diff options
Diffstat (limited to 'testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html')
-rw-r--r-- | testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html b/testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html new file mode 100644 index 0000000000..971811ee66 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html @@ -0,0 +1,29 @@ +<!doctype html> +<html> + <head> + <title>about:srcdoc aliases security origin</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <script> + test(() => { + let iframe = document.createElement('iframe'); + iframe.srcdoc = '<body></body>'; + document.body.appendChild(iframe); + // Should not throw: srcdoc should always be same-origin. + iframe.contentWindow.document.body.innerHTML = '<p>Hello world!</p>'; + + // Explicitly set `domain` component of origin: any other same-origin + // browsing contexts are now cross-origin unless they also explicitly + // set document.domain to the same value. + document.domain = document.domain; + // Should not throw: the origin should be aliased, so setting + // document.domain in one Document should affect both Documents. + assert_equals( + iframe.contentWindow.document.body.textContent, + 'Hello world!'); + }); + </script> + </body> +</html> |