CSP: Strip the fragment from reported URLs.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html
new file mode 100644
index 0000000000000000000000000000000000000000..0d4a1117633be14b6680a5a66e632878560c4b99
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-strips-fragment.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./resources/testharness-helper.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+<script>
+  async_test(t => {
+    waitUntilCSPEventForURL(t, "https://evil.com/img.png")
+      .then(t.step_func_done(e => {
+        var u = new URL(e.documentURI);
+        assert_equals(u.hash, "");
+      }));
+
+    window.location.hash = "should-not-appear-in-report";
+
+    var i = document.createElement("img");
+    i.src = "https://evil.com/img.png#boo";
+  }, "Reported document URI does not contain fragments.");
+</script>