third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-vs-shift-click.html - Issue 2453093003: child-src and frame-src CSP are not applicable when navigating a new window.

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-vs-shift-click.html

Issue 2453093003: child-src and frame-src CSP are not applicable when navigating a new window. (Closed)

Patch Set: Address a CR feedback nit - get rid of unnecessary parens. Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/navigation/post-with-modifier.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-src-vs-shift-click-target.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-vs-shift-click.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-vs-shift-click.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-vs-shift-click.html

new file mode 100644

index 0000000000000000000000000000000000000000..fa0d006dba7772105a532d4c9713441982a38ef9

--- /dev/null

+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-vs-shift-click.html

@@ -0,0 +1,68 @@

+<head>

+ <meta http-equiv="Content-Security-Policy" content="frame-src 'none'"/>

+</head>

+<div id="container">

+<p>You should run this test in Test Runner</p>

+<p>This is a regression test for https://crbug.com/658701</p>

+</div>

+<div id="log"></div>

+<script src="/resources/testharness.js"></script>

+<script src="/resources/testharnessreport.js"></script>

+<iframe id="iframe"

+ srcdoc="

+<p>frame-src-vs-shift-click-FRAME.html:

+<a id="test-anchor"

+ href="resources/frame-src-vs-shift-click-target.html"

+ >Test anchor</a>

+</p>

+ "></iframe>

+<script>

+var test = async_test("Testing frame-src vs shift-click");

+function concludeTest(data)

+ test.step(function() {

+ assert_equals(

+ data["window.location.href"],

+ 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/frame-src-vs-shift-click-target.html',

+ "Test should be finished from frame-src-vs-shift-click-target.html");

+ assert_equals(

+ data["history.length"],

+ 1,

+ "frame-src-vs-shift-click-target.html should be in a fresh window");

+ assert_true(

+ data["window.self == window.parent"],

+ "frame-src-vs-shift-click-target.html should be the main frame");

+ });

+ document.getElementById('container').outerHTML = '';

+ test.done();

+if (window.testRunner) {

+ testRunner.setCanOpenWindows(true);

+ testRunner.setCloseRemainingWindowsWhenComplete(true);

+ // Shift-clicking doesn't set window.opener, so we allow the new window

+ // to find the opener using the name being set below.

+ // TODO(lukasza): After fixing https://crbug.com/658386, the test will

+ // need to use another mechanism for communicating verification results

+ // (most likely OOPIF-replicated testRunner.setCustomTextOutput).

+ window.name = "mainTestWindow";

+ window.addEventListener('message', function(e) {

+ concludeTest(e.data);

+ });

+ window.onload = function() {

+ var iframe = document.getElementById("iframe");

+ var anchor = iframe.contentWindow.document.getElementById('test-anchor');

+ var x = iframe.offsetLeft + anchor.offsetLeft + 3;

+ var y = iframe.offsetTop + anchor.offsetTop + 3;

+ eventSender.dragMode = false;

+ eventSender.mouseMoveTo(x, y);

+ eventSender.mouseDown(0);

+ eventSender.mouseUp(0, ['shiftKey']);

+ };

+</script>