frame-src-cross-origin-load

From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../frame-src/frame-src-cross-origin-load.sub.html | 68 ++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html (limited to 'testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html') diff --git a/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html new file mode 100644 index 0000000000..956c79fbf0 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html @@ -0,0 +1,68 @@ + + + + + + + frame-src-cross-origin-load + + + + + +

+ IFrames blocked by CSP should generate a 'load', not 'error' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. +

+ + + + + + + +

+ + + -- cgit v1.2.3