diff options
Diffstat (limited to '')
-rw-r--r-- | devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html | 18 | ||||
-rw-r--r-- | devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^ | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html new file mode 100644 index 0000000000..9f6e975903 --- /dev/null +++ b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html @@ -0,0 +1,18 @@ +<html> + <head> + <title>CSP Base-URI Violation Test </title> + <base href="https://evil.com/"> + </head> + <body> + <h1> Crashing the Base Element</h1> + </body> + <script> + "use strict"; + window.violate = ()=>{ + document.head.innerHTML = ""; + const b = document.createElement("base"); + b.href = "https://evil.com"; + document.head.append(b); + }; + </script> + </html> diff --git a/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^ b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^ new file mode 100644 index 0000000000..3c02326419 --- /dev/null +++ b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^ @@ -0,0 +1 @@ +Content-Security-Policy: base-uri 'self'; |