<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html always passes"

   href="https://bugs.webkit.org/show_bug.cgi?id=146272">146272</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html always passes

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>528+ (Nightly build)

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Tools / Tests

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>dbates&#64;webkit.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>The test LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html will always pass regardless of presence of the Content Security Policy &lt;meta&gt; tag in it because the referenced external text track file, &lt;<a href="http://trac.webkit.org/browser/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/track.vtt?rev=138820">http://trac.webkit.org/browser/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/track.vtt?rev=138820</a>&gt;, is not a valid WebVTT-formatted file.

Steps to reproduce:

1. Run, Tools/Scripts/run-webkit-tests LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html

Notice that the test passes.

2. Open the file LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html in a text editor, remove the following line, and save the file:

&lt;meta http-equiv=&quot;Content-Security-Policy&quot; content=&quot;media-src 'none'&quot;&gt; LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html

3. Run, Tools/Scripts/run-webkit-tests LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html

Notice that the test passes. But it should fail with JavaScript alert &quot;FAIL&quot;.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>