diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html new file mode 100644 index 0000000000..6afd4459b0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<html> +<head> + <title>form-action-src-redirect-allowed-target-frame</title> + <meta http-equiv="Content-Security-Policy" content="form-action 'self'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script> + function OnDocumentLoaded() { + let test = async_test("form submission targetting a frame allowed after a redirect"); + window.addEventListener("message", function(event) { + if (event.data == "DocumentNotBlocked") { + test.done(); + } + }); + + let form = document.getElementById("form"); + let final_url = "/content-security-policy/form-action/support/post-message-to-parent.sub.html?message=DocumentNotBlocked"; + let redirect_url = "/common/redirect.py?location="; + form.action = redirect_url + encodeURIComponent(final_url); + + let submit = document.getElementById("submit"); + submit.click(); + } + </script> +</head> +<body onload="OnDocumentLoaded();"> + <form id="form" method="POST" target="frame"> + <input type="submit" id="submit"> + </form> + <iframe name="frame"></iframe> +</body> +</html> + |