diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html new file mode 100644 index 0000000000..419a14458b --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-sandboxed-allowed.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> + <head> + <title>Frame-src: 'self' matches even if the parent's origin is unique.</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <script> + var t = async_test('SubframeLoaded'); + + window.addEventListener('securitypolicyviolation', t.step_func(function(e) { + if (e.violatedDirective === "frame-src") { + assert_unreached('unexpected securitypolicyviolation'); + t.done(); + } + })); + + window.addEventListener("message", t.step_func(function(event) { + assert_equals(event.data, "PASS", 'unexpected message: ' + event.data); + t.done(); + })); + + f = document.createElement("iframe"); + f.src = "/content-security-policy/support/postmessage-pass.html"; + document.body.appendChild(f); + </script> + </body> +</html> |