Import Cobalt 19.master.0.203780
Includes the following patches:
https://cobalt-review.googlesource.com/c/cobalt/+/5210
by errong.leng@samsung.com
https://cobalt-review.googlesource.com/c/cobalt/+/5270
by linus.wang@samsung.com
diff --git a/src/third_party/web_platform_tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html b/src/third_party/web_platform_tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html
new file mode 100644
index 0000000..9222a8d
--- /dev/null
+++ b/src/third_party/web_platform_tests/content-security-policy/child-src/child-src-about-blank-allowed-by-default.sub.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+ <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+ <title>child-src-about-blank-allowed-by-default</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+
+ <!-- enforcing policy:
+child-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self';
+-->
+ <p>These frames should not be blocked by Content-Security-Policy.
+ It's pointless to block about:blank iframes because
+ blocking a frame just results in displaying about:blank anyway!
+ </p>
+ <iframe src="about:blank"></iframe>
+ <object type="text/html" data="about:blank"></object>
+
+ <div id="log"></div>
+ <script async defer src="../support/checkReport.sub.js?reportExists=false"></script>
+</body>
+
+</html>
\ No newline at end of file
