iframe-srcdoc-inheritance.html (1241B)
1 <!DOCTYPE html> 2 <head> 3 <meta http-equiv="Content-Security-Policy" content="img-src 'self'"> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 </head> 7 <body> 8 <script> 9 var t1 = async_test("First image should be blocked"); 10 var t2 = async_test("Second image should be blocked"); 11 window.onmessage = t1.step_func_done(function(e) { 12 if (e.data == "img blocked") { 13 frames[0].frames[0].frameElement.srcdoc = 14 `<script> 15 window.addEventListener('securitypolicyviolation', function(e) { 16 if (e.violatedDirective == 'img-src') { 17 top.postMessage('img blocked', '*'); 18 } 19 }) 20 </scr` + `ipt> 21 <img src='/content-security-policy/support/fail.png' 22 onload='top.postMessage("img loaded", "*")'/>`; 23 window.onmessage = t2.step_func_done(function(e) { 24 if (e.data != "img blocked") 25 assert_true(false, "The second image should have been blocked"); 26 }); 27 } else { 28 assert_true(false, "The first image should have been blocked"); 29 } 30 }); 31 </script> 32 <iframe src="support/srcdoc-child-frame.html"></iframe> 33 </body> 34 </html>