mirror of
https://github.com/servo/servo.git
synced 2025-09-30 00:29:14 +01:00
539ca27284
This follows the rules as defined in https://w3c.github.io/webappsec-csp/#security-inherit-csp where local iframes (about:blank and about:srcdoc) should initially start with the CSP rules of the parent. After that, all new CSP headers should only be set on the policy container of the iframe. Part of #36437 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
22 lines
807 B
INI
Vendored
22 lines
807 B
INI
Vendored
[to-javascript-parent-initiated-parent-csp.html]
|
|
expected: TIMEOUT
|
|
[Should not have executed the javascript url for\n iframe.contentWindow.location.href]
|
|
expected: TIMEOUT
|
|
|
|
[Should not have executed the javascript url for\n otherTab.location.href]
|
|
expected: NOTRUN
|
|
|
|
[Should not have executed the javascript url for\n area[target=iframe\].href]
|
|
expected: NOTRUN
|
|
|
|
[Should not have executed the javascript url for\n area[target=otherTab\].href]
|
|
expected: NOTRUN
|
|
|
|
[Should not have executed the javascript url for\n a[target=otherTab\].href]
|
|
expected: NOTRUN
|
|
|
|
[Should not have executed the javascript url for\n a[target=iframe\].href]
|
|
expected: NOTRUN
|
|
|
|
[Should not have executed the javascript url for\n iframe.src]
|
|
expected: NOTRUN
|