Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..b5f08743674e416ddb188ce2e1bd9e76011fa3db |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html |
@@ -0,0 +1,61 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+ <script src="/resources/testharness.js"></script> |
+ <script src="/resources/testharnessreport.js"></script> |
+ <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></script> |
+ <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8000 http://example.test:8000"> |
+</head> |
+<body> |
+<script> |
+ // The filesystem test takes some nesting to setup: |
+ setup({explicit_done: true}); |
+ |
+ async_test(t => { |
+ assert_allowed_image_in_document(t, document, "http://127.0.0.1:8000/resources/square.png?top-level"); |
+ assert_allowed_image_in_document(t, document, "http://example.test:8000/resources/square.png?top-level"); |
+ }, "Policy applied in top-level."); |
+ |
+ async_test(t => { |
+ var w = window.open(); |
+ w.document.head.innerHTML = "<meta http-equiv='content-security-policy' content='img-src http://127.0.0.1:8000'>"; |
+ assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/resources/square.png?blank-frame"); |
+ assert_blocked_image_in_document(t, w.document, "http://example.test:8000/resources/square.png?blank-frame"); |
+ }, "Image loaded via about:blank window blocked."); |
+ |
+ async_test(t => { |
+ var b = new Blob([], {type: "text/html"}); |
+ var w = window.open(URL.createObjectURL(b)); |
+ w.onload = _ => { |
+ w.document.head.innerHTML = "<meta http-equiv='content-security-policy' content='img-src http://127.0.0.1:8000'>"; |
+ assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/resources/square.png?blob-frame"); |
+ assert_blocked_image_in_document(t, w.document, "http://example.test:8000/resources/square.png?blob-frame"); |
+ }; |
+ }, "Image loaded via 'blob:' window blocked."); |
+ |
+ async_test(t => { |
+ window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => { |
+ fs.root.getFile('worker.js', { create: true }, entry => { |
+ entry.createWriter(w => { |
+ w.onwriteend = _ => { |
+ var w = window.open(entry.toURL()); |
+ w.onload = _ => { |
+ w.document.head.innerHTML = "<meta http-equiv='content-security-policy' content='img-src http://127.0.0.1:8000'>"; |
+ assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/resources/square.png?filesystem-frame"); |
+ assert_blocked_image_in_document(t, w.document, "http://example.test:8000/resources/square.png?filesystem-frame"); |
+ }; |
+ |
+ // explicit_done: yay. |
+ done(); |
+ }; |
+ w.onerror = t.unreached_func(); |
+ |
+ var b = new Blob([], {type: "text/html"}); |
+ w.write(b); |
+ }); |
+ }); |
+ }); |
+ }, "Image loaded via 'filesystem:' window blocked."); |
+</script> |
+</body> |
+</html> |