form-action-self-allowed-target-blank.html (1017B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <meta http-equiv="Content-Security-Policy" content="form-action 'self'"> 8 </head> 9 10 <body> 11 <form action='/content-security-policy/support/postmessage-pass-to-opener.html' 12 id='form_id' 13 target="_blank" 14 rel="opener"> 15 </form> 16 17 <p> 18 Test that "form-action 'self'" works correctly when the form uses 19 target="_blank". If this test passes, a new window must open after pressing 20 "submit". 21 </p> 22 </body> 23 24 <script> 25 async_test(t => { 26 document.addEventListener('securitypolicyviolation', function(e) { 27 t.unreached_func("Form submission was blocked."); 28 }); 29 30 window.addEventListener('message', function(event) { 31 t.done(); 32 }) 33 34 window.addEventListener("load", function() { 35 document.getElementById("form_id").submit(); 36 }); 37 }, "The form submission should not be blocked by the iframe's CSP."); 38 </script> 39 40 </html>