file_iframe_sandbox_srcdoc.html

Enable keyboard shortcuts

<!DOCTYPE HTML>

<html>

<head>

  <meta charset="utf-8">

  <title>Bug 1073952 - CSP should restrict scripts in srcdoc iframe even if sandboxed</title>

</head>

<body>

<iframe srcdoc="<img src=x onerror='parent.postMessage({result: `unexpected-csp-violation`}, `*`);'>"

        sandbox="allow-scripts"></iframe>

</body>

</html>