| <!doctype html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <meta http-equiv="Content-Security-Policy" content="frame-src 'self'"> |
| <script> |
| async_test(t => { |
| var watcher = new EventWatcher(t, document, ['securitypolicyviolation']); |
| watcher |
| .wait_for('securitypolicyviolation') |
| .then(t.step_func(e => { |
| assert_equals(e.blockedURI, "http://localhost:8000", "The reported URL should be stripped."); |
| assert_equals(e.lineNumber, 21, "IFrame injected from script on this page."); |
| t.done(); |
| })); |
| |
| window.onmessage = t.unreached_func('No message should be sent from the frame.'); |
| window.onload = _ => { |
| var url = "http://localhost:8000/security/resources/post-done.html"; |
| var i = document.createElement('iframe'); |
| i.src = url; |
| document.body.appendChild(i); |
| }; |
| }, "The unredirected frame is blocked."); |
| </script> |