csp.https.html (1397B)
1 <!DOCTYPE html> 2 <title>Test Content Security Policy</title> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="resources/utils.js"></script> 6 <script src="/common/utils.js"></script> 7 8 <body> 9 10 <script> 11 promise_test(async () => { 12 const csp_key = token(); 13 14 // The 'csp' property does not appear in the IDL definition for 15 // fenced frames, so ensure that the 'csp' property didn't 16 // leak over from the IFrame prototype. 17 assert_equals(HTMLFencedFrameElement.prototype.hasOwnProperty('csp'), 18 false); 19 20 const new_frame = document.createElement('fencedframe'); 21 const new_config = new FencedFrameConfig(generateURL( 22 "resources/csp-inner.html", 23 [csp_key])); 24 new_frame.config = new_config; 25 26 // This attribute will be ignored since the IDL for 27 // fenced frames do not support the 'csp' attribute. 28 new_frame.setAttribute("csp", "style-src 'none';"); 29 document.body.append(new_frame); 30 31 // Get the result for the top-level fenced frame. 32 const fenced_frame_result = await nextValueFromServer(csp_key); 33 assert_equals(fenced_frame_result, "pass"); 34 35 }, "Fenced Frames should not honor the csp attribute from parent page"); 36 </script> 37 38 </body> 39 </html>