[HTML Import] Respect Content Security Policy Model

LayoutTests/http/tests/htmlimports/csp-block-import-non-self.html

Index: LayoutTests/http/tests/htmlimports/csp-block-import-non-self.html
diff --git a/LayoutTests/http/tests/htmlimports/csp-block-import-non-self.html b/LayoutTests/http/tests/htmlimports/csp-block-import-non-self.html
new file mode 100644
index 0000000000000000000000000000000000000000..9ebb01170295b8153f9aa3bbe8eb7497e991afb4
--- /dev/null
+++ b/LayoutTests/http/tests/htmlimports/csp-block-import-non-self.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
+<link id="selfImport"    rel="import" href="resources/hello.html">
+<link id="nonSelfImport" rel="import" href="http://localhost:8080/htmlimports/resources/cors-basic.cgi">
+</head>
+<body>
+<pre id="result"></pre>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+if (window.selfImport.import != null)
+    result.innerHTML += "PASS\n";
+else
+    result.innerHTML += "FAIL: The import should be allowed.\n";
+
+if (window.nonSelfImport.import == null)
+    result.innerHTML += "PASS\n";
+else
+    result.innerHTML += "FAIL: The import should be blocked.\n";
+</script>
+</body>
+</html>