summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fenced-frame/csp.https.html
blob: 6daa6a96e83b05648207cf587133eaa4b7448214 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<!DOCTYPE html>
  <title>Test Content Security Policy</title>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
  <script src="resources/utils.js"></script>
  <script src="/common/utils.js"></script>

  <body>

    <script>
      promise_test(async () => {
        const csp_key = token();

        // The 'csp' property does not appear in the IDL definition for
        // fenced frames, so ensure that the 'csp' property didn't
        // leak over from the IFrame prototype.
        assert_equals(HTMLFencedFrameElement.prototype.hasOwnProperty('csp'),
                      false);

        const new_frame = document.createElement('fencedframe');
        const new_config = new FencedFrameConfig(generateURL(
            "resources/csp-inner.html",
            [csp_key]));
        new_frame.config = new_config;

        // This attribute will be ignored since the IDL for
        // fenced frames do not support the 'csp' attribute.
        new_frame.setAttribute("csp", "style-src 'none';");
        document.body.append(new_frame);

        // Get the result for the top-level fenced frame.
        const fenced_frame_result = await nextValueFromServer(csp_key);
        assert_equals(fenced_frame_result, "pass");

      }, "Fenced Frames should not honor the csp attribute from parent page");
    </script>

  </body>
</html>