diff options
Diffstat (limited to 'testing/web-platform/tests/html/browsers/origin/cross-origin-objects/location-properties-smoke-test.window.js')
| -rw-r--r-- | testing/web-platform/tests/html/browsers/origin/cross-origin-objects/location-properties-smoke-test.window.js | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/location-properties-smoke-test.window.js b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/location-properties-smoke-test.window.js new file mode 100644 index 0000000000..45b61d07f5 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/location-properties-smoke-test.window.js @@ -0,0 +1,51 @@ +// META: variant=?assign +// META: variant=?customproperty +// META: variant=?hash +// META: variant=?host +// META: variant=?hostname +// META: variant=?pathname +// META: variant=?port +// META: variant=?protocol +// META: variant=?reload +// META: variant=?search +// META: variant=?toString +// META: variant=?valueOf +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js + +const property = window.location.search.substr(1); + +promise_test(async t => { + const iframeContext = new RemoteContext(token()); + const iframe = document.createElement("iframe"); + iframe.src = get_host_info().REMOTE_ORIGIN + + "/common/dispatcher/remote-executor.html?uuid=" + iframeContext.context_id; + document.body.appendChild(iframe); + + // Wait for the cross-origin document to be loaded inside the iframe. + assert_equals( + await iframeContext.execute_script(() => "Document loaded") , + "Document loaded" + ); + + assert_throws_dom("SecurityError", () => { + const unused = iframe.contentWindow.location[property]; + }, "Cross origin get of a location property should throw a security error"); + + assert_throws_dom("SecurityError", () => { + iframe.contentWindow.location[property] = "Random string"; + }, "Cross origin set of a location property should throw a security error"); + + // Verify that the property was indeed not modified. + assert_not_equals( + await iframeContext.execute_script(property => location[property], + [property]), + "Random string", + ); + + assert_throws_dom("SecurityError", () => { + const unused = Object.getOwnPropertyDescriptor( + iframe.contentWindow.location, property); + }, "Cross origin get of descriptors should throw a security error"); +}, `Verifying that cross-origin access of '${property}' is restricted`); |