summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/browsers/sandboxing/sandbox-window-open-srcdoc.html
blob: 6fbff6df82f57fce61f4d1affe5a965cb45f5e60 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<!DOCTYPE html>
<meta charset=utf-8>
<title>window.open("about:srcdoc") from a sandboxed iframe</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
// Check what happens when executing window.open("about:srcdoc") from a
// sandboxed iframe. Srcdoc can't be loaded in the main frame. It should
// result in an error page. The error page should be cross-origin with the
// opener.
//
// This test covers an interesting edge case. A main frame should inherit
// sandbox flags. However the document loaded is an internal error page. This
// might trigger some assertions, especially if the implementation wrongly
// applies the sandbox flags of the opener to the internal error page document.
//
// This test is mainly a coverage test. It passes if it doesn't crash.
async_test(test => {
  let iframe = document.createElement("iframe");
  iframe.sandbox = "allow-scripts allow-popups allow-same-origin";
  iframe.srcdoc = `
    <script>
      let w = window.open();
      onunload = () => w.close();

      let notify = () => {
        try {
          w.origin; // Will fail after navigating to about:srcdoc.
          parent.postMessage("pending", "*");
        } catch (e) {
          parent.postMessage("done", "*");
        };
      };

      addEventListener("message", notify);
      notify();

      w.location = "about:srcdoc"; // Error page.
    </scr`+`ipt>
  `;

  let closed = false;
  addEventListener("message", event => {
    closed = (event.data === "done");
    iframe.contentWindow.postMessage("ping","*");
  });

  document.body.appendChild(iframe);
  test.step_wait_func_done(()=>closed);
}, "window.open('about:srcdoc') from sandboxed srcdoc doesn't crash.");
</script>