forked from mirrors/gecko-dev
19 lines
521 B
HTML
19 lines
521 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Test 911547</title>
|
|
</head>
|
|
<body>
|
|
|
|
<!--
|
|
this element gets modified by an injected script;
|
|
that script should be blocked by CSP.
|
|
Inline scripts can modify it, but not data uris.
|
|
-->
|
|
<input type="text" id="test_id" value="ok">
|
|
|
|
<a id="test_data_link" href="data:text/html;charset=utf-8,<input type='text' id='test_id2' value='ok'/> <script>document.getElementById('test_id2').value = 'fail';</script>">Test Link</a>
|
|
|
|
</body>
|
|
</html>
|