sandboxed-blob-scheme.html (712B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <script nonce="abc" src="/resources/testharness.js"></script> 6 <script nonce="abc" src="/resources/testharnessreport.js"></script> 7 </head> 8 9 <body> 10 <script nonce='abc'> 11 var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>"; 12 var blob = new Blob([blob_string], {type : 'text/html'}); 13 var url = URL.createObjectURL(blob); 14 15 var i = document.createElement('iframe'); 16 i.src = url; 17 i.sandbox = "allow-scripts"; 18 document.body.appendChild(i); 19 </script> 20 <script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script> 21 </body> 22 23 </html>