diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/csp/file_iframe_sandbox_srcdoc.html | 11 | ||||
-rw-r--r-- | dom/security/test/csp/file_iframe_sandbox_srcdoc.html^headers^ | 1 |
2 files changed, 12 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_iframe_sandbox_srcdoc.html b/dom/security/test/csp/file_iframe_sandbox_srcdoc.html new file mode 100644 index 0000000000..bc700ed68f --- /dev/null +++ b/dom/security/test/csp/file_iframe_sandbox_srcdoc.html @@ -0,0 +1,11 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1073952 - CSP should restrict scripts in srcdoc iframe even if sandboxed</title> +</head> +<body> +<iframe srcdoc="<img src=x onerror='parent.postMessage({result: `unexpected-csp-violation`}, `*`);'>" + sandbox="allow-scripts"></iframe> +</body> +</html> diff --git a/dom/security/test/csp/file_iframe_sandbox_srcdoc.html^headers^ b/dom/security/test/csp/file_iframe_sandbox_srcdoc.html^headers^ new file mode 100644 index 0000000000..cf869e07d4 --- /dev/null +++ b/dom/security/test/csp/file_iframe_sandbox_srcdoc.html^headers^ @@ -0,0 +1 @@ +content-security-policy: default-src *; |