Skip to content

Commit

Permalink
change <to-javascript-parent-initiated-parent-csp.html> to create sec…
Browse files Browse the repository at this point in the history 
…uritypolicyviolation event on javascript URL execution.

Previously, the securitypolicyviolation was created because an inline
event handler was attempted to be executed. The inline event handler's
code didn't matter.

Differential Revision: https://phabricator.services.mozilla.com/D222424

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1919229
gecko-commit: 4349180baf89c9539fb7b7d77ab1be3a4feb2353
gecko-reviewers: tschuster
  • Loading branch information
@mbrodesser-Igalia @moz-wptsync-bot
mbrodesser-Igalia authored and moz-wptsync-bot committed Sep 19, 2024
1 parent 07506cf commit e872f92
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,20 @@
</head>
<body>
<iframe src="support/frame-with-csp.sub.html"></iframe>
<div onclick="frames[0].location.href = 'javascript:parent.postMessage(\'executed\', \'*\')'" id="special_div"></div>
<script nonce='abc'>
var t = async_test("Should not have executed the javascript url");

frames[0].addEventListener('load', () => {
window.onmessage = t.step_func(function(e) {
if (e.data == "executed")
assert_true(false, "Javascript url executed");
});
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
assert_equals(e.blockedURI, 'inline');
assert_equals(e.violatedDirective, 'script-src-attr');
assert_equals(e.violatedDirective, 'script-src-elem');
}));
document.getElementById('special_div').click();

frames[0].location.href = "javascript:parent.postMessage('executed', '*')";
});
</script>
</body>

0 comments on commit e872f92

Please sign in to comment.