testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
  </head>
  <body>
    <script>
      const blob_payload = `
        <!doctype html>
         <script>
           var i = false;
           try {
             eval('i = true');
           } catch {}
           opener.postMessage(i ? "eval allowed" : "eval blocked", '*');
         </scr` + `ipt>
         `;
      var blob_url = URL.createObjectURL(
          new Blob([blob_payload], { type: 'text/html' }));
      parent.location = blob_url;
    </script>
  </body>
</html>