| <!DOCTYPE html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <meta http-equiv="Content-Security-Policy" content="blabla"> |
| <body> |
| <div id="target"></div> |
| <div id="probe"></div> |
| <script> |
| test(t => { |
| // Regression test for crbug.com/1030830. (Should work in any browser, though.) |
| // |
| // The top-level doc has a CSP that doesn't do anything interesting. We'll |
| // parse a doc and create an iframe with an embedded CSP, and will ensure that |
| // the CSP applies to the frame, but not the top-level doc. |
| const target = document.getElementById("target"); |
| const probe = document.getElementById("probe"); |
| probe.innerHTML = "probe"; |
| |
| const doc = new DOMParser().parseFromString(` |
| <body><div id="probe"></div></body>"`, "text/html"); |
| probe.innerHTML = "probe"; |
| |
| const frame = document.createElement("iframe"); |
| frame.src = `data:text/html;${encodeURI(doc.documentElement.outerHTML)}`; |
| frame.id = "frame"; |
| target.appendChild(frame); |
| const frame_probe = document.getElementById("frame").contentDocument.getElementById("probe"); |
| probe.innerHTML = "probe"; |
| assert_throws_js(TypeError, _ => { frame_probe.innnerHTML = "probe" }); |
| }, "Regression test for TT changes to parseFromString."); |
| </script> |
| </body> |
