| <!DOCTYPE html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="./resources/helper.js"></script> |
| <body> |
| <script> |
| // We're injecting markup via `srcdoc` so, confusingly, we need to |
| // entity-escape the "raw" content, and double-escape the "escaped" |
| // content. |
| var rawBrace = "<"; |
| var escapedBrace = "&lt;"; |
| var rawNewline = " "; |
| var escapedNewline = "&#10;"; |
| |
| var abeSizedPng = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEwAAABnAQMAAACQMjadAAAAA1BMVEX///+nxBvIAAAAEUlEQVQ4y2MYBaNgFIwCegAABG0AAd5G4RkAAAAASUVORK5CYII="; |
| var abeSizedPngWithNewline = abeSizedPng.replace("i", "i\n"); |
| |
| var should_block = [ |
| `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?data=1${rawNewline}b">`, |
| `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?img=2${rawNewline}b${rawBrace}c">`, |
| ` |
| <img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?img=3 |
| b${rawBrace}c |
| "> |
| `, |
| `<img id="dangling" src="${abeSizedPngWithNewline}">`, |
| ]; |
| |
| should_block.forEach(markup => { |
| async_test(t => { |
| var i = createFrame(`${markup}`); |
| assert_img_not_loaded(t, i); |
| }, markup.replace(/[\n\r]/g, '')); |
| }); |
| |
| var should_load = [ |
| // Brace alone doesn't block: |
| `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?4&img=${rawBrace}b">`, |
| |
| // Entity-escaped characters don't trigger blocking: |
| `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?5&data=${escapedNewline}b">`, |
| `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?6&img=${escapedBrace}b">`, |
| `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?7&img=${escapedNewline}b${escapedBrace}c">`, |
| |
| // Leading and trailing whitespace is stripped: |
| ` |
| <img id="dangling" src=" |
| http://127.0.0.1:8000/security/resources/abe.png?8 |
| "> |
| <input type=hidden name=csrf value=sekrit> |
| `, |
| ` |
| <img id="dangling" src=" |
| http://127.0.0.1:8000/security/resources/abe.png?9&img=${escapedBrace} |
| "> |
| <input type=hidden name=csrf value=sekrit> |
| `, |
| ` |
| <img id="dangling" src=" |
| http://127.0.0.1:8000/security/resources/abe.png?10&img=${escapedNewline} |
| "> |
| <input type=hidden name=csrf value=sekrit> |
| `, |
| ]; |
| |
| should_load.forEach(markup => { |
| async_test(t => { |
| var i = createFrame(`${markup} <element attr="" another=''>`); |
| assert_img_loaded(t, i); |
| }, markup.replace(/[\n\r]/g, '')); |
| }); |
| </script> |
| |