summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html
blob: 907c88e813951cc774bd5321b3477652de13ba57 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<!DOCTYPE html>
<head>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
</head>

<body>
<iframe></iframe>
<script>
promise_test(async t => {
  // Wait for the page to load + one task so that navigations from here on are
  // not done in "replace" mode.
  await new Promise(resolve => window.onload = () => t.step_timeout(resolve, 0));
  const iframe = document.querySelector('iframe');

  iframe.srcdoc = `
    <h1>This is a dummy page that should not store the inherited policy
    container in this history entry</h1>
  `;

  await new Promise(resolve => iframe.onload = () => t.step_timeout(resolve, 0));

  // Navigate the iframe away.
  iframe.contentWindow.location.href = "/common/blank.html";
  await new Promise(resolve => iframe.onload = resolve);

  // Tighten the outer page's security policy.
  const meta = document.createElement("meta");
  meta.setAttribute("http-equiv", "Content-Security-Policy");
  meta.setAttribute("content", "img-src 'none'");
  document.head.append(meta);

  // Navigate the iframe back to the `about:srcdoc` page (this should work
  // independent of whether the implementation stores the srcdoc contents in the
  // history entry or reclaims it from the attribute).
  iframe.contentWindow.history.back();
  await new Promise(resolve => iframe.onload = resolve);

  const img = iframe.contentDocument.createElement('img');

  const promise = new Promise((resolve, reject) => {
    img.onload = resolve;
    // If the img is blocked because of Content Security Policy, a violation
    // should be reported first, and the test will fail. If for some other
    // reason the error event is fired without the violation being reported,
    // something else went wrong, hence the test should fail.
    img.error = e => {
      reject(new Error("The srcdoc iframe's img failed to load but not due to " +
                       "a CSP violation"));
    };
    iframe.contentDocument.onsecuritypolicyviolation = e => {
      reject(new Error("The srcdoc iframe's img has been blocked by the " +
        "new CSP. It means it was different and wasn't restored from history"));
    };
  });
  // The srcdoc iframe tries to load an image, which should succeed.
  img.src = "/common/square.png";

  return promise;
});
</script>
</body>
</html>