testing/web-platform/tests/content-security-policy/inheritance/support/navigate-self-to-javascript.html


1
2
3
4
5
6
7
8
9
10
11
12

<meta http-equiv="Content-Security-Policy" content="img-src 'none'"/>
<script>
  const js_payload = `
    <div>
      <img src="${window.origin}/content-security-policy/support/fail.png"
           onload="opener.postMessage(\\\'img loaded\\\', \\\'*\\\');"
           onerror="opener.postMessage(\\\'img blocked\\\', \\\'*\\\');"
      >
    </div>
  `;
  open(`javascript:'${js_payload}'`,"_self");
</script>