<script src="../resources/testharness.js"></script>
<script src="../resources/testharnessreport.js"></script>
<script>
test(function () {
// http://username@password:localhost:8000/... should be blocked.
var originWithAuth = new URL(document.URL);
originWithAuth.username += 'username';
originWithAuth.password += 'password';
originWithAuth = originWithAuth.href;
assert_throws_dom('SecurityError', function () {
history.pushState(null, null, originWithAuth);
});
}, 'pushState that changes credentials should fail with SecurityError');
</script>
Codebase Browser
chromium