servo/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini at debugger-notify-sources - Mirrors/servo - Forgejo

Mirrors/servo

mirror of https://github.com/servo/servo.git synced 2025-08-09 23:45:35 +01:00

Tim van der Lippe ed469fe72f

Propagate destination through load_data (#37020 )

This way, we don't always set the destination to Document (which is as
the spec is written today). Instead, we set it it in the load_data,
depending on which context we load it from.

Doing so allows us to set the `Destination::IFrame` for navigations in
iframes, enabling all frame-related CSP checks.

While we currently block iframes when `frame-src` or `child-src` is set,
their respective tests don't pass yet. That's because we don't yet
handle the cases
where we fire the correct `load` event.

Also update one WPT test to correctly fail, rather than erroring. That's
because it was using the wrong JS test variable.

Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>

2025-05-17 08:22:11 +00:00

4 lines

156 B

INI

Vendored

Raw Permalink Blame History

 [frame-src-cross-origin-same-document-navigation.window.html]
   expected: TIMEOUT
   [frame-src-cross-origin-same-document-navigation]
     expected: TIMEOUT