eval-in-iframe

This test checks that the CSP of calleeRealm only (and not of the callerRealm) is checked for allowing eval.

Summary

Harness status: OK

Found 6 tests

6 Pass

Details

Result

Test Name

Message

Pass

(script-src) Eval code should not execute from iframe in iframe

Asserts run

Pass	assert_equals("blocked", "blocked") at Test.<anonymous> ( /content-security-policy/unsafe-eval/eval-in-iframe.html:33:11)

Pass

(script-src) Eval code should execute from iframe in parent

Asserts run

Pass	assert_equals("allowed", "allowed") at Test.<anonymous> ( /content-security-policy/unsafe-eval/eval-in-iframe.html:37:11)

Pass

(script-src) Eval code should not execute from parent in iframe

Asserts run

Pass

assert_throws_js(function "function EvalError() { [native code] }", function "_ =>             child.contentWindow.eval('1+1')")
    at Test.<anonymous> ( /content-security-policy/unsafe-eval/eval-in-iframe.html:41:11)

Pass

(default-src) Eval code should not execute from iframe in iframe

Asserts run

Pass	assert_equals("blocked", "blocked") at Test.<anonymous> ( /content-security-policy/unsafe-eval/eval-in-iframe.html:33:11)

Pass

(default-src) Eval code should execute from iframe in parent

Asserts run

Pass	assert_equals("allowed", "allowed") at Test.<anonymous> ( /content-security-policy/unsafe-eval/eval-in-iframe.html:37:11)

Pass

(default-src) Eval code should not execute from parent in iframe

Asserts run

Pass

assert_throws_js(function "function EvalError() { [native code] }", function "_ =>             child.contentWindow.eval('1+1')")
    at Test.<anonymous> ( /content-security-policy/unsafe-eval/eval-in-iframe.html:41:11)