File: javascript_src_allowed-window_open.html

package info (click to toggle)

firefox-esr 91.13.0esr-1~deb11u1

links: PTS, VCS
area: main
in suites: bullseye
size: 3,375,652 kB
sloc: cpp: 5,762,054; javascript: 5,481,714; ansic: 3,121,191; python: 851,492; asm: 331,172; xml: 178,949; java: 155,554; sh: 63,704; makefile: 20,127; perl: 12,825; yacc: 4,583; cs: 3,846; objc: 3,026; lex: 1,720; exp: 762; pascal: 635; php: 436; lisp: 260; awk: 231; ruby: 103; sed: 53; sql: 46; csh: 45

file content (29 lines) | stat: -rw-r--r-- 923 bytes

parent folder | download | duplicates (28)

<!DOCTYPE HTML>
<html>

<head>
    <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-hashes' 'nonce-abc'
    'sha256-IIiAJ8UuliU8o1qAv6CV4P3R8DeTf/v3MrsCwXW171Y=';">
    <!--
    'sha256-IIiAJ8UuliU8o1qAv6CV4P3R8DeTf/v3MrsCwXW171Y=' ==> 'javascript:opener.postMessage('pass', '*')'
    -->
    <script src='/resources/testharness.js' nonce='abc'></script>
    <script src='/resources/testharnessreport.js' nonce='abc'></script>
</head>

<body>
    <div id='log'></div>
    <script nonce='abc'>
        var t1 = async_test("Test that the javascript: src is allowed to run");

        window.onmessage = t1.step_func_done(function(e) {
          assert_equals(e.data, "pass");
        });

        window.addEventListener('securitypolicyviolation', t1.unreached_func("Should have not raised any event"));

        window.open("javascript:opener.postMessage('pass', '*')");
    </script>
</body>

</html>