Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html

Issue 2487973004: Enforce form-action CSP even when form.target is present. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-blocked-when-target-cross-site-window-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="form-action 'none'"> 4 <meta http-equiv="Content-Security-Policy" content="form-action 'none'">
5 <script> 5 <script>
6 if (window.testRunner) { 6 if (window.testRunner) {
7 testRunner.dumpAsText(); 7 testRunner.dumpAsText();
8 testRunner.waitUntilDone(); 8 testRunner.waitUntilDone();
9 testRunner.clearBackForwardList(); 9 testRunner.clearBackForwardList();
10 testRunner.dumpBackForwardList(); 10 testRunner.dumpBackForwardList();
11 } 11 }
12
12 window.addEventListener('load', function() { 13 window.addEventListener('load', function() {
14 document.getElementById('theform').addEventListener('submit', function(e ) {
15 console.log('submit event fired.');
16 });
17
13 setTimeout(function() { 18 setTimeout(function() {
14 document.getElementById('submit').click(); 19 document.getElementById('submit').click();
15 }, 0); 20 }, 0);
16 }); 21 });
17 setTimeout(function () { 22
18 testRunner.notifyDone(); 23 document.addEventListener('securitypolicyviolation', function(e) {
19 }, 1000); 24 console.log('securitypolicyviolation event fired.');
25 console.log('securitypolicyviolation_event.documentURI=' + e.documentURI );
26 console.log('securitypolicyviolation_event.blockedURI=' + e.blockedURI);
27 console.log('securitypolicyviolation_event.violatedDirective=' + e.viola tedDirective);
28 setTimeout(function() {
29 testRunner.notifyDone();
30 }, 0);
31 });
20 </script> 32 </script>
21 </head> 33 </head>
22 <body> 34 <body>
23 <form action='/navigation/resources/form-target.pl' id='theform' method='pos t'> 35 <form action='/navigation/resources/form-target.pl' id='theform' method='pos t'>
24 <input type='text' name='fieldname' value='fieldvalue'> 36 <input type='text' name='fieldname' value='fieldvalue'>
25 <input type='submit' id='submit' value='submit'> 37 <input type='submit' id='submit' value='submit'>
26 </form> 38 </form>
27 39
28 <p>Tests that blocking form actions works correctly. If this test passes, yo u will see a console error, and will not see a page indicating a form was POSTed .</p> 40 <p>Tests that blocking form actions works correctly. If this test passes, yo u will see a console error, and will not see a page indicating a form was POSTed .</p>
29 </body> 41 </body>
30 </html> 42 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-blocked-when-target-cross-site-window-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698