Skip to main content

Browse the archive

https://github.com/web-platform-tests/wpt
26 December 2018, 22:31:15 UTC
Raw File
Tip revision: 7a57cec459d38429ac7519b225095ef26b014c9f authored by Florin Malita on 02 April 2018, 18:50:29 UTC
Add a gradient color-stops parsing test
Tip revision: 7a57cec
policy-inherited-correctly-by-plznavigate.html 
<!DOCTYPE HTML>
<html>
<head>
  <!-- This tests a bug that can occur when content layer CSP is not told
       about the CSP inherited from the parent document which leads to it not
       applying it to content layer CSP checks (such as frame-src with
       PlzNavigate on).
       Also see crbug.com/778658. -->
  <script src='/resources/testharness.js'></script>
  <script src='/resources/testharnessreport.js'></script>
</head>
<body>
  <script>
    var t = async_test("iframe still inherits correct CSP");
  </script>

  <iframe id="x" srcdoc="<a href='about:blank'>123</a>"></iframe>

  <script>
    window.onmessage = t.step_func_done(function(e) {
      assert_equals(e.data, "frame-src");
    });

    x = document.getElementById('x');
    x.location = "";

    // While document.write is deprecated I did not find another way to reproduce
    // the original exploit.
    x.contentDocument.write(
      '<script>window.addEventListener("securitypolicyviolation", function(e) {' +
      '  window.top.postMessage(e.violatedDirective, "*");' +
      '});</scr' + 'ipt>' +
      '<iframe src="../support/fail.html"></iframe>'
    );
    x.contentDocument.close();
  </script>
  <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-src%20%27none%27''></script>
</body>
</html>
back to top