tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

csp-fenced-frame-src-blocked.https.html (1311B)

      1 <!DOCTYPE html>
      2 <meta http-equiv="Content-Security-Policy" content="fenced-frame-src 'none'">
      3 <title>Test Content-Security-Policy fenced-frame-src</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="resources/utils.js"></script>
      7 <script src="/common/utils.js"></script>
      8 
      9 <body>
     10 <script>
     11 const key = token();
     12 
     13 window.addEventListener('securitypolicyviolation', function(e) {
     14  // Write to the server even though the listener is in the same file in the
     15  // test below.
     16  writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI);
     17 });
     18 
     19 promise_test(async () => {
     20  attachFencedFrame(generateURL(
     21      "resources/csp-fenced-frame-src-blocked-inner.html",
     22      [key]));
     23  const result = await nextValueFromServer(key);
     24 
     25  const expected_blocked_uri = generateURL(
     26      "resources/csp-fenced-frame-src-blocked-inner.html",
     27      [key]).toString();
     28  assert_equals(result, "fenced-frame-src;" + expected_blocked_uri,
     29                "The fenced frame is blocked because of CSP violation");
     30 }, "csp-fenced-frame-src-blocked");
     31 
     32 promise_test(async () => {
     33  assert_false(navigator.canLoadAdAuctionFencedFrame());
     34 }, "fenced-frame-src none is taken into account with " +
     35   "navigator.canLoadAdAuctionFencedFrame");
     36 </script>
     37 </body>