Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..d46d826ff22e1431c8708afeccf8d74558d1a5e9 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html |
@@ -0,0 +1,30 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <script src="/resources/testharness.js"></script> |
+ <script src="/resources/testharnessreport.js"></script> |
+ <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script> |
+ <meta http-equiv="content-security-policy" content="img-src 'none'"> |
+</head> |
+<body> |
+<script> |
+ async_test(t => { |
+ assert_blocked_image_in_document(t, document, "http://example.test:8000/resources/square.png?img-in-top-level"); |
+ }, "Image loaded in top-level blocked."); |
+ |
+ async_test(t => { |
+ window.addEventListener("message", t.step_func(e => { |
+ assert_equals(e.data, "blocked"); |
+ t.done(); |
+ })); |
+ |
+ window.open("data:text/html,<script>" + |
+ " var i = document.createElement('img');" + |
+ " i.onload = _ => opener.postMessage('loaded', '*');" + |
+ " i.onerror = _ => opener.postMessage('blocked', '*');" + |
+ " i.src = 'http://example.test:8000/resources/square.png?data-frame'" + |
+ "</scr" + "ipt>"); |
+ }, "Image loaded via data: window blocked."); |
+</script> |
+</body> |
+</html> |