Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-blocked-when-target-cross-site-window.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-blocked-when-target-cross-site-window.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-blocked-when-target-cross-site-window.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..1b2dfe864fc8a1e7c62859fbeb70e6abed963f9e |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-blocked-when-target-cross-site-window.html |
@@ -0,0 +1,47 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+<meta http-equiv="Content-Security-Policy" content="form-action 'none'"> |
+<script> |
+ if (window.testRunner) { |
+ testRunner.dumpAsText(); |
+ testRunner.waitUntilDone(); |
+ testRunner.setCanOpenWindows(); |
+ } |
+ |
+ // Open a new window with the name matching form.target attribute below. |
+ window.open( |
+ 'http://localhost:8080/security/resources/empty.html', |
+ 'namedCrossSiteWindow') |
+ |
+ window.addEventListener('load', function() { |
+ document.getElementById('theform').addEventListener('submit', function(e) { |
+ console.log('submit event fired.'); |
+ }); |
+ |
+ setTimeout(function() { |
+ document.getElementById('submit').click(); |
+ }, 0); |
+ }); |
+ |
+ document.addEventListener('securitypolicyviolation', function(e) { |
+ console.log('securitypolicyviolation event fired.'); |
+ console.log('securitypolicyviolation_event.documentURI=' + e.documentURI); |
+ console.log('securitypolicyviolation_event.blockedURI=' + e.blockedURI); |
+ console.log('securitypolicyviolation_event.violatedDirective=' + e.violatedDirective); |
+ setTimeout(function() { |
+ testRunner.notifyDone(); |
+ }, 0); |
+ }); |
+</script> |
+</head> |
+<body> |
+ <form action='/navigation/resources/form-target.pl' id='theform' |
+ method='post' target="namedCrossSiteWindow"> |
+ <input type='text' name='fieldname' value='fieldvalue'> |
+ <input type='submit' id='submit' value='submit'> |
+ </form> |
+ |
+ <p>Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.</p> |
+</body> |
+</html> |