| <!DOCTYPE html> |
| <html> |
| <head> |
| <script> |
| if (window.testRunner) |
| testRunner.waitUntilDone(); |
| </script> |
| </head> |
| <body> |
| <p>This test loads a secure iframe that loads an insecure image inside a blob URL iframe. |
| A blob URL created in a secure context is considered secure. We should trigger a mixed content |
| block because the blob URL grandchild iframe inherited the CSP directive block-all-mixed-content |
| from the child frame. This test PASSED if the grandchild iframe is filled solid green. |
| Otherwise, it FAILED.</p> |
| <iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image-in-blob-url-iframe.html" width="100%" height="300"></iframe> |
| </body> |
| </html> |