summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/browsers/sandboxing/resources
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/html/browsers/sandboxing/resources')
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/check-sandbox-flags.html8
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/document-open.html14
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/execute-postmessage.html5
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/post-done-to-opener.html3
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html15
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html.headers1
-rw-r--r--testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-javascript-window-open.html18
7 files changed, 64 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/check-sandbox-flags.html b/testing/web-platform/tests/html/browsers/sandboxing/resources/check-sandbox-flags.html
new file mode 100644
index 0000000000..0dc95315f1
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/check-sandbox-flags.html
@@ -0,0 +1,8 @@
+<script>
+ try {
+ document.domain = document.domain;
+ parent.postMessage('document-domain-is-allowed', '*');
+ } catch (error) {
+ parent.postMessage('document-domain-is-disallowed', '*');
+ }
+</script>
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/document-open.html b/testing/web-platform/tests/html/browsers/sandboxing/resources/document-open.html
new file mode 100644
index 0000000000..136c494d5a
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/document-open.html
@@ -0,0 +1,14 @@
+<script>
+ onload = () => {
+ document.write(`
+ <script>
+ try {
+ document.domain = document.domain;
+ parent.postMessage('document-domain-is-allowed', '*');
+ } catch (error) {
+ parent.postMessage('document-domain-is-disallowed', '*');
+ }
+ </sc`+`ript>
+ `);
+ }
+</script>
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/execute-postmessage.html b/testing/web-platform/tests/html/browsers/sandboxing/resources/execute-postmessage.html
new file mode 100644
index 0000000000..89bd268f9c
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/execute-postmessage.html
@@ -0,0 +1,5 @@
+<script>
+ // Execute arbitrary code from somewhere else, via postMessage.
+ window.addEventListener("message", event => eval(event.data));
+ window.opener.postMessage("ready", "*");
+</script>
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/post-done-to-opener.html b/testing/web-platform/tests/html/browsers/sandboxing/resources/post-done-to-opener.html
new file mode 100644
index 0000000000..b47f0f274e
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/post-done-to-opener.html
@@ -0,0 +1,3 @@
+<script>
+ window.opener.top.postMessage("DONE", "*");
+</script>
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html b/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html
new file mode 100644
index 0000000000..29c7f12441
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html
@@ -0,0 +1,15 @@
+<script>
+ const iframe_1_script = encodeURI(`
+ <script>
+ try {
+ document.domain = document.domain;
+ parent.postMessage("not sandboxed", "*");
+ } catch (exception) {
+ parent.postMessage("sandboxed", "*");
+ }
+ </scr`+`ipt>
+ `);
+
+ const iframe_1 = parent.document.querySelector("#iframe_1");
+ iframe_1.src = `data:text/html,${iframe_1_script}`;
+</script>
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html.headers b/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html.headers
new file mode 100644
index 0000000000..82e8023d0b
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-scripts allow-same-origin
diff --git a/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-javascript-window-open.html b/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-javascript-window-open.html
new file mode 100644
index 0000000000..909956a54f
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-javascript-window-open.html
@@ -0,0 +1,18 @@
+<script>
+ // Forward message from the openee toward the parent.
+ window.addEventListener("message", event => top.postMessage(event.data, "*"));
+
+ let check_sandboxed = `"
+ <script>
+ try {
+ document.domain = document.domain;
+ opener.postMessage('allow-document-domain', '*');
+ } catch (error) {
+ opener.postMessage('disallow-document-domain', '*');
+ }
+ </scr`+`ipt>
+ "`;
+
+ window.open('about:blank', "window_name");
+ window.open("javascript:" + check_sandboxed, "window_name");
+</script>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 19:37:47 +0000