diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/csp/test_csp_frame_ancestors_about_blank.html | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_csp_frame_ancestors_about_blank.html b/dom/security/test/csp/test_csp_frame_ancestors_about_blank.html new file mode 100644 index 0000000000..8f57d9e133 --- /dev/null +++ b/dom/security/test/csp/test_csp_frame_ancestors_about_blank.html @@ -0,0 +1,59 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1668071 - CSP frame-ancestors in about:blank</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + +<script class="testbody" type="text/javascript"> + +/* Description of the test: + * We dynamically load an about:blank iframe which then loads a testframe + * including a CSP frame-ancestors directive which matches the including + * security context. We make sure that we not incorrectly block on + * about:blank which should inherit the security context. + */ + +SimpleTest.waitForExplicitFinish(); + +let aboutBlankFrame = document.createElement("iframe"); +document.body.appendChild(aboutBlankFrame); + +aboutBlankFrame.onload = function() { + ok(true, "aboutBlankFrame onload should fire"); + let aboutBlankDoc = aboutBlankFrame.contentDocument; + is(aboutBlankDoc.documentURI, "about:blank", + "sanity: aboutBlankFrame URI should be about:blank"); + + let testframe = aboutBlankDoc.createElement("iframe"); + aboutBlankDoc.body.appendChild(testframe); + testframe.onload = function() { + ok(true, "testframe onload should fire"); + let testDoc = SpecialPowers.wrap(testframe.contentDocument); + ok(testDoc.documentURI.endsWith("file_csp_frame_ancestors_about_blank.html"), + "sanity: document in testframe should be the testfile"); + + let cspJSON = testDoc.cspJSON; + ok(cspJSON.includes("frame-ancestors"), "found frame-ancestors directive"); + ok(cspJSON.includes("http://mochi.test:8888"), "found frame-ancestors value"); + + SimpleTest.finish(); + } + + testframe.onerror = function() { + ok(false, "testframe onerror should not fire"); + } + testframe.src = "file_csp_frame_ancestors_about_blank.html"; +} + +aboutBlankFrame.onerror = function() { + ok(false, "aboutBlankFrame onerror should not be called"); +} +aboutBlankFrame.src = "about:blank"; + +</script> +</body> +</html> |