Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/script-crossorigin-fails-cross-origin-2.xhtml 

<?xml version="1.0"?>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>crossorigin and XHTML</title>
</head>
<body>
<p>In an XHTML document, test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.</p>
<pre></pre>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

var result = "PASS";

function must_not_fire() {
    result = "FAIL";
}

function loaded() {
    document.querySelector("pre").innerHTML = result;
    if (window.testRunner)
        testRunner.notifyDone();
}
</script>
<!-- This script should _not_ load, nor fire onload. -->
<script crossorigin="anonymous"	src="http://localhost:8000/security/resources/cors-script.php?cors=false&amp;value=FAIL" onload="must_not_fire()"></script>
<script><![CDATA[loaded();]]></script>
</body>
</html>