1 files changed, 52 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html
new file mode 100644
index 0000000000..f4122f3d35
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html
@@ -0,0 +1,52 @@
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<html>
+<body></body>
+<script>
+    promise_test(async test => {
+      // 1. Load an iframe (not blocked).
+      let iframe = document.createElement("iframe");
+      {
+        iframe.name = "theiframe";
+        iframe.src =
+          "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?0";
+        let iframeLoaded = new Promise(resolve => { iframe.onload = resolve });
+        document.body.appendChild(iframe);
+        await iframeLoaded;
+      }
+
+      // 2. Start blocking iframes using CSP frame-src 'none'.
+      {
+        let meta = document.createElement('meta');
+        meta.httpEquiv = "Content-Security-Policy";
+        meta.content = "frame-src 'none'";
+        document.getElementsByTagName('head')[0].appendChild(meta);
+      }
+
+      // 3. Blocked same-document navigation using iframe.src.
+      {
+        let violation = new Promise(resolve => {
+          window.addEventListener('securitypolicyviolation', () => resolve());
+        });
+        iframe.src =
+          "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?1";
+        await violation;
+      }
+
+      // 4. Blocked same-document navigation using window.open.
+      {
+        let violation = new Promise(resolve => {
+          window.addEventListener('securitypolicyviolation', resolve);
+        });
+        window.open(
+          "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?2",
+          "theiframe");
+        await violation;
+      }
+
+      // 5. Regression test for https://crbug.com/1018385. The browser should
+      // not crash while displaying the error page.
+      await new Promise(resolve => window.setTimeout(resolve, 1000));
+    }, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag");
+</script>
+</html>