Skip to main content

Browse the archive

https://github.com/web-platform-tests/wpt
26 December 2018, 22:31:15 UTC
Raw File
Tip revision: b0a5adb79b683700fb1a3e59dd2632387c506701 authored by Luke Bjerring on 29 March 2018, 17:14:00 UTC
Remove redundant Array.from
Tip revision: b0a5adb
policy-inherited-correctly-by-plznavigate.html 
<!DOCTYPE HTML>
<html>
<head>
  <!-- This tests a bug that can occur when content layer CSP is not told
       about the CSP inherited from the parent document which leads to it not
       applying it to content layer CSP checks (such as frame-src with
       PlzNavigate on).
       Also see crbug.com/778658. -->
  <script src='/resources/testharness.js'></script>
  <script src='/resources/testharnessreport.js'></script>
</head>
<body>
  <script>
    var t = async_test("iframe still inherits correct CSP");
  </script>

  <iframe id="x" srcdoc="<a href='about:blank'>123</a>"></iframe>

  <script>
    window.onmessage = t.step_func_done(function(e) {
      assert_equals(e.data, "frame-src");
    });

    x = document.getElementById('x');
    x.location = "";

    // While document.write is deprecated I did not find another way to reproduce
    // the original exploit.
    x.contentDocument.write(
      '<script>window.addEventListener("securitypolicyviolation", function(e) {' +
      '  window.top.postMessage(e.violatedDirective, "*");' +
      '});</scr' + 'ipt>' +
      '<iframe src="../support/fail.html"></iframe>'
    );
    x.contentDocument.close();
  </script>
  <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-src%20%27none%27''></script>
</body>
</html>
back to top