Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(88)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/javascript-url.pl

Issue 2490943002: Block 'javascript:' navigation in the correct document. (Closed)
Patch Set: feedback Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 #!/usr/bin/perl -wT
2 use strict;
3 use CGI;
4
5 my $cgi = new CGI;
6
7 print "Content-Type: text/html; charset=UTF-8\n";
8 print "Content-Security-Policy: ".$cgi->param('csp')."\n\n";
9
10 my $text = "PASS";
11 $text = "FAIL" if $cgi->param('should_run') eq 'no';
12
13 print "<!DOCTYPE html>\n";
14 print "<html>\n";
15 print "<body>\n";
16 print "<iframe src=\"javascript:alert('".$text."');\"></iframe>\n";
17 print "<object data=\"javascript:alert('".$text."');\"></object>\n";
18 print "<embed src=\"javascript:alert('".$text."');\"></embed>\n";
19 print "</html>\n";
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698