Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/subresourceIntegrity/subresource-integrity-script-cors-bad-integrity.html 

<!DOCTYPE html>
<head>
    <title>SRI on cross origin CORS enabled script, with bad integrity</title>
</head>
<body>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script>
        var result = '';
        // Tests script tag variations corresponding to conditions in
        // https://html.spec.whatwg.org/#prepare-a-script, because they
        // are implemented by different code paths.
        // These tests differ in async/defer attributes
        // and whether they are dynamically inserted.
        var test1 = async_test('1st Clause, Step 23 of prepare a script');
        var test2 = async_test('2nd Clause, Step 23 of prepare a script');
        var test3 = async_test('3rd Clause, Step 23 of prepare a script');
        var test4 = async_test('4th Clause, Step 23 of prepare a script');
        var scriptLoaded = function(t) {
            t.step(function() {
                assert_unreached('Script loaded.');
                t.done();
            });
        };
        var scriptError = function(t) {
            t.step(function() {
                assert_equals(result, '', 'Script did not run.');
                t.done();
            });
        };
        var script3 = document.createElement('script');
        script3.setAttribute('integrity', 'sha256-deadbeef');
        script3.setAttribute('crossorigin', '');
        script3.onload = scriptLoaded.bind(undefined, test3);
        script3.onerror = scriptError.bind(undefined, test3);
        script3.src = 'http://localhost:8000/security/resources/cors-script.php?value=ran&test=3';
        script3.async = false;
        document.head.appendChild(script3);
    </script>
    <script crossorigin integrity="sha256-deadbeef" src="http://localhost:8000/security/resources/cors-script.php?value=ran&test=1" onload="scriptLoaded(test1);" onerror="scriptError(test1);" defer></script>
    <script crossorigin integrity="sha256-deadbeef" src="http://localhost:8000/security/resources/cors-script.php?value=ran&test=2" onload="scriptLoaded(test2);" onerror="scriptError(test2);"></script>
    <script crossorigin integrity="sha256-deadbeef" src="http://localhost:8000/security/resources/cors-script.php?value=ran&test=4" onload="scriptLoaded(test4);" onerror="scriptError(test4);" async></script>
</body>
</html>