Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!-- This tests a bug that can occur when content layer CSP is not told
about the CSP inherited from the parent document which leads to it not
applying it to content layer CSP checks (such as frame-src with
PlzNavigate on).
Also see -->
<script src='/resources/testharness.js'></script>
<script src='/resources/testharnessreport.js'></script>
var t = async_test("iframe still inherits correct CSP");
window.onmessage = t.step_func_done(function(e) {
assert_equals(, "frame-src");
function doDocWrite() {
x = document.getElementById('x');
x.location = "";
// While document.write is deprecated I did not find another way to reproduce
// the original exploit.
'<script>window.addEventListener("securitypolicyviolation", function(e) {' +
', "*");' +
'});</scr' + 'ipt>' +
'<iframe src="../support/fail.html"></iframe>'
var s = document.createElement('script');
s.async = true;
s.defer = true;
s.src = '../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-src%20%27none%27';
<iframe id="x" onload="doDocWrite()" srcdoc="<a href='about:blank'>123</a>"></iframe>