file_data_csp_inheritance.html (807B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP</title> 5 <meta charset="utf-8"> 6 <meta http-equiv="Content-Security-Policy" content= "img-src 'none'"/> 7 </head> 8 <body> 9 <iframe id="dataFrame" src="data:text/html,<body>should inherit csp</body>"></iframe> 10 11 <script type="application/javascript"> 12 // get the csp in JSON notation from the principal 13 var frame = document.getElementById("dataFrame"); 14 frame.onload = function () { 15 var contentDoc = SpecialPowers.wrap(frame).contentDocument; 16 var cspOBJ = JSON.parse(contentDoc.cspJSON); 17 // make sure we got >>one<< policy 18 var policies = cspOBJ["csp-policies"]; 19 window.parent.postMessage({result: policies.length}, "*"); 20 } 21 </script> 22 23 </body> 24 </html>