devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

<html>
      <head>
          <title>CSP Base-URI Violation Test </title>
          <base href="https://evil.com/">
      </head>
      <body>
          <h1> Crashing the Base Element</h1>
      </body>
      <script>
        "use strict";
        window.violate = ()=>{
          document.head.innerHTML = "";
          const b = document.createElement("base");
          b.href = "https://evil.com";
          document.head.append(b);
        };
      </script>
    </html>