<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>Bug 1073952 - CSP should restrict scripts in srcdoc iframe even if sandboxed</title>
</head>
<body>
<iframe srcdoc="<img src=x onerror='parent.postMessage({result: `unexpected-csp-violation`}, `*`);'>"
        sandbox="allow-scripts"></iframe>
</body>
</html>