navigate-parent-to-blob.html (593B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'"> 5 </head> 6 <body> 7 <script> 8 const blob_payload = ` 9 <!doctype html> 10 <script> 11 var i = false; 12 try { 13 eval('i = true'); 14 } catch {} 15 opener.postMessage(i ? "eval allowed" : "eval blocked", '*'); 16 </scr` + `ipt> 17 `; 18 var blob_url = URL.createObjectURL( 19 new Blob([blob_payload], { type: 'text/html' })); 20 parent.location = blob_url; 21 </script> 22 </body> 23 </html>