blob: c9d671fd745b450d4418c6450167c3a91c16b227 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Bug 1122236 - CSP: Implement block-all-mixed-content</title>
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe style="width:100%;" id="testframe"></iframe>
<script class="testbody" type="text/javascript">
/* Description of the test:
*
* http://a.com embeds https://b.com.
* https://b.com has a CSP using 'block-all-mixed-content'.
* | site | http://a.com
* | embeds | https://b.com (uses block-all-mixed-content)
*
* The user navigates the embedded frame from
* https://b.com -> http://c.com.
* The test makes sure that such a navigation is not blocked
* by block-all-mixed-content.
*/
function checkResults(result) {
is(result, "frame-navigated", "frame should be allowed to be navigated");
window.removeEventListener("message", receiveMessage, false);
SimpleTest.finish();
}
window.addEventListener("message", receiveMessage, false);
function receiveMessage(event) {
checkResults(event.data.result);
}
SimpleTest.waitForExplicitFinish();
// http://a.com loads https://b.com
document.getElementById("testframe").src =
"https://example.com/tests/dom/security/test/csp/file_block_all_mixed_content_frame_navigation1.html";
</script>
</body>
</html>
|