1 files changed, 31 insertions, 0 deletions

diff --git a/testing/web-platform/tests/html/browsers/browsing-the-web/navigating-across-documents/navigate-cross-origin-iframe-to-same-url-with-fragment-fire-load-event.html b/testing/web-platform/tests/html/browsers/browsing-the-web/navigating-across-documents/navigate-cross-origin-iframe-to-same-url-with-fragment-fire-load-event.html
new file mode 100644
index 0000000000..f74bbfd7d3
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/browsing-the-web/navigating-across-documents/navigate-cross-origin-iframe-to-same-url-with-fragment-fire-load-event.html
@@ -0,0 +1,31 @@
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<body>
+<script>
+async_test(t => {
+  const crossOriginUrl = new URL(get_host_info().HTTPS_REMOTE_ORIGIN);
+  crossOriginUrl.pathname = "/common/blank.html";
+  const i = document.createElement("iframe");
+  i.src = crossOriginUrl;
+  document.body.appendChild(i);
+
+  let wasLoadEventFired = false;
+  i.onload = t.step_func(() => {
+    // Though iframe is cross-origin and changing hash leads soft reload, the
+    // load event should be fired to protect sensitive information.
+    // See: https://crbug.com/1248444
+    crossOriginUrl.hash = "#foo";
+    i.onload = () => {
+      assert_false(wasLoadEventFired)
+      wasLoadEventFired = true;
+      // Wait for a while to ensure other onload events are never fired.
+      t.step_timeout(() => t.done(), 100);
+    };
+    i.src = crossOriginUrl;
+  });
+
+}, "Changing the URL hash of a cross-origin iframe should fire a load event");
+</script>
+</body>