="nonSelfImport" rel="import" href="http://localhost:8080/htmlimports/resources/cors-basic.cgi">
   7 </head>
   8 <body>
   9 <pre id="result"></pre>
  10 <script>
  11 if (window.testRunner)
  12     testRunner.dumpAsText();
  13
  14 if (window.selfImport.import != null)
  15     result.innerHTML += "PASS\n";
  16 else
  17     result.innerHTML += "FAIL: The import should be allowed.\n";
  18
  19 if (window.nonSelfImport.import == null)
  20     result.innerHTML += "PASS\n";
  21 else
  22     result.innerHTML += "FAIL: The import should be blocked.\n";
  23 </script>
  24 </body>
  25 </html>