The Tor Browser / file comparison
comparison: docshell/test/iframesandbox/test_child_navigation_by_location.html
docshell/test/iframesandbox/test_child_navigation_by_location.html
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:9f7a250bea09 |
|---|---|
| 1 <!DOCTYPE HTML> | |
| 2 <html> | |
| 3 <!-- | |
| 4 https://bugzilla.mozilla.org/show_bug.cgi?id=785310 | |
| 5 html5 sandboxed iframe should not be able to perform top navigation with scripts allowed | |
| 6 --> | |
| 7 <head> | |
| 8 <meta charset="utf-8"> | |
| 9 <title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title> | |
| 10 <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> | |
| 11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> | |
| 12 | |
| 13 <script> | |
| 14 SimpleTest.waitForExplicitFinish(); | |
| 15 | |
| 16 var testHtml = "<script>function onNav() { parent.parent.postMessage('childIframe', '*'); } window.onload = onNav; window.onhashchange = onNav;<\/script>"; | |
| 17 var testDataUri = "data:text/html," + testHtml; | |
| 18 | |
| 19 function runScriptNavigationTest(testCase) { | |
| 20 window.onmessage = function(event) { | |
| 21 if (event.data != 'childIframe') { | |
| 22 ok(false, "event.data: got '" + event.data + "', expected 'childIframe'"); | |
| 23 } | |
| 24 ok(!testCase.shouldBeBlocked, testCase.desc, "child navigation was NOT blocked"); | |
| 25 runNextTest(); | |
| 26 }; | |
| 27 try { | |
| 28 window["parentIframe"].eval(testCase.script); | |
| 29 } catch(e) { | |
| 30 ok(testCase.shouldBeBlocked, testCase.desc, e.message); | |
| 31 runNextTest(); | |
| 32 } | |
| 33 } | |
| 34 | |
| 35 var testCaseIndex = -1; | |
| 36 testCases = [ | |
| 37 { | |
| 38 desc: "Test 1: cross origin child location.replace should NOT be blocked", | |
| 39 script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")", | |
| 40 shouldBeBlocked: false | |
| 41 }, | |
| 42 { | |
| 43 desc: "Test 2: cross origin child location.assign should be blocked", | |
| 44 script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")", | |
| 45 shouldBeBlocked: true | |
| 46 }, | |
| 47 { | |
| 48 desc: "Test 3: same origin child location.assign should NOT be blocked", | |
| 49 script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")", | |
| 50 shouldBeBlocked: false | |
| 51 }, | |
| 52 { | |
| 53 desc: "Test 4: cross origin child location.href should NOT be blocked", | |
| 54 script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"", | |
| 55 shouldBeBlocked: false | |
| 56 }, | |
| 57 { | |
| 58 desc: "Test 5: cross origin child location.hash should be blocked", | |
| 59 script: "window['crossOriginChildIframe'].location.hash = 'wibble'", | |
| 60 shouldBeBlocked: true | |
| 61 }, | |
| 62 { | |
| 63 desc: "Test 6: same origin child location.hash should NOT be blocked", | |
| 64 script: "window['sameOriginChildIframe'].location.hash = 'wibble'", | |
| 65 shouldBeBlocked: false | |
| 66 } | |
| 67 ]; | |
| 68 | |
| 69 function runNextTest() { | |
| 70 ++testCaseIndex; | |
| 71 if (testCaseIndex == testCases.length) { | |
| 72 SimpleTest.finish(); | |
| 73 return; | |
| 74 } | |
| 75 | |
| 76 runScriptNavigationTest(testCases[testCaseIndex]); | |
| 77 } | |
| 78 | |
| 79 addLoadEvent(runNextTest); | |
| 80 </script> | |
| 81 </head> | |
| 82 <body> | |
| 83 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a> | |
| 84 <p id="display"></p> | |
| 85 <div id="content"> | |
| 86 Tests for Bug 785310 | |
| 87 </div> | |
| 88 | |
| 89 <iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" src="data:text/html,<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe> | |
| 90 | |
| 91 </body> | |
| 92 </html> |
