LayoutTests/imported/w3c/web-platform-tests/content-security-policy/frame-src/frame-src-same-document-meta.sub.html - WebKit - Git at Google

 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <html>
 <body></body>
 <script>
     async_test(async test => {
       // 1. Load an iframe (not blocked).
       let iframe = document.createElement("iframe");
       {
         iframe.name = "theiframe";
         iframe.src =
           "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?0";
         let iframeLoaded = new Promise(resolve => { iframe.onload = resolve });
         document.body.appendChild(iframe);
         await iframeLoaded;
       }

       // 2. Start blocking iframes using CSP frame-src 'none'.
       {
         let meta = document.createElement('meta');
         meta.httpEquiv = "Content-Security-Policy";
         meta.content = "frame-src 'none'";
         document.getElementsByTagName('head')[0].appendChild(meta);
       }

       // 3. Blocked same-document navigation using iframe.src.
       {
         let violation = new Promise(resolve => {
           window.addEventListener('securitypolicyviolation', () => resolve());
         });
         iframe.src =
           "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?1";
         await violation;
       }

       // 4. Blocked same-document navigation using window.open.
       {
         let violation = new Promise(resolve => {
           window.addEventListener('securitypolicyviolation', resolve);
         });
         window.open(
           "http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?2",
           "theiframe");
         await violation;
       }

       // 5. Regression test for https://crbug.com/1018385. The browser should
       // not crash while displaying the error page.
       await new Promise(resolve => window.setTimeout(resolve, 1000));

       test.done();
     }, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag");
 </script>
 </html>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<html>
	<body></body>
	<script>
	async_test(async test => {
	// 1. Load an iframe (not blocked).
	let iframe = document.createElement("iframe");
	{
	iframe.name = "theiframe";
	iframe.src =
	"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?0";
	let iframeLoaded = new Promise(resolve => { iframe.onload = resolve });
	document.body.appendChild(iframe);
	await iframeLoaded;
	}

	// 2. Start blocking iframes using CSP frame-src 'none'.
	{
	let meta = document.createElement('meta');
	meta.httpEquiv = "Content-Security-Policy";
	meta.content = "frame-src 'none'";
	document.getElementsByTagName('head')[0].appendChild(meta);
	}

	// 3. Blocked same-document navigation using iframe.src.
	{
	let violation = new Promise(resolve => {
	window.addEventListener('securitypolicyviolation', () => resolve());
	});
	iframe.src =
	"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?1";
	await violation;
	}

	// 4. Blocked same-document navigation using window.open.
	{
	let violation = new Promise(resolve => {
	window.addEventListener('securitypolicyviolation', resolve);
	});
	window.open(
	"http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/frame-src/support/frame.html?2",
	"theiframe");
	await violation;
	}

	// 5. Regression test for https://crbug.com/1018385. The browser should
	// not crash while displaying the error page.
	await new Promise(resolve => window.setTimeout(resolve, 1000));

	test.done();
	}, "Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag");
	</script>
	</html>