Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-affects-cross-site-child-disallowed.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-affects-cross-site-child-disallowed.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-affects-cross-site-child-disallowed.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..06c2a8f155c7460e05fdacc7135855f92c99656a |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-affects-cross-site-child-disallowed.html |
@@ -0,0 +1,23 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <meta http-equiv="Content-Security-Policy" content="plugin-types text/plain"> |
+ <script src="../resources/dump-as-text.js"></script> |
+</head> |
+<body> |
+ <p> |
+ This tests a scenario where an iframe element's src attribute points |
+ to a cross-site URI that loads a plugin. In this test the plugin |
+ is disallowed by the plugin-types Content Security Policy directive, |
+ therefore the test passes if |
+ 1) there is no "Blink Test Plugin: initializing" console message |
+ 2) there is a console message indicating CSP violation |
+ </p> |
+ |
+ <!-- the URI below is cross-site from the default layout tests site |
+ http://127.0.0.1:8000 --> |
+ <!-- we lie in the "type" attribute below, to pass early CSP checks --> |
+ <iframe type="text/plain" |
+ src="http://localhost:8000/plugins/resources/mock-plugin.pl"></iframe> |
+</body> |
+</html> |