3 <meta http-equiv=
"Content-Security-Policy" content=
"script-src 'self' 'nonce-allowPDF'; base-uri 'self'">
6 <iframe id=
"pdfFrame"></iframe>
8 <button id=
"pdfButton">click to load pdf
</button>
9 <script nonce=
"allowPDF">
10 async function loadPDFIntoIframe() {
11 let response = await fetch(
"dummy.pdf");
12 let blob = await response.blob();
13 var blobUrl = URL.createObjectURL(blob);
14 var pdfFrame = document.getElementById(
"pdfFrame");
15 pdfFrame.src = blobUrl;
17 let pdfButton = document.getElementById(
"pdfButton");
18 pdfButton.addEventListener(
"click", loadPDFIntoIframe);