Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/xmlhttprequest-protected-resource-does-not-crash.html 

<!DOCTYPE html>
<html>
  <head>
    <script>
      if (window.testRunner) {
          testRunner.dumpAsText();
          testRunner.waitUntilDone();
      }
    </script>
  </head>
  <body>
    <pre id="console"></pre>
    <script>
      function log(msg)
      {
          document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
      }

      var protectedResource = "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php";
      var xhr = new XMLHttpRequest();
      xhr.responseType = "document";
      xhr.onreadystatechange = function () {
        if (xhr.readyState == 4) {
          log("PASS: " + this.response);
          if (window.testRunner)
              testRunner.notifyDone();
        }
      };
      xhr.open("GET", protectedResource, true);
      xhr.send();
    </script>
    <p>Loading a frameless document (like those generated via XMLHttpRequest)
    shouldn't crash the CSP parser.</p>
  </body>
</html>