1 files changed, 33 insertions, 0 deletions

diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/javascript-url.html b/testing/web-platform/tests/html/browsers/origin/inheritance/javascript-url.html
new file mode 100644
index 0000000000..7dfb1130ce
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/inheritance/javascript-url.html
@@ -0,0 +1,33 @@
+<!doctype html>
+<html>
+  <head>
+    <title>javascript: aliases security origin</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      promise_test(t => {
+        let iframe = document.createElement('iframe');
+        document.body.appendChild(iframe);
+        // Should not throw: srcdoc should always be same-origin.
+        iframe.contentDocument;
+
+        iframe.contentWindow.location = 'javascript:"Hello world!"';
+        return new Promise(resolve => {
+          iframe.addEventListener('load', resolve);
+        }).then(() => {
+          // Explicitly set `domain` component of origin: any other same-origin
+          // browsing contexts are now cross-origin unless they also explicitly
+          // set document.domain to the same value.
+          document.domain = document.domain;
+          // Should not throw: the origin should be aliased, so setting
+          // document.domain in one Document should affect both Documents.
+          assert_equals(
+              iframe.contentWindow.document.body.textContent,
+              'Hello world!');
+        });
+      });
+    </script>
+  </body>
+</html>