Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /content-security-policy/blob/frame-src-blob-matches-blob.sub.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; frame-src blob:;">
<title>frame-src-blob-matches-blob</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src='../support/logTest.sub.js?logs=["PASS (1/1)"]'></script>
<script src='../support/alertAssert.sub.js?alerts=[]'></script>
</head>
<body>
<p>
blob: URLs should match if the blob: scheme is explicitly specified in the frame-src directive.
</p>
<script>
window.addEventListener('securitypolicyviolation', function(e) {
log("FAIL");
});
var b = new Blob(['<html><body></body></html>'], {
type: 'text/html'
});
var iframe = document.createElement('iframe');
iframe.src = URL.createObjectURL(b);
iframe.onload = function() {
log("PASS (1/1)");
};
document.body.appendChild(iframe);
</script>
<div id="log"></div>
</body>
</html>