OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <html> |
| 3 <head> |
| 4 <meta http-equiv="Content-Security-Policy" content="form-action 'none'"> |
| 5 <script> |
| 6 if (window.testRunner) { |
| 7 testRunner.dumpAsText(); |
| 8 testRunner.waitUntilDone(); |
| 9 testRunner.setCanOpenWindows(); |
| 10 } |
| 11 |
| 12 // Open a new window with the name matching form.target attribute below. |
| 13 window.open( |
| 14 'http://localhost:8080/security/resources/empty.html', |
| 15 'namedCrossSiteWindow') |
| 16 |
| 17 window.addEventListener('load', function() { |
| 18 document.getElementById('theform').addEventListener('submit', function(e
) { |
| 19 console.log('submit event fired.'); |
| 20 }); |
| 21 |
| 22 setTimeout(function() { |
| 23 document.getElementById('submit').click(); |
| 24 }, 0); |
| 25 }); |
| 26 |
| 27 document.addEventListener('securitypolicyviolation', function(e) { |
| 28 console.log('securitypolicyviolation event fired.'); |
| 29 console.log('securitypolicyviolation_event.documentURI=' + e.documentURI
); |
| 30 console.log('securitypolicyviolation_event.blockedURI=' + e.blockedURI); |
| 31 console.log('securitypolicyviolation_event.violatedDirective=' + e.viola
tedDirective); |
| 32 setTimeout(function() { |
| 33 testRunner.notifyDone(); |
| 34 }, 0); |
| 35 }); |
| 36 </script> |
| 37 </head> |
| 38 <body> |
| 39 <form action='/navigation/resources/form-target.pl' id='theform' |
| 40 method='post' target="namedCrossSiteWindow"> |
| 41 <input type='text' name='fieldname' value='fieldvalue'> |
| 42 <input type='submit' id='submit' value='submit'> |
| 43 </form> |
| 44 |
| 45 <p>Tests that blocking form actions works correctly. If this test passes, yo
u will see a console error, and will not see a page indicating a form was POSTed
.</p> |
| 46 </body> |
| 47 </html> |
OLD | NEW |