summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html')
-rw-r--r--testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html23
1 files changed, 23 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html
new file mode 100644
index 0000000000..df4a443893
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/support/navigate-parent-to-blob.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
+ </head>
+ <body>
+ <script>
+ const blob_payload = `
+ <!doctype html>
+ <script>
+ var i = false;
+ try {
+ eval('i = true');
+ } catch {}
+ opener.postMessage(i ? "eval allowed" : "eval blocked", '*');
+ </scr` + `ipt>
+ `;
+ var blob_url = URL.createObjectURL(
+ new Blob([blob_payload], { type: 'text/html' }));
+ parent.location = blob_url;
+ </script>
+ </body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-09 01:52:26 +0000