Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/contentTypeOptions/block-image-as-script.html 

<!DOCTYPE html>
<head>
    <title>Block 'image/*' when served as script.</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script>
      window.scriptsSuccessfullyLoaded = 0;
    </script>
</head>
<body>
    <script src="resources/script-with-header.pl?mime=image/gif&amp;options=invalid"></script>
    <script src="resources/script-with-header.pl?mime=image/jpeg&amp;options=invalid"></script>
    <script src="resources/script-with-header.pl?mime=IMAGE/PNG&amp;options=invalid"></script>
    <script src="resources/script-with-header.pl?mime=image/x-icon&amp;options=invalid"></script>
    <script src="resources/script-with-header.pl?mime=image/svg+xml&amp;options=invalid"></script>
    <script>
      test(function () {
        assert_equals(window.scriptsSuccessfullyLoaded, 0);
      }, "All image/* scripts should be blocked.");
    </script>
</body>
</html>