blob: 6daa6a96e83b05648207cf587133eaa4b7448214 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
<!DOCTYPE html>
<title>Test Content Security Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>
<body>
<script>
promise_test(async () => {
const csp_key = token();
// The 'csp' property does not appear in the IDL definition for
// fenced frames, so ensure that the 'csp' property didn't
// leak over from the IFrame prototype.
assert_equals(HTMLFencedFrameElement.prototype.hasOwnProperty('csp'),
false);
const new_frame = document.createElement('fencedframe');
const new_config = new FencedFrameConfig(generateURL(
"resources/csp-inner.html",
[csp_key]));
new_frame.config = new_config;
// This attribute will be ignored since the IDL for
// fenced frames do not support the 'csp' attribute.
new_frame.setAttribute("csp", "style-src 'none';");
document.body.append(new_frame);
// Get the result for the top-level fenced frame.
const fenced_frame_result = await nextValueFromServer(csp_key);
assert_equals(fenced_frame_result, "pass");
}, "Fenced Frames should not honor the csp attribute from parent page");
</script>
</body>
</html>
|