diff --git a/content-security-policy/inheritance/document-write-iframe.html b/content-security-policy/inheritance/document-write-iframe.html index a84e3a37031280..d6ad88ddc93df4 100644 --- a/content-security-policy/inheritance/document-write-iframe.html +++ b/content-security-policy/inheritance/document-write-iframe.html @@ -3,67 +3,63 @@ - + document.open() does not change Content Security Policies + promise_test(async () => { + let iframe = document.createElement('iframe'); + document.body.appendChild(iframe); - - + let msg = message_from(iframe.contentWindow); + let doc = iframe.contentWindow.document; + doc.open(); + doc.write("" + documentBody(false) + ""); + doc.close(); + assert_equals(await msg, "blocked"); + }, "document.open() keeps inherited CSPs on empty iframe."); - - + promise_test(async () => { + let iframe = document.createElement('iframe'); + let loaded = new Promise(resolve => iframe.onload = resolve); + iframe.src = "/common/blank.html"; + document.body.appendChild(iframe); + await loaded; - - -