diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
| commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
| tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html | |
| parent | Initial commit. (diff) | |
| download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip | |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html new file mode 100644 index 0000000000..f4122f3d35 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html @@ -0,0 +1,52 @@ +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<html> +<body></body> +<script> + promise_test(async test => { + // 1. Load an iframe (not blocked). + let iframe = document.createElement("iframe"); + { + iframe.name = "theiframe"; + iframe.src = + "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?0"; + let iframeLoaded = new Promise(resolve => { iframe.onload = resolve }); + document.body.appendChild(iframe); + await iframeLoaded; + } + + // 2. Start blocking iframes using CSP frame-src 'none'. + { + let meta = document.createElement('meta'); + meta.httpEquiv = "Content-Security-Policy"; + meta.content = "frame-src 'none'"; + document.getElementsByTagName('head')[0].appendChild(meta); + } + + // 3. Blocked same-document navigation using iframe.src. + { + let violation = new Promise(resolve => { + window.addEventListener('securitypolicyviolation', () => resolve()); + }); + iframe.src = + "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?1"; + await violation; + } + + // 4. Blocked same-document navigation using window.open. + { + let violation = new Promise(resolve => { + window.addEventListener('securitypolicyviolation', resolve); + }); + window.open( + "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?2", + "theiframe"); + await violation; + } + + // 5. Regression test for https://crbug.com/1018385. The browser should + // not crash while displaying the error page. + await new Promise(resolve => window.setTimeout(resolve, 1000)); + }, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag"); +</script> +</html> |