Index: content/test/data/frame-src-self-and-b.html |
diff --git a/content/test/data/frame-src-self-and-b.html b/content/test/data/frame-src-self-and-b.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..5fcd896e281bda2318a7c63e9f2e8616659916a0 |
--- /dev/null |
+++ b/content/test/data/frame-src-self-and-b.html |
@@ -0,0 +1,21 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+<title>This page should only allow subframes from the same origin or b.com</title> |
+</head> |
+<body> |
+This page should only allow subframes from the same origin or from b.com, |
+because its CSP headers specify frame-src 'self' and 'b.com'. |
+<iframe src="/cross-site/b.com/title2.html"></iframe> |
+<iframe srcdoc=" |
+ <html> |
alexmos
2016/05/16 16:17:03
Looking at some other test files with srcdoc ifram
Łukasz Anforowicz
2016/05/16 19:44:45
Oh, indeed - I assumed that I need to escape, but
|
+ <head> |
+ <title>subtitle1</title> |
+ </head> |
+ <body> |
+ <iframe src="/cross-site/b.com/title2.html"></iframe> |
+ </body> |
+ </html>"></iframe> |
+</body> |
+</html> |
+ |