| OLD | NEW |
|---|
| (Empty) | |
| 1 <meta http-equiv="Content-Security-Policy" content="suborigin foobar"> |
| 2 <script> |
| 3 if (window.testRunner) { |
| 4 testRunner.waitUntilDone(); |
| 5 testRunner.dumpAsText(); |
| 6 } |
| 7 |
| 8 function iframeLoaded() { |
| 9 var iframe = document.getElementById('iframe'); |
| 10 try { |
| 11 var secret = iframe.contentWindow.secret; |
| 12 alert("PASS: Secret is '" + secret + "'."); |
| 13 } catch(e) { |
| 14 alert('FAIL: Prevented from accessing the content of the iframe in the s
ame suborigin.'); |
| 15 } |
| 16 testRunner.notifyDone(); |
| 17 } |
| 18 </script> |
| 19 <p> |
| 20 This tests whether a frame in a can access secrets in a frame in the same subori
gin. |
| 21 </p> |
| 22 <iframe onload="iframeLoaded();" id="iframe" src="resources/suborigin.php?subori
gin=foobar"></iframe> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27073003:
CSP Suborigins
Base URL: https://chromium.googlesource.com/chromium/blink.git@master