content-security-policy/inheritance/support/navigate-parent-to-blob.html - external/w3c/web-platform-tests - Git at Google

 <!DOCTYPE html>
 <html>
   <head>
     <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
   </head>
   <body>
     <script>
       const blob_payload = `
         <!doctype html>
          <script>
            var i = false;
            try {
              eval('i = true');
            } catch {}
            opener.postMessage(i ? "eval allowed" : "eval blocked", '*');
          </scr` + `ipt>
          `;
       var blob_url = URL.createObjectURL(
           new Blob([blob_payload], { type: 'text/html' }));
       parent.location = blob_url;
     </script>
   </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
	</head>
	<body>
	<script>
	const blob_payload = `
	<!doctype html>
	<script>
	var i = false;
	try {
	eval('i = true');
	} catch {}
	opener.postMessage(i ? "eval allowed" : "eval blocked", '*');
	</scr` + `ipt>
	`;
	var blob_url = URL.createObjectURL(
	new Blob([blob_payload], { type: 'text/html' }));
	parent.location = blob_url;
	</script>
	</body>
	</html>