1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
// META: title=Top-level navigation tests with frames that try to give themselves top-nav permission
// META: script=/common/dispatcher/dispatcher.js
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/resources/testdriver.js
// META: script=/resources/testdriver-vendor.js
// META: script=/html/browsers/browsing-the-web/remote-context-helper/resources/remote-context-helper.js
// META: script=./resources/sandbox-top-navigation-helper.js
'use strict';
promise_test(async t => {
const main = await setupTest();
const iframe_1 = await createNestedIframe(main,
"HTTP_REMOTE_ORIGIN", "", "");
const iframe_2 = await createNestedIframe(iframe_1,
"HTTP_REMOTE_ORIGIN", "allow-top-navigation", "");
await attemptTopNavigation(iframe_2, false);
}, "A cross origin unsandboxed frame can't escalate privileges in a child \
frame");
promise_test(async t => {
const main = await setupTest();
const iframe_1 = await createNestedIframe(main,
"HTTP_REMOTE_ORIGIN", "allow-top-navigation", "");
const iframe_2 = await createNestedIframe(iframe_1,
"OTHER_ORIGIN", "", "");
await attemptTopNavigation(iframe_2, true);
}, "An unsandboxed grandchild inherits its parents ability to navigate top.");
promise_test(async t => {
const main = await setupTest();
const iframe_1 = await createNestedIframe(main,
"HTTP_ORIGIN", "", "");
const iframe_2 = await createNestedIframe(iframe_1,
"HTTP_ORIGIN", "allow-top-navigation", "");
await attemptTopNavigation(iframe_2, true);
}, "A same-origin grandchild with frame allow-top can navigate top");
promise_test(async t => {
const main = await setupTest();
const iframe_1 = await createNestedIframe(main,
"HTTP_ORIGIN", "", "");
const iframe_2 = await createNestedIframe(iframe_1,
"HTTP_ORIGIN", "", "allow-top-navigation");
await attemptTopNavigation(iframe_2, false);
}, "A sandboxed same-origin grandchild without allow-same-origin can't \
escalate its own top-nav privileges");
promise_test(async t => {
const main = await setupTest();
const iframe_1 = await createNestedIframe(main,
"HTTP_ORIGIN", "", "");
const iframe_2 = await createNestedIframe(iframe_1,
"HTTP_ORIGIN", "", "allow-same-origin allow-top-navigation");
await attemptTopNavigation(iframe_2, true);
}, "A sandboxed same-origin grandchild with allow-same-origin can \
give itself top-nav privileges");
|