blob: 3068822f377da0ea3840d641874fb3eb7756f2e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="{{GET[csp]}}">
</head>
<body>
<span id="escape">{{GET[url]}}</span>
<script nonce='abc'>
window.addEventListener('securitypolicyviolation', function(e) {
opener.postMessage('fail', '*');
});
window.location.href = document.getElementById("escape").textContent;
</script>
</body>
</html>
|