summaryrefslogtreecommitdiffstats
path: root/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html18
-rw-r--r--devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^1
2 files changed, 19 insertions, 0 deletions
diff --git a/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html
new file mode 100644
index 0000000000..9f6e975903
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html
@@ -0,0 +1,18 @@
+<html>
+ <head>
+ <title>CSP Base-URI Violation Test </title>
+ <base href="https://evil.com/">
+ </head>
+ <body>
+ <h1> Crashing the Base Element</h1>
+ </body>
+ <script>
+ "use strict";
+ window.violate = ()=>{
+ document.head.innerHTML = "";
+ const b = document.createElement("base");
+ b.href = "https://evil.com";
+ document.head.append(b);
+ };
+ </script>
+ </html>
diff --git a/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^ b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^
new file mode 100644
index 0000000000..3c02326419
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/test-csp-violation-base-uri.html^headers^
@@ -0,0 +1 @@
+Content-Security-Policy: base-uri 'self';