dom/security/test/csp/file_pdfjs_not_subject_to_csp.html

   1 <html>
   2 <head>
   3   <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-allowPDF'; base-uri 'self'">
   4 </head>
   5 <body>
   6 <iframe id="pdfFrame"></iframe>
   7 <br/>
   8 <button id="pdfButton">click to load pdf</button>
   9 <script nonce="allowPDF">
  10   async function loadPDFIntoIframe() {
  11     let response = await fetch("dummy.pdf");
  12     let blob = await response.blob();
  13     var blobUrl = URL.createObjectURL(blob);
  14     var pdfFrame = document.getElementById("pdfFrame");
  15     pdfFrame.src = blobUrl;
  16   }
  17   let pdfButton = document.getElementById("pdfButton");
  18   pdfButton.addEventListener("click", loadPDFIntoIframe);
  19 </script>
  20 </body>
  21 </html>