third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-javascript-urls.html

   1 <!DOCTYPE html>
   2 <html>
   3 <head>
   4 <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-eval'">
   5 <script src="resources/javascript-url-bypass.js"></script>
   6 </head>
   7 <body id="body">
   8     <iframe id="testiframe"></iframe>
   9     <p>
  10         This test ensures that scripts run in isolated worlds marked with their
  11         own Content Security Policy can bypass javascript: URL restrictions.
  12     </p>
  13 </body>
  14 </html>