This test includes an assertion that the securitypolicyviolation is not fired at the window. Chromium incorrectly fires the event, but because it does so after testing is completed, the failure is not reported.
The harness should be delayed until the browser is certain not to fire the event. This could be accomplished by:
- waiting for the test to complete as written (that is: until the image under test has produced a
load or error event)
- creating an image that is known to violate CSP
- waiting for the subsequent
securitypolicyviolation event, and verifying that it was produced by the second image
This approach increases the semantics under test (the event queue and the blockedURI attribute of the SecurityPolicyViolationEvent object), so I'm not sure it's the best solution.
/cc @andypaicu @hillbrad
This test includes an assertion that the
securitypolicyviolationis not fired at the window. Chromium incorrectly fires the event, but because it does so after testing is completed, the failure is not reported.The harness should be delayed until the browser is certain not to fire the event. This could be accomplished by:
loadorerrorevent)securitypolicyviolationevent, and verifying that it was produced by the second imageThis approach increases the semantics under test (the event queue and the
blockedURIattribute of theSecurityPolicyViolationEventobject), so I'm not sure it's the best solution./cc @andypaicu @hillbrad