1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/file_bug886164_6.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,35 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<head>
1.7 + <meta charset="utf-8">
1.8 + <script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
1.9 +</head>
1.10 +<script type="text/javascript">
1.11 + function ok(result, desc) {
1.12 + window.parent.postMessage({ok: result, desc: desc}, "*");
1.13 + }
1.14 +
1.15 + function doStuff() {
1.16 + ok(true, "documents sandboxed with allow-scripts should be able to run inline scripts");
1.17 +
1.18 + document.getElementById('a_form').submit();
1.19 +
1.20 + // trigger the javascript: url test
1.21 + sendMouseEvent({type:'click'}, 'a_link');
1.22 + }
1.23 +</script>
1.24 +<script src='file_iframe_sandbox_pass.js'></script>
1.25 +<body onLoad='ok(true, "documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'>
1.26 + I am sandboxed but with "allow-scripts"
1.27 + <img src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=img6_bad&type=img/png"> </img>
1.28 + <script src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=script6_bad&type=text/javascript'></script>
1.29 +
1.30 + <form method="get" action="file_iframe_sandbox_form_fail.html" id="a_form">
1.31 + First name: <input type="text" name="firstname">
1.32 + Last name: <input type="text" name="lastname">
1.33 + <input type="submit" onclick="doSubmit()" id="a_button">
1.34 + </form>
1.35 +
1.36 + <a href = 'javascript:ok(true, "documents sandboxed with allow-scripts should be able to run script from javascript: URLs");' id='a_link'>click me</a>
1.37 +</body>
1.38 +</html>
