22 lines
731 B
HTML
22 lines
731 B
HTML
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<html>
|
|
<body></body>
|
|
<script>
|
|
let crossOriginUrl =
|
|
"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html";
|
|
|
|
promise_test(async test => {
|
|
let iframe = document.createElement("iframe");
|
|
document.body.appendChild(iframe);
|
|
|
|
for(let hash of ["#0", "#1"]) {
|
|
let violation = new Promise(resolve => {
|
|
window.addEventListener('securitypolicyviolation', resolve);
|
|
});
|
|
iframe.src = crossOriginUrl + hash;
|
|
await violation;
|
|
}
|
|
}, "Same-document navigation in an iframe blocked by CSP frame-src");
|
|
</script>
|
|
</html>
|