| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'"> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| </script> |
| </head> |
| <body> |
| <p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p> |
| <div id="shadow-host"></div> |
| <script> |
| function runTest() |
| { |
| if (!window.testRunner || !window.internals) |
| return; |
| |
| var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host")); |
| var object = document.createElement("object"); |
| userAgentShadowRoot.appendChild(object); |
| |
| object.type = "text/html"; |
| object.onload = function () { |
| alert("PASS user agent object loaded."); |
| // The content document of the HTML object will call testRunner.notifyDone(). |
| } |
| object.data = "http://localhost:8000/resources/notify-done.html"; |
| } |
| |
| runTest(); |
| </script> |
| </body> |
| </html> |