diff options
Diffstat (limited to '')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html new file mode 100644 index 0000000000..bc81a63b62 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> + +<head> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<meta http-equiv="Content-Security-Policy" content="form-action 'self'"> +</head> + +<body> + <form action='/content-security-policy/support/postmessage-pass-to-opener.html' + id='form_id' + target="_blank" + rel="opener"> + </form> + + <p> + Test that "form-action 'self'" works correctly when the form uses + target="_blank". If this test passes, a new window must open after pressing + "submit". + </p> +</body> + +<script> + async_test(t => { + document.addEventListener('securitypolicyviolation', function(e) { + t.unreached_func("Form submission was blocked."); + }); + + window.addEventListener('message', function(event) { + t.done(); + }) + + window.addEventListener("load", function() { + document.getElementById("form_id").submit(); + }); + }, "The form submission should not be blocked by the iframe's CSP."); +</script> + +</html> |