1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/browser/components/sessionstore/test/browser_911547_sample.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,18 @@
1.4 +<!DOCTYPE html>
1.5 +<html>
1.6 + <head>
1.7 + <title>Test 911547</title>
1.8 + </head>
1.9 +<body>
1.10 +
1.11 + <!--
1.12 + this element gets modified by an injected script;
1.13 + that script should be blocked by CSP.
1.14 + Inline scripts can modify it, but not data uris.
1.15 + -->
1.16 + <input type="text" id="test_id" value="ok">
1.17 +
1.18 + <a id="test_data_link" href="data:text/html,<input type='text' id='test_id2' value='ok'/> <script>document.getElementById('test_id2').value = 'fail';</script>">Test Link</a>
1.19 +
1.20 +</body>
1.21 +</html>
