39 lines
1.1 KiB
HTML
39 lines
1.1 KiB
HTML
<!DOCTYPE html>
|
|
<meta charset=utf-8>
|
|
<title>window.open in sandbox iframe</title>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="/common/utils.js"></script>
|
|
<body>
|
|
<script>
|
|
setup({single_test: true});
|
|
// check that the popup's URL is not loaded
|
|
const uuid = token();
|
|
async function assert_popup_not_loaded() {
|
|
const response = await fetch(`/fetch/api/resources/stash-take.py?key=${uuid}`);
|
|
assert_equals(await response.json(), null); // is "loaded" if it loads
|
|
}
|
|
|
|
// check for message from the iframe
|
|
window.onmessage = e => {
|
|
assert_equals(e.data, 'null', 'return value of window.open (stringified)');
|
|
step_timeout(async () => {
|
|
await assert_popup_not_loaded();
|
|
done();
|
|
}, 1000);
|
|
};
|
|
const iframe = document.createElement('iframe');
|
|
iframe.sandbox = 'allow-scripts';
|
|
iframe.srcdoc = `
|
|
<script>
|
|
let result;
|
|
try {
|
|
result = window.open('/fetch/api/resources/stash-put.py?key=${uuid}&value=loaded', '_blank');
|
|
} catch(ex) {
|
|
result = ex;
|
|
}
|
|
parent.postMessage(String(result), '*');
|
|
<\/script>
|
|
`;
|
|
document.body.appendChild(iframe);
|
|
</script>
|