summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html40
1 files changed, 40 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html b/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html
new file mode 100644
index 0000000000..b08da85e87
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/frame-src-javascript-url.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'">
+
+<script>
+ const iframe_url = new URL("./support/empty.html", location.href);
+
+ // Regression test for: https://crbug.com/1064676
+ promise_test(async (t) => {
+ await new Promise(r => window.onload = r);
+
+ let url = `javascript:
+
+ window.addEventListener('securitypolicyviolation', e => {
+ parent.postMessage({
+ originalPolicy: e.originalPolicy,
+ blockedURI: e.blockedURI,
+ });
+ });
+
+ let iframe = document.createElement('iframe');
+ iframe.src = '${iframe_url}';
+ document.body.appendChild(iframe);
+
+ `;
+
+ let iframe = document.createElement('iframe');
+ iframe.src = encodeURI(url.replace(/\n/g, ""));
+
+ let violation = new Promise(r => window.addEventListener("message", r));
+ document.body.appendChild(iframe);
+ let {data} = await violation;
+
+ assert_equals(data.originalPolicy, "frame-src 'none'");
+ assert_equals(data.blockedURI, iframe_url.toString());
+
+ }, "<iframe src='javascript:...'>'s inherits policy (dynamically inserted <iframe> is blocked)");
+
+</script>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 18:34:10 +0000