<!DOCTYPE html>
<html>
<head>
<title>form-action-src-allowed-target-frame</title>
<meta http-equiv="Content-Security-Policy" content="form-action 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
function OnDocumentLoaded() {
let test = async_test("form submission targetting a frame allowed");
window.addEventListener("message", function(event) {
if (event.data == "DocumentNotBlocked") {
test.done();
}
});
let form = document.getElementById("form");
form.action =
"/content-security-policy/form-action/support/post-message-to-parent.sub.html";
let submit = document.getElementById("submit");
submit.click();
}
</script>
</head>
<body onload="OnDocumentLoaded();">
<form id="form" method="GET" target="frame">
<input type="hidden" name="message" value="DocumentNotBlocked">
<input type="submit" id="submit">
</form>
<iframe name="frame"></iframe>
</body>
</html>
Codebase Browser
chromium