| OLD | NEW |
|---|
| 1 <!DOCTYPE HTML> | 1 <!DOCTYPE HTML> |
| 2 <html> | 2 <html> |
| 3 | 3 |
| 4 <head> | 4 <head> |
| 5 <meta charset="utf-8"> | 5 <meta http-equiv="Content-Security-Policy" content="base-uri {{location[sche
me]}}://{{domains[]}}:{{ports[http][0]}}/base/"> |
| 6 |
| 6 <title>base-uri works correctly inside a sandboxed iframe.</title> | 7 <title>base-uri works correctly inside a sandboxed iframe.</title> |
| 7 <script src='/resources/testharness.js'></script> | 8 <script src='/resources/testharness.js'></script> |
| 8 <script src='/resources/testharnessreport.js'></script> | 9 <script src='/resources/testharnessreport.js'></script> |
| 9 | |
| 10 <!-- CSP served: base-uri 'self' --> | |
| 11 </head> | 10 </head> |
| 12 | 11 |
| 13 <body> | 12 <body> |
| 14 <h1>base-uri works correctly inside a sandboxed iframe.</h1> | 13 <h1>base-uri works correctly inside a sandboxed iframe.</h1> |
| 15 <div id='log'></div> | 14 <div id='log'></div> |
| 16 | 15 |
| 17 <script> | 16 <script> |
| 18 window.addEventListener('securitypolicyviolation', function(e) { | 17 window.addEventListener('securitypolicyviolation', function(e) { |
| 19 assert_unreached('No CSP violation report has fired.'); | 18 assert_unreached('No CSP violation report should have been fired.'); |
| 20 }); | 19 }); |
| 21 | 20 |
| 22 async_test(function(t) { | 21 async_test(function(t) { |
| 23 var i = document.createElement('iframe'); | 22 var i = document.createElement('iframe'); |
| 24 i.sandbox = 'allow-scripts'; | 23 i.sandbox = 'allow-scripts'; |
| 25 i.style.display = 'none'; | 24 i.style.display = 'none'; |
| 26 i.srcdoc = ` | 25 i.srcdoc = ` |
| 27 <script> | 26 <script> |
| 28 window.addEventListener('securitypolicyviolation', function() { | 27 window.addEventListener('securitypolicyviolation', function() { |
| 29 top.postMessage('FAIL', '*'); | 28 top.postMessage('FAIL', '*'); |
| 30 }); | 29 }); |
| 31 </sc` + `ript> | 30 </sc` + `ript> |
| 32 <base href="{{location[scheme]}}://{{domains[]}}:{{ports[http][0]}}/
base/"> | 31 <base href="{{location[scheme]}}://{{domains[]}}:{{ports[http][0]}
}/base/"> |
| 33 <script> | 32 <script> |
| 34 top.postMessage(document.baseURI, '*'); | 33 top.postMessage(document.baseURI, '*'); |
| 35 </sc` + `ript>`; | 34 </sc` + `ript>`; |
| 36 | 35 |
| 37 window.addEventListener('message', t.step_func(function(e) { | 36 window.addEventListener('message', t.step_func(function(e) { |
| 38 if (e.source === i.contentWindow) { | 37 if (e.source === i.contentWindow) { |
| 39 assert_equals(e.data, location.origin + '/base/'); | 38 assert_equals(e.data, location.origin + '/base/'); |
| 40 t.done(); | 39 t.done(); |
| 41 } | 40 } |
| 42 })); | 41 })); |
| 43 | 42 |
| 44 document.body.appendChild(i); | 43 document.body.appendChild(i); |
| 45 }, 'base-uri \'self\' works with same-origin sandboxed iframes.'); | 44 }, 'base-uri \'self\' works with same-origin sandboxed iframes.'); |
| 46 | 45 |
| 47 async_test(function(t) { | 46 async_test(function(t) { |
| 48 var i = document.createElement('iframe'); | 47 var i = document.createElement('iframe'); |
| 49 i.sandbox = 'allow-scripts'; | 48 i.sandbox = 'allow-scripts'; |
| 50 i.style.display = 'none'; | 49 i.style.display = 'none'; |
| 51 i.srcdoc = ` | 50 i.srcdoc = ` |
| (...skipping 19 matching lines...) Expand all Loading... |
| 71 } | 70 } |
| 72 })); | 71 })); |
| 73 | 72 |
| 74 document.body.appendChild(i); | 73 document.body.appendChild(i); |
| 75 }, 'base-uri \'self\' blocks foreign-origin sandboxed iframes.'); | 74 }, 'base-uri \'self\' blocks foreign-origin sandboxed iframes.'); |
| 76 </script> | 75 </script> |
| 77 | 76 |
| 78 </body> | 77 </body> |
| 79 | 78 |
| 80 </html> | 79 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2890763002:
Un-skipped wpt/content-security-policy/base-uri (Closed)
