File: csp-fenced-frame-src-blocked.https.html

package info (click to toggle)

firefox-esr 140.4.0esr-1~deb13u1

links: PTS, VCS
area: main
in suites: trixie
size: 4,539,284 kB
sloc: cpp: 7,381,286; javascript: 6,388,710; ansic: 3,710,139; python: 1,393,780; xml: 628,165; asm: 426,916; java: 184,004; sh: 65,742; makefile: 19,302; objc: 13,059; perl: 12,912; yacc: 4,583; cs: 3,846; pascal: 3,352; lex: 1,720; ruby: 1,226; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10

file content (37 lines) | stat: -rw-r--r-- 1,311 bytes

parent folder | download | duplicates (18)

<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="fenced-frame-src 'none'">
<title>Test Content-Security-Policy fenced-frame-src</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>

<body>
<script>
const key = token();

window.addEventListener('securitypolicyviolation', function(e) {
  // Write to the server even though the listener is in the same file in the
  // test below.
  writeValueToServer(key, e.violatedDirective + ";" + e.blockedURI);
});

promise_test(async () => {
  attachFencedFrame(generateURL(
      "resources/csp-fenced-frame-src-blocked-inner.html",
      [key]));
  const result = await nextValueFromServer(key);

  const expected_blocked_uri = generateURL(
      "resources/csp-fenced-frame-src-blocked-inner.html",
      [key]).toString();
  assert_equals(result, "fenced-frame-src;" + expected_blocked_uri,
                "The fenced frame is blocked because of CSP violation");
}, "csp-fenced-frame-src-blocked");

promise_test(async () => {
  assert_false(navigator.canLoadAdAuctionFencedFrame());
}, "fenced-frame-src none is taken into account with " +
   "navigator.canLoadAdAuctionFencedFrame");
</script>
</body>