mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 23:17:45 +00:00
Tests/LibWeb: Verify XHR.open() throws on forbidden method
This verifies that XHR.open() throws a Security Error when 'CONNECT', 'TRACE', or 'TRACK' is passed as the method argument.
This commit is contained in:
parent
eb6a7ccc59
commit
68fa8f52b4
2 changed files with 21 additions and 0 deletions
|
@ -0,0 +1,20 @@
|
|||
<script src="../include.js"></script>
|
||||
<script>
|
||||
test(() => {
|
||||
const forbiddenMethods = ["CONNECT", "TRACE", "TRACK"];
|
||||
const SECURITY_ERR = 18;
|
||||
let i = 0;
|
||||
for (const method of forbiddenMethods) {
|
||||
const xhr = new XMLHttpRequest();
|
||||
try {
|
||||
xhr.open(method, "data:text/plain,", true);
|
||||
}
|
||||
catch (e) {
|
||||
if (e.code === SECURITY_ERR)
|
||||
i += 1;
|
||||
}
|
||||
}
|
||||
if (i === forbiddenMethods.length)
|
||||
println("PASS");
|
||||
});
|
||||
</script>
|
Loading…
Add table
Add a link
Reference in a new issue