Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..0d4a1117633be14b6680a5a66e632878560c4b99 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html |
@@ -0,0 +1,20 @@ |
+<!DOCTYPE html> |
+<script src="/resources/testharness.js"></script> |
+<script src="/resources/testharnessreport.js"></script> |
+<script src="./resources/testharness-helper.js"></script> |
+ |
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'"> |
+<script> |
+ async_test(t => { |
+ waitUntilCSPEventForURL(t, "https://evil.com/img.png") |
+ .then(t.step_func_done(e => { |
+ var u = new URL(e.documentURI); |
+ assert_equals(u.hash, ""); |
+ })); |
+ |
+ window.location.hash = "should-not-appear-in-report"; |
+ |
+ var i = document.createElement("img"); |
+ i.src = "https://evil.com/img.png#boo"; |
+ }, "Reported document URI does not contain fragments."); |
+</script> |