csp-inner.html (1032B)
1 <!DOCTYPE html> 2 <script src="utils.js"></script> 3 4 <style> 5 body {background-color: red;} 6 </style> 7 8 <title>Fenced frame content to test Content Security Policies</title> 9 10 <body> 11 <script> 12 const [csp_key] = parseKeylist(); 13 14 function fail() { 15 writeValueToServer(csp_key, 16 "FAIL: img-src policy was not honored in fenced frame"); 17 } 18 19 function pass() { 20 // The parent page is going to attempt to pass a 21 // style-src: 'none' CSP to the fenced frame. Make sure that 22 // the header is not honored. 23 const bgcolor = window.getComputedStyle(document.body, null) 24 .getPropertyValue('background-color'); 25 26 if (bgcolor != "rgb(255, 0, 0)") { 27 writeValueToServer(csp_key, 28 "FAIL: style-src policy was passed to fenced frame"); 29 return; 30 } 31 32 writeValueToServer(csp_key, "pass"); 33 } 34 </script> 35 <img src="csp.png" id="my_img" onload="fail();" onerror="pass();"> 36 </body> 37 </html>