Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /content-security-policy/frame-src/frame-src-same-document-meta.sub.html - WPT Dashboard Interop Dashboard
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<html>
<body></body>
<script>
promise_test(async test => {
// 1. Load an iframe (not blocked).
let iframe = document.createElement("iframe");
{
iframe.name = "theiframe";
iframe.src =
let iframeLoaded = new Promise(resolve => { iframe.onload = resolve });
document.body.appendChild(iframe);
await iframeLoaded;
}
// 2. Start blocking iframes using CSP frame-src 'none'.
{
let meta = document.createElement('meta');
meta.httpEquiv = "Content-Security-Policy";
meta.content = "frame-src 'none'";
document.getElementsByTagName('head')[0].appendChild(meta);
}
// 3. Blocked same-document navigation using iframe.src.
{
let violation = new Promise(resolve => {
window.addEventListener('securitypolicyviolation', () => resolve());
});
iframe.src =
await violation;
}
// 4. Blocked same-document navigation using window.open.
{
let violation = new Promise(resolve => {
window.addEventListener('securitypolicyviolation', resolve);
});
window.open(
"theiframe");
await violation;
}
// not crash while displaying the error page.
await new Promise(resolve => window.setTimeout(resolve, 1000));
}, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag");
</script>
</html>