| Index: third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-at-unique-origin-denied.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-at-unique-origin-denied.html b/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-at-unique-origin-denied.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..f22e05d938e079b663b6ae146609d3e7a65b532f
|
| --- /dev/null
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-at-unique-origin-denied.html
|
| @@ -0,0 +1,13 @@
|
| +<meta http-equiv="Content-Security-Policy" content="sandbox allow-scripts">
|
| +<script>
|
| +if (window.testRunner) {
|
| + testRunner.dumpAsText();
|
| + testRunner.addOriginAccessWhitelistEntry(location.origin, location.protocol, '', false);
|
| +}
|
| +try {
|
| + history.pushState(null, null, document.URL);
|
| + document.write("FAIL: URL at unique origin was manipulated via pushState.");
|
| +} catch(e) {
|
| + document.write("PASS: unique URLs cannot be manipulated via pushState.");
|
| +}
|
| +</script>
|
|
|
Chromium Code Reviews
Issue 1495013002:
Check for equality of the URL's origin in replaceState/pushState (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master