| <!DOCTYPE html> |
| <html> |
| <head> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.dumpChildFramesAsText(); |
| testRunner.dumpFrameLoadCallbacks(); |
| testRunner.setCanOpenWindows(); |
| testRunner.setCloseRemainingWindowsWhenComplete(true); |
| testRunner.waitUntilDone(); |
| |
| // FIXME: For some reason a SecurityPolicyViolation event is not dispatched in frame-with-insecure-iframe.html (why?). |
| // So, dump-securitypolicyviolation-and-notify-done.js loaded by frame-with-insecure-iframe.html will never call |
| // testRunner.notifyDone(). For now we do not call testRunner.waitUntilDone() and instead wait a fixed timeout :( |
| window.setTimeout(function () { |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| }, 500); |
| } |
| |
| window.addEventListener("message", function (messageEvent) { |
| document.getElementById("console").textContent = messageEvent.data + "\n"; |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| }, false); |
| </script> |
| </head> |
| <body> |
| <p>This test opens a window and loads an insecure iframe. We should trigger a |
| mixed content block because the main frame in the window has CSP directive block-all-mixed-content.</p> |
| <pre id="console"></pre> |
| <script> |
| window.setTimeout(function() { |
| window.open("https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-iframe.html"); |
| }, 0); |
| </script> |
| </body> |
| </html> |
