browser/components/originattributes/test/browser/file_windowOpenerRestrictionTarget.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

<!DOCTYPE HTML>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <title>title not set</title>
  <script>
    // If the query string is given, we are expecting the window.opener can be accessed
    // across different first party domains, so we will match the cookie value.
    // Otherwise, the access of window.opener should be treated as cross-origin.
    // Therefore, it should fail at this setting.
    let openerRestriction = true;
    let cookieValue;
    if (window.location.search.length) {
      cookieValue = window.location.search.substr(1);
      openerRestriction = false;
    }

    try {
      let openerFrame = window.opener.frames.child;
      let result = openerFrame.document.cookie === cookieValue;
      if (result && !openerRestriction) {
        document.title = "pass";
      }
    } catch (e) {
      if (openerRestriction) {
        document.title = "pass";
      }
    }
  </script>
</head>
<body>
</body>
</html>