diff options
Diffstat (limited to 'browser/components/sessionstore/test/browser_911547_sample.html')
| -rw-r--r-- | browser/components/sessionstore/test/browser_911547_sample.html | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/browser/components/sessionstore/test/browser_911547_sample.html b/browser/components/sessionstore/test/browser_911547_sample.html new file mode 100644 index 000000000..ccc201159 --- /dev/null +++ b/browser/components/sessionstore/test/browser_911547_sample.html @@ -0,0 +1,19 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset="utf-8"> + <title>Test 911547</title> + </head> +<body> + + <!-- + this element gets modified by an injected script; + that script should be blocked by CSP. + Inline scripts can modify it, but not data uris. + --> + <input type="text" id="test_id" value="ok"> + + <a id="test_data_link" href="data:text/html;charset=utf-8,<input type='text' id='test_id2' value='ok'/> <script>document.getElementById('test_id2').value = 'fail';</script>">Test Link</a> + +</body> +</html> |