form-action-src-blocked.sub.html (1600B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';"> 7 <title>form-action-src-blocked</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["violated-directive=form-action","TEST COMPLETE"]'></script> 11 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 12 <script> 13 window.addEventListener('securitypolicyviolation', function(e) { 14 log('violated-directive=' + e.violatedDirective); 15 }); 16 window.addEventListener("message", function(event) { 17 alert_assert(event.data); 18 }, false); 19 window.addEventListener('load', function() { 20 setTimeout(function() { 21 document.getElementById('submit').click(); 22 }, 0); 23 }); 24 setTimeout(function() {log("TEST COMPLETE");}, 1); 25 26 </script> 27 </head> 28 29 <body> 30 <iframe name="test_target" id="test_iframe"></iframe> 31 <form action="/common/redirect.py?location=/content-security-policy/support/postmessage-fail.html" id="theform" method="post" target="test_target"> 32 <input type="text" name="fieldname" value="fieldvalue"> 33 <input type="submit" id="submit" value="submit"> 34 </form> 35 <p>Tests that blocking form actions works correctly.</p> 36 <div id="log"></div> 37 38 </body> 39 40 </html>