1 files changed, 37 insertions, 0 deletions

diff --git a/testing/web-platform/tests/html/browsers/sandboxing/sandbox-document-open-mutation.window.js b/testing/web-platform/tests/html/browsers/sandboxing/sandbox-document-open-mutation.window.js
new file mode 100644
index 0000000000..713ca612c5
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/sandbox-document-open-mutation.window.js
@@ -0,0 +1,37 @@
+// Return whether the current context is sandboxed or not. The implementation do
+// not matter much, but might have to change over time depending on what side
+// effect sandbox flag have. Feel free to update as needed.
+const is_sandboxed = () => {
+  try {
+    document.domain = document.domain;
+    return "not sandboxed";
+  } catch (error) {
+    return "sandboxed";
+  }
+};
+
+promise_test(async test => {
+  const message = new Promise(r => window.addEventListener("message", r));
+
+  const iframe_unsandboxed = document.createElement("iframe");
+  document.body.appendChild(iframe_unsandboxed);
+
+  const iframe_sandboxed = document.createElement("iframe");
+  iframe_sandboxed.sandbox = "allow-same-origin allow-scripts";
+  document.body.appendChild(iframe_sandboxed);
+
+  iframe_sandboxed.srcdoc = `
+    <script>
+      parent.frames[0].document.write(\`
+        <script>
+          const is_sandboxed = ${is_sandboxed};
+          window.parent.postMessage(is_sandboxed(), '*');
+        </scr\`+\`ipt>
+      \`);
+      parent.frames[0].document.close();
+    </scr`+`ipt>
+  `;
+  assert_equals((await message).data, "not sandboxed");
+
+}, "Using document.open() against a document from a different window must not" +
+   " mutate the other window's sandbox flags");