1 files changed, 26 insertions, 0 deletions

diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html
new file mode 100644
index 0000000000..66456a8876
--- /dev/null
+++ b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+  const blank = 'about:blank';
+  const dangling_url = 'resources/empty.html?\n<';
+  const api_calls = [
+    `window.open(\`${dangling_url}\`,'_self')`,
+    `location.replace(\`${dangling_url}\`)`,
+  ];
+
+  api_calls.forEach(call => {
+    async_test(t => {
+      const iframe =
+        document.body.appendChild(document.createElement('iframe'));
+      t.step(() => {
+        iframe.contentWindow.eval(call)
+        t.step_timeout(()=>{
+          assert_false(iframe.contentWindow.location.href.endsWith(blank));
+          t.done();
+        }, 500);
+      });
+    }, `Does not block ${call}`);
+  });
+</script>