summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_bug1452037.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/test_bug1452037.html')
-rw-r--r--dom/security/test/csp/test_bug1452037.html41
1 files changed, 41 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_bug1452037.html b/dom/security/test/csp/test_bug1452037.html
new file mode 100644
index 0000000000..fa46e91291
--- /dev/null
+++ b/dom/security/test/csp/test_bug1452037.html
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Test if "script-src: sha-... " Allowlists "javascript:" URIs</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+ <iframe></iframe>
+
+<script class="testbody">
+ SimpleTest.requestCompleteLog();
+ SimpleTest.waitForExplicitFinish();
+
+ let frame = document.querySelector("iframe");
+
+ window.addEventListener("message", (msg) => {
+ ok(false, "The CSP did not block javascript:uri");
+ SimpleTest.finish();
+ });
+
+ document.addEventListener("securitypolicyviolation", () => {
+ ok(true, "The CSP did block javascript:uri");
+ SimpleTest.finish();
+ });
+
+ frame.addEventListener("load", () => {
+ let link = frame.contentWindow.document.querySelector("a");
+ frame.contentWindow.document.addEventListener("securitypolicyviolation", () => {
+ ok(true, "The CSP did block javascript:uri");
+ SimpleTest.finish();
+ })
+ link.click();
+ });
+ frame.src = "file_bug1452037.html";
+
+
+</script>
+</body>
+</html>