form-action-src-allowed-target-frame.sub.html (1052B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>form-action-src-allowed-target-frame</title> 5 <meta http-equiv="Content-Security-Policy" content="form-action 'self'"> 6 <script src="/resources/testharness.js"></script> 7 <script src="/resources/testharnessreport.js"></script> 8 <script> 9 function OnDocumentLoaded() { 10 let test = async_test("form submission targetting a frame allowed"); 11 window.addEventListener("message", function(event) { 12 if (event.data == "DocumentNotBlocked") { 13 test.done(); 14 } 15 }); 16 17 let form = document.getElementById("form"); 18 form.action = 19 "/content-security-policy/form-action/support/post-message-to-parent.sub.html"; 20 21 let submit = document.getElementById("submit"); 22 submit.click(); 23 } 24 </script> 25 </head> 26 <body onload="OnDocumentLoaded();"> 27 <form id="form" method="GET" target="frame"> 28 <input type="hidden" name="message" value="DocumentNotBlocked"> 29 <input type="submit" id="submit"> 30 </form> 31 <iframe name="frame"></iframe> 32 </body> 33 </html>