mirror of
https://github.com/servo/servo.git
synced 2025-07-13 18:33:40 +01:00
34 lines
1.3 KiB
HTML
34 lines
1.3 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
|
|
<head>
|
|
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
|
<title>form-action-src-javascript-blocked</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src='../support/logTest.sub.js?logs=["TEST COMPLETE"]'></script>
|
|
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
|
<!-- enforcing policy:
|
|
form-action 'none'; script-src 'self' 'nonce-noncynonce'; connect-src 'self';
|
|
-->
|
|
<script nonce='noncynonce'>
|
|
window.addEventListener('load', function() {
|
|
setTimeout(function() {
|
|
document.getElementById('submit').click();
|
|
log("TEST COMPLETE");
|
|
}, 0);
|
|
});
|
|
</script>
|
|
</head>
|
|
|
|
<body>
|
|
<form action="javascript:alert_assert("FAIL!")" id="theform" method="post">
|
|
<input type="text" name="fieldname" value="fieldvalue">
|
|
<input type="submit" id="submit" value="submit">
|
|
</form>
|
|
<p>Tests that blocking form actions works correctly. If this test passes, a CSP violation will be generated, and will not see a JavaScript alert.</p>
|
|
<div id="log"></div>
|
|
<script async defer src="../support/checkReport.sub.js?reportExists=true"></script>
|
|
</body>
|
|
|
|
</html>
|