| Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html
|
| index 208e5fe4c835c1e56e5ef6621cd797cf1823ce40..3b9696a09cb4e84ab9b5c2a44d0152fa7b8378d0 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html
|
| @@ -1,3 +1,24 @@
|
| -<meta http-equiv="Content-Security-Policy" content="frame-src 'none'">
|
| -<script src="resources/dump-as-text.js"></script>
|
| -<iframe src="resources/alert-fail.html"></iframe>
|
| +<!doctype html>
|
| +<script src="/resources/testharness.js"></script>
|
| +<script src="/resources/testharnessreport.js"></script>
|
| +<meta http-equiv="Content-Security-Policy" content="frame-src 'self'">
|
| +<script>
|
| + async_test(t => {
|
| + var watcher = new EventWatcher(t, document, ['securitypolicyviolation']);
|
| + watcher
|
| + .wait_for('securitypolicyviolation')
|
| + .then(t.step_func(e => {
|
| + assert_equals(e.blockedURI, "http://localhost:8000", "The reported URL should be stripped.");
|
| + assert_equals(e.lineNumber, 21, "IFrame injected from script on this page.");
|
| + t.done();
|
| + }));
|
| +
|
| + window.onmessage = t.unreached_func('No message should be sent from the frame.');
|
| + window.onload = _ => {
|
| + var url = "http://localhost:8000/security/resources/post-done.html";
|
| + var i = document.createElement('iframe');
|
| + i.src = url;
|
| + document.body.appendChild(i);
|
| + };
|
| + }, "The unredirected frame is blocked.");
|
| +</script>
|
|
|
Chromium Code Reviews
Issue 2255103002:
CSP: Strip reported URLs for 'frame-src' and 'object-src'. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master