<html> | |
<head> | |
<meta http-equiv="Content-Security-Policy" content="script-src 'none';"/> | |
</head> | |
<body> | |
<p>This is a page with CSP that disallows scripts and an iframe that loads an | |
error page. | |
<p><iframe src="http://invalid.foo/" id="test_iframe"></iframe> | |
</body> | |
</html> |