test_block_all_mixed_content_frame_navigation.html (1410B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Bug 1122236 - CSP: Implement block-all-mixed-content</title> 6 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 7 <script src="/tests/SimpleTest/SimpleTest.js"></script> 8 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 9 </head> 10 <body> 11 <iframe style="width:100%;" id="testframe"></iframe> 12 13 <script class="testbody" type="text/javascript"> 14 15 /* Description of the test: 16 * 17 * http://a.com embeds https://b.com. 18 * https://b.com has a CSP using 'block-all-mixed-content'. 19 * | site | http://a.com 20 * | embeds | https://b.com (uses block-all-mixed-content) 21 * 22 * The user navigates the embedded frame from 23 * https://b.com -> http://c.com. 24 * The test makes sure that such a navigation is not blocked 25 * by block-all-mixed-content. 26 */ 27 28 function checkResults(result) { 29 is(result, "frame-navigated", "frame should be allowed to be navigated"); 30 window.removeEventListener("message", receiveMessage); 31 SimpleTest.finish(); 32 } 33 34 window.addEventListener("message", receiveMessage); 35 function receiveMessage(event) { 36 checkResults(event.data.result); 37 } 38 39 SimpleTest.waitForExplicitFinish(); 40 // http://a.com loads https://b.com 41 document.getElementById("testframe").src = 42 "https://example.com/tests/dom/security/test/csp/file_block_all_mixed_content_frame_navigation1.html"; 43 44 </script> 45 </body> 46 </html>