fix(xframeoptions): added a test that ensures meta equiv tags with `x…

…-frame-options` are ignored
mdn · Jul 16, 2024 · 39cf38c · 39cf38c
1 parent 5080718
commit 39cf38c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/test/files/test_parse_http_equiv_headers_x_frame_options.html b/test/files/test_parse_http_equiv_headers_x_frame_options.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta http-equiv="X-Frame-Options" content="DENY" />
+    <title>Title</title>
+  </head>
+  <body></body>
+</html>
diff --git a/test/x-frame-options.test.js b/test/x-frame-options.test.js
@@ -57,4 +57,11 @@ describe("X-Frame-Options", () => {
     assert.equal(result.result, Expectation.XFrameOptionsImplementedViaCsp);
     assert.isTrue(result.pass);
   });
+
+  it("does not obey x-frame-options in meta equiv tags", function () {
+    reqs = emptyRequests("test_parse_http_equiv_headers_x_frame_options.html");
+    const result = xFrameOptionsTest(reqs);
+    assert.equal(result.result, Expectation.XFrameOptionsNotImplemented);
+    assert.isFalse(result.pass);
+  });
 });