docshell/test/iframesandbox/test_child_navigation_by_location.html@6474c204b198 (annotated)
docshell/test/iframesandbox/test_child_navigation_by_location.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | <!DOCTYPE HTML> |
| michael@0 | 2 | <html> |
| michael@0 | 3 | <!-- |
| michael@0 | 4 | https://bugzilla.mozilla.org/show_bug.cgi?id=785310 |
| michael@0 | 5 | html5 sandboxed iframe should not be able to perform top navigation with scripts allowed |
| michael@0 | 6 | --> |
| michael@0 | 7 | <head> |
| michael@0 | 8 | <meta charset="utf-8"> |
| michael@0 | 9 | <title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title> |
| michael@0 | 10 | <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> |
| michael@0 | 11 | <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> |
| michael@0 | 12 | |
| michael@0 | 13 | <script> |
| michael@0 | 14 | SimpleTest.waitForExplicitFinish(); |
| michael@0 | 15 | |
| michael@0 | 16 | var testHtml = "<script>function onNav() { parent.parent.postMessage('childIframe', '*'); } window.onload = onNav; window.onhashchange = onNav;<\/script>"; |
| michael@0 | 17 | var testDataUri = "data:text/html," + testHtml; |
| michael@0 | 18 | |
| michael@0 | 19 | function runScriptNavigationTest(testCase) { |
| michael@0 | 20 | window.onmessage = function(event) { |
| michael@0 | 21 | if (event.data != 'childIframe') { |
| michael@0 | 22 | ok(false, "event.data: got '" + event.data + "', expected 'childIframe'"); |
| michael@0 | 23 | } |
| michael@0 | 24 | ok(!testCase.shouldBeBlocked, testCase.desc, "child navigation was NOT blocked"); |
| michael@0 | 25 | runNextTest(); |
| michael@0 | 26 | }; |
| michael@0 | 27 | try { |
| michael@0 | 28 | window["parentIframe"].eval(testCase.script); |
| michael@0 | 29 | } catch(e) { |
| michael@0 | 30 | ok(testCase.shouldBeBlocked, testCase.desc, e.message); |
| michael@0 | 31 | runNextTest(); |
| michael@0 | 32 | } |
| michael@0 | 33 | } |
| michael@0 | 34 | |
| michael@0 | 35 | var testCaseIndex = -1; |
| michael@0 | 36 | testCases = [ |
| michael@0 | 37 | { |
| michael@0 | 38 | desc: "Test 1: cross origin child location.replace should NOT be blocked", |
| michael@0 | 39 | script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")", |
| michael@0 | 40 | shouldBeBlocked: false |
| michael@0 | 41 | }, |
| michael@0 | 42 | { |
| michael@0 | 43 | desc: "Test 2: cross origin child location.assign should be blocked", |
| michael@0 | 44 | script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")", |
| michael@0 | 45 | shouldBeBlocked: true |
| michael@0 | 46 | }, |
| michael@0 | 47 | { |
| michael@0 | 48 | desc: "Test 3: same origin child location.assign should NOT be blocked", |
| michael@0 | 49 | script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")", |
| michael@0 | 50 | shouldBeBlocked: false |
| michael@0 | 51 | }, |
| michael@0 | 52 | { |
| michael@0 | 53 | desc: "Test 4: cross origin child location.href should NOT be blocked", |
| michael@0 | 54 | script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"", |
| michael@0 | 55 | shouldBeBlocked: false |
| michael@0 | 56 | }, |
| michael@0 | 57 | { |
| michael@0 | 58 | desc: "Test 5: cross origin child location.hash should be blocked", |
| michael@0 | 59 | script: "window['crossOriginChildIframe'].location.hash = 'wibble'", |
| michael@0 | 60 | shouldBeBlocked: true |
| michael@0 | 61 | }, |
| michael@0 | 62 | { |
| michael@0 | 63 | desc: "Test 6: same origin child location.hash should NOT be blocked", |
| michael@0 | 64 | script: "window['sameOriginChildIframe'].location.hash = 'wibble'", |
| michael@0 | 65 | shouldBeBlocked: false |
| michael@0 | 66 | } |
| michael@0 | 67 | ]; |
| michael@0 | 68 | |
| michael@0 | 69 | function runNextTest() { |
| michael@0 | 70 | ++testCaseIndex; |
| michael@0 | 71 | if (testCaseIndex == testCases.length) { |
| michael@0 | 72 | SimpleTest.finish(); |
| michael@0 | 73 | return; |
| michael@0 | 74 | } |
| michael@0 | 75 | |
| michael@0 | 76 | runScriptNavigationTest(testCases[testCaseIndex]); |
| michael@0 | 77 | } |
| michael@0 | 78 | |
| michael@0 | 79 | addLoadEvent(runNextTest); |
| michael@0 | 80 | </script> |
| michael@0 | 81 | </head> |
| michael@0 | 82 | <body> |
| michael@0 | 83 | <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a> |
| michael@0 | 84 | <p id="display"></p> |
| michael@0 | 85 | <div id="content"> |
| michael@0 | 86 | Tests for Bug 785310 |
| michael@0 | 87 | </div> |
| michael@0 | 88 | |
| michael@0 | 89 | <iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" src="data:text/html,<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe> |
| michael@0 | 90 | |
| michael@0 | 91 | </body> |
| michael@0 | 92 | </html> |
