form-action-src-allowed.sub.html (1505B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';"> 7 <title>form-action-src-allowed</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["PASS","TEST COMPLETE"]'></script> 11 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 12 <script> 13 window.addEventListener('securitypolicyviolation', function(e) { 14 log('Fail'); 15 }); 16 window.addEventListener("message", function(event) { 17 log(event.data); 18 }, false); 19 window.addEventListener('load', function() { 20 setTimeout(function() { 21 document.getElementById('submit').click(); 22 log("TEST COMPLETE"); 23 }, 0); 24 }); 25 26 </script> 27 </head> 28 29 <body> 30 <iframe name="test_target" id="test_iframe"></iframe> 31 32 <form action="/common/redirect.py?location=/content-security-policy/support/postmessage-pass.html" id="theform" method="post" target="test_target"> 33 <input type="text" name="fieldname" value="fieldvalue"> 34 <input type="submit" id="submit" value="submit"> 35 </form> 36 <p>Tests that allowed form actions work correctly.</p> 37 <div id="log"></div> 38 </body> 39 40 </html>