form-action-src-get-blocked.sub.html (1619B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="form-action 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';"> 7 <title>form-action-src-allowed</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["violated-directive=form-action","TEST COMPLETE"]'></script> 11 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 12 <script> 13 window.addEventListener('securitypolicyviolation', function(e) { 14 log('violated-directive=' + e.violatedDirective); 15 }); 16 window.addEventListener("message", function(event) { 17 alert_assert(event.data); 18 }, false); 19 window.addEventListener('load', function() { 20 setTimeout(function() { 21 document.getElementById('submit').click(); 22 log("TEST COMPLETE"); 23 }, 0); 24 }); 25 26 </script> 27 </head> 28 29 <body> 30 <iframe name="test_target" id="test_iframe"></iframe> 31 32 <form action="/common/redirect.py?location=/content-security-policy/support/postmessage-fail.html" id="theform" method="get" target="test_target"> 33 <input type="text" name="fieldname" value="fieldvalue"> 34 <input type="submit" id="submit" value="submit"> 35 </form> 36 <p>Tests that disallowed form actions are blocked 37 with GET and redirects.</p> 38 <div id="log"></div> 39 "></script> 40 </body> 41 42 </html>