summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fenced-frame/sandbox-attribute.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/fenced-frame/sandbox-attribute.https.html')
-rw-r--r--testing/web-platform/tests/fenced-frame/sandbox-attribute.https.html63
1 files changed, 63 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fenced-frame/sandbox-attribute.https.html b/testing/web-platform/tests/fenced-frame/sandbox-attribute.https.html
new file mode 100644
index 0000000000..1458145e43
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/sandbox-attribute.https.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<title>Test fenced frame sandbox attribute.</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+
+async function runTest(t, sandbox_flags, success) {
+ const frame = await attachFencedFrameContext({
+ generator_api: 'fledge', resolve_to_config: true,
+ attributes: [['sandbox', sandbox_flags]]});
+
+ assert_equals(frame.element.sandbox.value, sandbox_flags);
+ if (sandbox_flags) {
+ assert_equals(frame.element.sandbox.length, sandbox_flags.split(' ').length);
+ } else {
+ assert_equals(frame.element.sandbox.length, 0);
+ }
+
+ const result = await Promise.any([
+ frame.execute(() => { return 'success';}),
+ new Promise(resolve => t.step_timeout(() => resolve('failure'), 2000))]);
+ if (success) {
+ assert_equals(result, 'success');
+ } else {
+ assert_equals(result, 'failure');
+ }
+}
+
+// We omit test cases that lack the sandbox attribute, because that's covered
+// by every other test that doesn't explicitly use the `sandbox` attribute.
+
+promise_test(async t => {
+ return runTest(t, '', false);
+}, 'Navigation fails with no allowed features');
+
+promise_test(async t => {
+ return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation', true);
+}, 'Navigation succeeds with exactly the required unsandboxed features');
+
+promise_test(async t => {
+ return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-pointer-lock', true);
+}, 'Navigation succeeds with extra unsandboxed features');
+
+promise_test(async t => {
+ return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox', false);
+}, 'Navigation fails with too few unsandboxed features');
+
+promise_test(async t => {
+ return runTest(t, 'foo bar baz', false);
+}, 'Navigation fails with malformed sandbox flags');
+
+promise_test(async t => {
+ return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-foobarbaz', true);
+}, 'Navigation fails with the required unsandboxed features, plus some malformed ones');
+
+</script>
+</body>