Bug 1509857 [wpt PR 14233] - Added srcdoc iframe inheritance test, a=testonly

Automatic update from web-platform-tests Added srcdoc iframe inheritance test Added a test for behavior around srcdoc iframes CSP inheritance. This tests the current specified behavior of always inheriting the parent CSP for srcdoc iframes. Bug: 694525 Change-Id: I049ef8c5a9e75c052dc2767ea2d523f54cca497f Reviewed-on: https://chromium-review.googlesource.com/c/1350889 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#611638} -- wpt-commits: ea0386308c52ade6f0c3f0ee6192cb201386e6d8 wpt-pr: 14233
2018-11-30 18:05:14 +00:00 · 2018-11-30 18:05:14 +00:00 · d2c0deb68b
--- a/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html
+++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-inheritance.html
@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<head>
+  <meta http-equiv="Content-Security-Policy" content="img-src 'self'">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+  <script>
+    var t1 = async_test("First image should be blocked");
+    var t2 = async_test("Second image should be blocked");
+    window.onmessage = t1.step_func_done(function(e) {
+      if (e.data == "img blocked") {
+        frames[0].frames[0].frameElement.srcdoc =
+        `<script>
+           window.addEventListener('securitypolicyviolation', function(e) {
+             if (e.violatedDirective == 'img-src') {
+               top.postMessage('img blocked', '*');
+             }
+           })
+         </scr` + `ipt>
+         <img src='/content-security-policy/support/fail.png'
+              onload='top.postMessage("img loaded", "*")'/>`;
+        window.onmessage = t2.step_func_done(function(e) {
+          if (e.data != "img blocked")
+            assert_true(false, "The second image should have been blocked");
+        });
+      } else {
+        assert_true(false, "The first image should have been blocked");
+      }
+    });
+  </script>
+  <iframe src="support/srcdoc-child-frame.html"></iframe>
+</body>
+</html>
--- a/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html
+++ b/testing/web-platform/tests/content-security-policy/inheritance/support/srcdoc-child-frame.html
@ -0,0 +1,19 @@
+<head>
+  <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+</head>
+<body>
+  <script>
+    var i = document.createElement('iframe');
+    i.srcdoc=`<script>
+                window.addEventListener('securitypolicyviolation', function(e) {
+                  if (e.violatedDirective == 'img-src') {
+                    top.postMessage('img blocked', '*');
+                  }
+                })
+              </scr` + `ipt>
+              <img src='/content-security-policy/support/fail.png'
+                onload='top.postMessage("img loaded", "*")'/>`;
+    i.id = "srcdoc-frame";
+    document.body.appendChild(i);
+  </script>
+</body>