<?php | |
if ($_GET["report-only"]) { | |
header("Content-Security-Policy-Report-Only: sandbox " . $_GET["sandbox"]); | |
} else { | |
header("Content-Security-Policy: sandbox " . $_GET["sandbox"]); | |
} | |
?> | |
<!DOCTYPE html> | |
<p>Ready</p> | |
<script> | |
alert("Script executed in iframe."); | |
window.secret = "I am a secret"; | |
</script> |