diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/csp/test_bug1452037.html | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_bug1452037.html b/dom/security/test/csp/test_bug1452037.html new file mode 100644 index 0000000000..fa46e91291 --- /dev/null +++ b/dom/security/test/csp/test_bug1452037.html @@ -0,0 +1,41 @@ +<!DOCTYPE HTML> +<html> +<head> + <title>Test if "script-src: sha-... " Allowlists "javascript:" URIs</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + <iframe></iframe> + +<script class="testbody"> + SimpleTest.requestCompleteLog(); + SimpleTest.waitForExplicitFinish(); + + let frame = document.querySelector("iframe"); + + window.addEventListener("message", (msg) => { + ok(false, "The CSP did not block javascript:uri"); + SimpleTest.finish(); + }); + + document.addEventListener("securitypolicyviolation", () => { + ok(true, "The CSP did block javascript:uri"); + SimpleTest.finish(); + }); + + frame.addEventListener("load", () => { + let link = frame.contentWindow.document.querySelector("a"); + frame.contentWindow.document.addEventListener("securitypolicyviolation", () => { + ok(true, "The CSP did block javascript:uri"); + SimpleTest.finish(); + }) + link.click(); + }); + frame.src = "file_bug1452037.html"; + + +</script> +</body> +</html> |