Revision: 5141
Author: [email protected]
Date: Wed Nov 7 15:28:53 2012
Log: Tests for CSP and sandboxed iframes.
http://code.google.com/p/google-caja/source/detail?r=5141
Added:
/trunk/src/com/google/caja/demos/csp
/trunk/src/com/google/caja/demos/csp/httpdhere
/trunk/src/com/google/caja/demos/csp/iframe-tests.html
/trunk/src/com/google/caja/demos/csp/index.html
/trunk/src/com/google/caja/demos/csp/sameOriginHtml.html
/trunk/src/com/google/caja/demos/csp/sameOriginImage.png
/trunk/src/com/google/caja/demos/csp/sameOriginScript.js
=======================================
--- /dev/null
+++ /trunk/src/com/google/caja/demos/csp/httpdhere Wed Nov 7 15:28:53 2012
@@ -0,0 +1,33 @@
+#!/usr/bin/python
+
+"""
+Simple HTTP server for debugging and testing.
+
+Serves up the current directory as the root of the HTTP URL tree on
+port 8000 or the port specified as the first argument.
+
+Examples:
+
+ httpdhere.py -- Serve "." on port 8000
+ httpdhere.py 9090 -- Serve "." on port 9090
+"""
+
+import sys
+import BaseHTTPServer
+import SimpleHTTPServer
+import urlparse
+
+class MyHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
+ def do_GET(self):
+ parsed = urlparse.urlparse(self.path)
+ if parsed.query:
+ self.send_response(200) # Kludge since we don't really know if it's
ok
+ querydict = urlparse.parse_qs(parsed.query)
+ for k in querydict:
+ self.send_header(k, querydict[k][0])
+ self.path = parsed.path
+ SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)
+
+port = int(sys.argv[1]) if len(sys.argv) > 1 else 8000
+httpd = BaseHTTPServer.HTTPServer(('', port), MyHandler)
+httpd.serve_forever()
=======================================
--- /dev/null
+++ /trunk/src/com/google/caja/demos/csp/iframe-tests.html Wed Nov 7
15:28:53 2012
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+ <head>
+ <title>Iframe tests</title>
+ </head>
+ <body>
+
+ <div>trying to run inline script...</div>
+ <script>
+ document.write('<pre>inline script ran</pre>');
+ </script>
+ <div>trying to run eval()-ed script...</div>
+ <script>
+ eval('document.write("<pre>eval()-ed script ran</pre>")');;
+ </script>
+ <div>trying to run same origin script...</div>
+ <script src="sameOriginScript.js"></script>
+ <div>trying to run schmivits.org script...</div>
+ <script src="http://schmivits.org/schmivitsOrgScript.js";></script>
+
+ <div>trying to include same-origin iframe...</div>
+ <iframe style="width: 200px; height: 25px;"
src="./sameOriginHtml.html"></iframe>
+ <div>trying to include schmivits.org iframe...</div>
+ <iframe style="width: 200px; height: 25px;"
src="http://schmivits.org/schmivitsOrgHtml.html";></iframe>
+ <div>trying to include data: URI iframe...</div>
+ <iframe style="width: 200px; height: 25px;"
src="data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgogIDxoZWFkPgogICAgPHRpdGxlPnRlc3Q8L3RpdGxlPgogIDwvaGVhZD4KICA8Ym9keT4KICAgIDxkaXY+ZGF0YTogVVJJIGlmcmFtZTwvZGl2PgogIDwvYm9keT4KPC9odG1sPgo="></iframe>
+
+ <div>trying to load same origin image...</div>
+ <img src="./sameOriginImage.png">
+ <div>trying to load schmivits.org image...</div>
+ <img src="http://schmivits.org/schmivitsOrgImage.png";>
+ <div>trying to load data: URI image...</div>
+ <img
src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAI0AAAA9CAYAAACQlOrQAAAACXBIWXMAAAnYAAAJ2AHHoLmtAAAB1WlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS4xLjIiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOkNvbXByZXNzaW9uPjU8L3RpZmY6Q29tcHJlc3Npb24+CiAgICAgICAgIDx0aWZmOlBob3RvbWV0cmljSW50ZXJwcmV0YXRpb24+MjwvdGlmZjpQaG90b21ldHJpY0ludGVycHJldGF0aW9uPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KbQULngAAG65JREFUeAHtnAt0XlWVx3feSZO06fvdpvQBhRYKSJFWXqXgWKGKQAFRwMXoODjOOAsXupxxDepSlzgsdBRmKY7iiKMoKMijQkFUKlCKFGgp9N2mbfpOmzRp3un8f/ve8/VLmqTf1yb9CmavnJxz73fuOeee/T9777PPOTfroMj6qK8H0uiB7DTy9mXt6wHvgT7Q9AEh7R7oA03aXdb3QO67ugtkrSUbbFnxy6ZixWUp82HPhgLe1Z125Jd754NGCDhoSRwGKIQ2vXxIK4bfDhaloe6AA2CgLMlhsnPt9+I4pL3Q8BsFhgf96Xfvv3cuaMSjCBxZhwAioLS1KsSAMcWAh9DabNZUq1Bv1nJAoTHKmwCSysvOM8vNV6yQW2BW0F+hGNToTwAKYMnOia+5lwhkivMAte4A1B1iO2Ktu3I65j1O1+8s0IgXEKA4KHDAm7YWAUIBgDQLDLvWmO3dYLavwqym0qyuyqx+bwQYnk2XsgSQghKFUrPS4WYlCv1HmA2eZDZkslmeQEWeHPUkMcDJzokARF3wPIGRuP0H23QzFaIYssZxO/ykWEQq1aSbJytjfprQgXHseiBufaKTk96GPgIsWcoPSBwoAk7tLrPVi8wqlwkwqyIQJT3Wq0mkTNlYs7EzzSZcYDZoQgQeJBGM9hBaoHbzXkFtctuvw/uHfIoBRwIsSDKuFTt44utQfrIETCqiV5PHBzRxxzgYOnSed6JeMfk33tivFdP3kEsXnhVgkDI128xe+V+zLUv0G1KnE8rObrOSQdXWr/9+6zdgvxWV1ll+UaPlFTRZXmGjJEKrmIFFFDWwtTVXaizXWppyramh0Brriqyhrp/V1xRb7Z4yO1BTopyhRYdXOPIMs7M/HoEnMLVVanD/9qi9tLlW6cb9kVRskmREOtL+bEkqwEbIkWosGqhQFoV+Q8wGjhNAx5vl91OfKE9QizwXAOVqk+Z13cTDG30Ud3oPNOJDkAzE8AVmB5sjITHUqQf2SIXskypRjN1BXvIBKOIc2Rp56iwP6lCYsPQn6nDZJ4Fy85tt1OSNNvykzTasfIsNHLnLSofsFROovGeorTXHanYNtKotw21P5XDbvm6cbVtTbs2NMoJiylFy2pV6F0nA3VKV+7boB71Pj5DAUDpM4Ck3G3GaGSAdPPGQagwAchBJImUr9AaAehQ0QVoAiJbYzgAorQBA13TgbqmQPWsV1sv22BSNumPp0BEnVdiZ73/exp2+WkasrN3jTG2t2bZ5xWRb/ofzbNOKKSnXnl/QKKnRYPmFDZIybbLNsjXIcjRIcmSsF7iU606qhYoKZayPEngmXGQ25mwZ8IWxxEJyBSkk8LSzh8LDRxn3DGgYSQpIFJcQAojbHIq3rTDb9KLZZqkRxHNP0ns++Jyd+xEZNCcIPXPfAlv10oxEa4pK6mzEpAobPGa7DRi2Jw5VUpO1rhYTGTtJAMZ6qcMD1aVWsyeSblVbh7mE27d9iNQ3YqQ9FQ4QeN5ndup8SaNx+k1qLFdSOqi+oDLbP5X+1TGB5jDJglTRYG+qM1vzrNnKR8yqt3beqLz8Jhs0eoerEeyNfv1rrYhQckA6u00jQ+NMNglxa0uuNR4oUrmF1kB8oNAZcMr7Xu288AzdbdhfbCv+ONOKy/bbyEmbrEwqsjcIW6ty1QTb8tZE27xyku3dPrRdNdg8E843O+Na2VfjBRqpzAAcfgM8xyJ5jg40SBaR+z8kTUxgaWlSJPtk9dNmy34e2SieKf7H6Bo/bY3UyCobOq7SyobLgEGP9dEx98DuzSNt1Qtn2polp1tdtfRVTABk+lVmM66TPVgU2YYOIN0PxnPIm058dKDBthS/myVV2gSWg4pRPS/ca7Y1afDn5LTY5HPfsGkXLZGBKoOmDyTp8CbtvPh/1i493V557CKr2iaHUkxDTza78PNmA0ZJ4hREUofJxdECJ23QIF3gfbPA0iawtGgGU7XB7Ok7zBo0A4JyNJU947LFCn9xtRPd7ft/PHvg7cVn2eJfXm6N9bKMRYPKzS79mlm/MvFHwMnTbSQRLod0dVV6oFH5eF6bpIaQLvgY8Lwu+oqmzVU0zXy6e8knHrZBY3ZENzLw//tPn2frdg62uz/2eJe1r9g83EoKm6x86N4u8yT/sPC1k+0nz59td163MPHMp398pY2WH+jLH/6D/ddTs2zx6vLEI2WaGV02fY1dPXO51Tfm2U0/vMY+fPZK++is1xJ5ejtRt7e/PfG9j9uuTaO9qvLZZrP/2axQHu4s2TksleDJtsNt6m6bllZ2Zkdh+oxjCoP3+e8eAky57JWrvvSDjAKGt3153Vj7/euSyd3Qtd+/wb7+6JxucrT/aa1A+NtXptk+GeGBFqqOv8RAWbp+rD352imWn9tqeTLkX1gz3q6/53r71UunW7NmQjy7coucLMeRigfW2Idu+7GVaeYGVWgGW7tNGkG+sOAkhafBkZpq08BZahRLmVappZYGBYFm3XNSTeujx0efst4+8JkH3MuaWoE9m+vnf5lh90sSTFIH1TZqCMX0duVQ+9ojl1hlVX+bUV5pX5r/nD366qm2vbrEFq8qt4denm5XnbPC7v79bAMEA4oabMG5y23Be98IRaQc99ezD/zjg55/0+4ym3Tb7QLVePs7DaZMUUFxvZsKf3rgQ75OVymbc4LGSr66SK4hAVyCRiEdSlnShJkSCGWWhGpa98eoKmyYi2/8raZ1mkZlgNbtHGQ3/3CB7Zf+rpN39rFlUxOtuOW+qw3gXClg/GbpNPvG7y628sF7rTCvxQZrej+qrMaeXj7ZvvDLeTZTxjpq5ZYfXWWVEu3pUpNcA5T11BtT7J5Fsyw7q80ulYrKNDXUFiea0CzetWrQY2JgauBXS5dSljSAxr27zRFgWD+p1oQIGjGxwgYwhc4QoRZyBdxnv3SfFWtdacn6cQnP/b2feMRWCTTrdw2y+uY8VyfYOoBj6uidNmvKJquqLbLHb7vfgfJW5TBrUL5XN46yURLv6VC1QHvFXTdJ3LOalWXnT9ngdk2D1rIyRRXyVjObgvDVDBgp/mnyki+7hh0COWgQgnw3qVJKkgbAUDCVsA8FKcNaEaoKwjmXSVq7fbCVCCwABjpNTkOoTVPQm39wjf3br98vIOTapC6A/eybk+zyu262ZxRPH7vdn+34b7gcj1BVrRbBRABjrxyN4T73hsoX1Xj/v1v9j79sX7/mKXt+9QRbJMmTCTqwr9T+8JOr7PG7b5YdGoF2uMw8CT+f9eKETew3AjRpUGqgUaEOHFVIZQDnoPjDPhOIhbuDMvYyRZef+bYM1CK795n32rMrJtmf357gTUHFrNgywm6b92f77KUv2Nodg9sZfRi1jQLTIo3G4QL+zz79oOXQqyJAkUxnTYhc23f85lJjJvWZ+z9k9U15Fu4n582RIXzZ9NV+a5NWx48nbVk50Rbec4P99Pbb7a3FZ7vEo/7SIVrcHC/eaeCHxeAgDNI1hFPiNN0X1pXw/rp/RsApGRZ1x/6qMlv62JzoIgP/L566zi6cut7+5Wfz7fp7r7fTx2qKIBozuNo+OONt+9wDV9g5//FPNnXUTtshAxigcP+p5VPsjt/MtRvOe80BUPYPd9hygQzauHugx+EfUupb1z1pyzaNtPl332T/86f32PyzVtqnLno5ZGkXD9U2DAjVeLzozT/NtEfvusXWv3qaL3yGegs0vR6gZmBewL8QAnhCvlTjlPw0VIZ0YdsCDrw6SXDsGVar33oqQi4Vnn7JCzZ7wcKMGcRb9gyw4WW1mhHQM4cIoAzrXycfVns53KwVZVRYgYxigFQnf8qgEin8boj82Ecjtb4U1GE32Y/rT688drEteeTSTuvEAzxwjGZOsxVPlOTR2CgcpP06WuT03YfSYKmuRx09aCStqyukmpab7VyHOI/aWqzZyAx5g08+b5kWIKPR1ulb9N3s8R7ARFj712m2TdP8PVtGGmtSTQ2H3A9UyBrUafPNTjpfoBl8CDTsj/ZlhRRalR5ohIHGakmandoIJdAQ9m2K9uRWSfokj2PmD0PLt9oYqY5BUgtlI3b7FoFM7HlJoR/etVm2rx1na1+ZbmtZzKwpTbznmdeZTflAvKygGTnLCu6vaW/KJfInJ1IDTWxx49Cr1yz0gFb82T1Xi7SRmiJmE3etPPKuGLqouFCOpiu/8EPfEpHciL507/dAi4z2vz5xkb268AK3d1hCuOwrUlUTIuD4QmZeao6+lAxhfyUBIUt6j7k+C14c7WCHfpF8YPkKvp9Vs9Ec2T4tsnuYznWkBu0DYSPR8SJslnnf/oR7fY9XnSdqPUj4c69cZLOu/r03ERt14+LIZ+OzYc2Kcam0UxddvExKoMFACvtN2QObL73IBuc8TbkBTAHGlNKAKEe/5epex0Uw1j9mL3jSJskzezxpiHbPFeXhlOgjeuDUC15JdATaoY1BruCeYdkXwTZNZOokIbmRAgk0eAw5SEbhOdJ/uYBE6gpHX5FCg1RTrWZXTRg2MRTZTwNIpl38km97TKGmHs/SINd+S1u2LdEi5ncWvs/ma6X5Fy/OsJOGVtmn5izxKTcS6T8/+oRNHFblSw4d16qGyqDfqRnYFx78gFVoTenWuS/ag7IRPi//z8yJW9wvdN9zMw2P8KfnvGTzZqzq8ffoqQKr5PEOxFbQJvllc9EQ4m3QJEcyiFOSNF5JDBz2YACePKkopA0VsvK9WbOoRoEHYi2K6feNd37b5n7yVxkDTGtrlq8ur9aeWqbjDy2dbt9/epblahvpPc+cZ3O/+fc2ROtPeIRv/8U8b3tna1X88K8/v9xYFB09sNq+KPCwal25d4C9UTHCLvnmJ7UsUS+vdKN95Lsft6XrNbc9EUkOyyWPzE20rHSkBj1SRoLYfTiYFMmzmUTO9onUJI2ecfSpQGLfvMOTCqitNc9FupGiOT4y95Zf28BRspZPQPreTY/aVO3d7f+pr0jSvGx3fOQZ97tsjj23na1VtWoqyyLkF6/4o3316kX2+LJT7Mrv3Ohv97CAyMo4yw+NkmoPa1H0oSXT7Rx2Kp5g9OLDl9nmNyd7q/rJd1msKTeACadUUU09p56SXh6QyL/lhK1TKQnDeSVo/LTVNu+zP8uYcy9qRff/Wd3GmQeRhpA8dFZYq6qVb+OG2ct8rapFgMHpV6fZxyBJJaisuMFj/r1eMdJy9DwLndCtc1/qdGnBf8zQP7aBPv9/V9jy597rLYCHo06NpAuA4d2DY69XQBN1blQhaxecXwo055aHTmjAhHZ2FvsAiNeqvnfjo3aNdtzdKxU2Xtso+vdr1Ir1RrvryQtsoNwGv5I9E+hMbZJ/UmtRV81cYfmy4e5eeL6NiBc3Q55MxtVab3vmRwtsuzaJQbwnnuFwPiqHvTSxEBB2EuAhb1eUsnqiAC+bESkbxrdJaNEyS+lADTq+ylGUdyLhjExeq7rziQt9rWrDzoG+xPAtbfP8qjZzYfuwjRPK1rLE5y//s6u3D377ZjvQlG+X6sTFzImbM94FrdqO8cazs2zp7+ZoP7eM0JhKNdMt0fKBO/MwfhVyhQL/gIEYHCROyN9ZnJJzjwddbAkgfKqjSQ4+tkYc2BnZMxxbgTiacvnnfprxrRJRa47+f2drVWzbZBZ18anrjJnSrfd/2N66867Edgs2f9U25Gu1PLODhhOab2kHIwvIdfvwfUTE4n2xXCIlIxRkAPPhgtLRSg+Xc0+hWIvxOZrUuAQ6gig5ws+hyigO+o4YSUMYUq6ZkyoERLsqRtmvv3arzb5moU3S0ZV3KnXGeBYpP/bf12ojeY1tqRpg8854OwEY3pPFy0wuYFZr9+JKrXKzHaI+aaceJgTrtzhhC2X89pOUwQjGGctGrFw5afEOZ2n6HaTNkfiWlqTB0marYIPWnw7I+K3boWUESWL2Ca9/QTOoQ/ahz6Jm6AjLSWe9qQP8kcF5pMac6L/v2d/PXtukHX0CDtssMk17No+wDa9NtY2vn2I7N4yRgo2Nk7hh2TIf8MUUCyR5Akl/pIq2SCBpimW3FytdAIj0W66csnj68fgfyU+TNmh8i4RAUw9o1G8cu62piI6y7BJ48NVgUAUqkP9iyrmvW7lG5qiTN2TkkD5tYQWY474nIjVrtpYjr3VXX7holtpjz9J+fbFiV8Vo2yE/0M6NY/zTJ4e9D6+owZ2jGRKb5PrJhikcoljgKFKMOmJ1uxTACCx87QtvPtKGle5UNpmnBRo2lSNN8CKyr6ZerpjqSi1ebokWLusFohotZNZLresDCIdRTm6Ln3Eee9paGzp+qw3RZqne2j4BSHZoxlAhv8QmbbbatXG0n/KcryMdfJvmRKFFP7jWVr98hmTEQa3n1fs3dPiuTit7fVr0BQl9J4c1u26JUcqkRDEqBqcrgMlDJSnwfRtXSwIKe2j6CTSFAky+bJx8qSf38Msg7tFV7kSDpRvZF8xKd7OAU7c7kjb7BRw+1oO6OqB7hAbyCGRZQnBYVkiUk5QoHlAj8Gy3/nLhl8jbWjp4n6z7fdEHiMRcGJxXoKHTYQMVX1XgIHz9/hKFYquXm79adkfV1ujbMfu2DUnsjU2qzkZO3mhzbvptrx3OT66ry7Q8s1t1gJ9VZw7wHw1xWJEtBcKXSxXOaPP9HhaSsVMAC6BwO0ag4SNJSBbsmXxJH+wZ8rK6jYc/Om2ZWktSljQUh+Hrm8ulgjhwhbRpkJqqlYRhJkXcUBWDRr9xmI5ju/5xAKnbg5I+iMAOqveILWUUYhfhpGrTOlJnn9nothB1LMY7HQMxksfJETnpnOXGeS2+ltWbRLurdwxxXwlfe6iQ5Eve2+L9KgnujEuW0EgQQtCqihk7ucpDXoCClGBJB5vEP/oEcABLLEkASrGkC4vK7NJjzRDpEmwYAMOgTkUthT5KDzRqtLucJW04YdkCcLBvYqB4rHQ90kag4ffGGDiclfLzUohR1d4KEyVK+YYKyxGp+AdCo48U+8yOkShJx4hkJZe+z1UHZquTOxK7DXEXcAynbNhudXJN9OkTnS7wz63psyg5+Ycb83xqjbPSfPqkUaFJaT6Jwjmj/VrYrNE+42qdzNy7bai16FhMZ3SQyYP60o1PMc+XaWCigu9tx3cSM9U/F6JicMi5ZNG7MEUGAACBbZvErnYkaQoFnjwFDF0AxX3y+xckkC7qdwcL9ba3oTtrauJeeqCB0QIOHyzyU5Z6Yc4/NUoVMeVuEoCQPpzrRn25ihJoGgUeZl0848CBiWImJxtwFCa7snXpoKLDwoskvt8D5+OXI2I6mRyTzuafQuh8XUUUt5siDqrjXW2G31KIkXZ8oy8iXamBSL2jIt5Z756tOPHRIbXJ9yoxgCgWoMDMEAAKgNHvzHJYlcZBBxjYjoKqIY1qCsBxoOgaVeV2CwDTs4CFeqN+gql0Wuqkx1MnyoaZoNNFox5VO6JrlRTEJI0GMIVIIoGnEKmkwCGtZOBg5SMV+AIFAHDw6Jp0IsBlEa9FiC+jF068uC7pXNqlQMciwdxFriQnKRDxLQBVgIVhtMPPMfNcnN8rUNbOiOlsOD/U2e9d3gMgCCnVj2pRdd4+GEofMvIBAWrCJYna4v2r9tOe8E7+PgBLwZ+JQeNgQIogbWLQIEk8rTiABd64L0bPB1A6VtIEDO9Jd6VHMfecMXrSR7Z6IohOGluvgFgEKAEwpGEUs6+E1BFYsHdc5YmRATTOzCTw0MDgWCQdvWz08nQwQPKRo3QeQIpjFlbJC7M474MRT93EAcC+ASkGE3W0UZie8QgOQ/E7e5ofIO6RViBJ7HaTktTHT/QNDMqjl2Ng5Ask7rpXHBgbQBD8JAE0CeaqjCAdHDQqC0mD1PBnVRZpwIJhC4AAiN/TNWnnj/rFBxfv5Y1WfBSUlnpKLt9Vg3rGP8iIuoLpMENMwfh1NaQY5nia+wpch91ibm/oOT9XLJD4QTxdu+GnkYkadLDAAQIUXpaOVECEJyQLo5QOUueEmEeCCmTvCG07qJh2sIHMJZ/aDXi8vlgyBEkXwJConwIDAQraE7eJekkTBwmRYHYSk2Eu+5BcvcgwhfGkg1cWBiOSkJSupnkfrgPzVRblIz14jqEPiFxl6Z6/O30RhwAUB2HcVj111HTUoKHGABwkAxuxMDyRFkgPF//xCA7XjHCA5SOdtBjFtNG/qKW8qCqAExjmYl1gSQCHSuOXTu4IBwkdp+CjSh0c9vrwLMH3jahOB3EM3mbZW6ylAWraSPtRlbSJNgA2ANyuft1KkNrioKE+wKI4AMbbp/bkwWAx2yWDGIwUwHD12Y5ijFe3UcTs5KmvDwTKFzggAECa+6TDuybuAUrVwzXBARO3CwB6O6Oijvn/MYGG2hMdiiRQQPLgBHSGAwgxxNVODCYA41+eUMx9GOP3YFJ87TZIzLjESA91UakojGrvoGRmxR0WQEVeB47Kph4AAlBc6gk0DhiBiN8AjrdNeX0Gpja4qlTbOpM0YeTCkOT2sGrsox8GAxgCoCAIONgZCfAozX2AFVQs5QYj2AdJzHQHCml+V9kBMKhjHzgAJn6WJlNGGGRK9RgdM2jatSQe1YHRLjnEAEarSyKYAPMUHEgABXWEJOCerhnh/nwMGgcltwBlTM4kdQi36CQPMePcqI1HaGJ0xeUjxVyaoCoFEFeVAEnBJSBtUJ5E23QdBoW3KzQgxKoHpgRGBZUCQ0m7RIhBA4gcNKiRGEBuCCvdTp3EjKfthDCL9OsYBMnvm5AitEXk7xynozs9/79nQRPaFzM40eG6TqgcgcFFPuBQcDApDoAJoHFpQ3n6LRkw3ILoOKoJoyl5ZLqKAEx0OnWTkToEAre9AEcMFsADUIJaTAZNqJvn3bgNZcX1qkivIwEa1RfqDqPfP4gYSz+3SZAoAo6DSOkgiRxoej4AwsEI8wkQv8UhXPvt5Dz+Q+//6x3QJLcbhokSjI873kEUM8MBEhiiOAAmjG76JfG80g6GOA4jKzmm472z6WSejUEJ410dxtIkAMUNcoCEJATUcT5vo54N9Se3QbkcsMrqjObaGR6D1dUHaQEGaRDsDe77b7of7BOXSkgY2qtAmYH8vcJFiGlQBqn3QdPx5ZJ6pB0T4vvhXgAMj4d7yUUlOjPuaH4L95yRHTtWNynHgRBUXxwjfQAUatMBI6B4/RQUniPdgagv1AlgyJIs8bgXJA/g8esYSKRdtXCdVI4jtEM9J9rl8QdNVz0QIyPsCenI864e437gJ15bp8DJ6Cr6r/Ipm3ITkg39okccSCHmHsQ1xQEg4k7Iq1GB4eegKsnqoNBv4V4ADHnDc1Ezdaez9nZS34ly68QBTQZ6BDAAogAK4mQJBxqSf+/YxMBrZYuIzDE5aJQmD4E8IX/I806N/6ZBkwrTAqC6yvtuAUJX79fZfSaHfdRND/wtgqKb7vCfMMf6qK8H0uqBPtCk1V19memB/wdbZoAIkmSt/wAAAABJRU5ErkJggg==">
+ </body>
+</html>
=======================================
--- /dev/null
+++ /trunk/src/com/google/caja/demos/csp/index.html Wed Nov 7 15:28:53 2012
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>test</title>
+ </head>
+ <body>
+
+ <h2><code>iframe</code></h2>
+ <iframe src="iframe-tests.html"></iframe>
+
+ <h2><code>iframe sandbox</code></h2>
+ <iframe sandbox src="iframe-tests.html"></iframe>
+
+ <h2><code>iframe sandbox="allow-scripts"</code></h2>
+ <iframe sandbox="allow-scripts" src="iframe-tests.html"></iframe><br>
+
+ <h2><code>iframe default-src</code></h2>
+ <iframe
src="iframe-tests.html?X-Content-Security-Policy=default-src"></iframe><br>
+
+ <h2><code>iframe default-src 'self'</code></h2>
+ <iframe
src="iframe-tests.html?X-Content-Security-Policy=default-src%20'self'"></iframe><br>
+
+ <h2><code>iframe default-src 'self' schmivits.org</code></h2>
+ <iframe
src="iframe-tests.html?X-Content-Security-Policy=default-src%20'self'%20schmivits.org"></iframe><br>
+
+ <h2><code>iframe default-src 'self' schmivits.org data:</code></h2>
+ <iframe
src="iframe-tests.html?X-Content-Security-Policy=default-src%20'self'%20schmivits.org%20data%3A"></iframe><br>
+ </body>
+</html>
=======================================
--- /dev/null
+++ /trunk/src/com/google/caja/demos/csp/sameOriginHtml.html Wed Nov 7
15:28:53 2012
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>test</title>
+ </head>
+ <body>
+ <div>same origin iframe</div>
+ </body>
+</html>
=======================================
--- /dev/null
+++ /trunk/src/com/google/caja/demos/csp/sameOriginImage.png Wed Nov 7
15:28:53 2012
Binary file, no diff available.
=======================================
--- /dev/null
+++ /trunk/src/com/google/caja/demos/csp/sameOriginScript.js Wed Nov 7
15:28:53 2012
@@ -0,0 +1,1 @@
+document.write('<pre>same origin script ran</pre>');
![http://schmivits.org/schmivitsOrgImage.png"](http://schmivits.org/schmivitsOrgImage.png"){kind=link}