The Tor Browser / file comparison
comparison: docshell/test/iframesandbox/test_sibling_navigation_by_location.html
docshell/test/iframesandbox/test_sibling_navigation_by_location.html
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:bde1df24bde0 |
|---|---|
| 1 <!DOCTYPE HTML> | |
| 2 <html> | |
| 3 <!-- | |
| 4 https://bugzilla.mozilla.org/show_bug.cgi?id=785310 | |
| 5 html5 sandboxed iframe should not be able to perform top navigation with scripts allowed | |
| 6 --> | |
| 7 <head> | |
| 8 <meta charset="utf-8"> | |
| 9 <title>Test for Bug 785310 - iframe sandbox sibling navigation by location tests</title> | |
| 10 <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> | |
| 11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> | |
| 12 | |
| 13 <script> | |
| 14 SimpleTest.waitForExplicitFinish(); | |
| 15 | |
| 16 function runScriptNavigationTest(testCase) { | |
| 17 window.onmessage = function(event) { | |
| 18 if (event.data != "siblingIframe") { | |
| 19 ok(false, "event.data: got '" + event.data + "', expected 'siblingIframe'"); | |
| 20 } | |
| 21 | |
| 22 ok(false, testCase.desc, "sibling navigation was NOT blocked"); | |
| 23 runNextTest(); | |
| 24 }; | |
| 25 | |
| 26 try { | |
| 27 window["testIframe"].eval(testCase.script); | |
| 28 } catch(e) { | |
| 29 ok(true, testCase.desc, e.message); | |
| 30 runNextTest(); | |
| 31 } | |
| 32 } | |
| 33 | |
| 34 var testCaseIndex = -1; | |
| 35 testCases = [ | |
| 36 { | |
| 37 desc: "Test 1: sibling location.replace should be blocked even when sandboxed with allow-same-origin allow-top-navigation", | |
| 38 script: "parent['siblingIframe'].location.replace('file_sibling_navigation_by_location.html')" | |
| 39 }, | |
| 40 { | |
| 41 desc: "Test 2: sibling location.assign should be blocked even when sandboxed with allow-same-origin allow-top-navigation", | |
| 42 script: "parent['siblingIframe'].location.assign('file_sibling_navigation_by_location.html')" | |
| 43 }, | |
| 44 { | |
| 45 desc: "Test 3: sibling location.href should be blocked even when sandboxed with allow-same-origin allow-top-navigation", | |
| 46 script: "parent['siblingIframe'].location.href = 'file_sibling_navigation_by_location.html'" | |
| 47 }, | |
| 48 { | |
| 49 desc: "Test 4: sibling location.hash should be blocked even when sandboxed with allow-same-origin allow-top-navigation", | |
| 50 script: "parent['siblingIframe'].location.hash = 'wibble'" | |
| 51 } | |
| 52 ]; | |
| 53 | |
| 54 function runNextTest() { | |
| 55 ++testCaseIndex; | |
| 56 if (testCaseIndex == testCases.length) { | |
| 57 SimpleTest.finish(); | |
| 58 return; | |
| 59 } | |
| 60 | |
| 61 runScriptNavigationTest(testCases[testCaseIndex]); | |
| 62 } | |
| 63 | |
| 64 window.onmessage = runNextTest; | |
| 65 </script> | |
| 66 </head> | |
| 67 <body> | |
| 68 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a> | |
| 69 <p id="display"></p> | |
| 70 <div id="content"> | |
| 71 Tests for Bug 785310 | |
| 72 </div> | |
| 73 | |
| 74 <iframe name="testIframe" sandbox="allow-scripts allow-same-origin allow-top-navigation"></iframe> | |
| 75 <iframe name="siblingIframe" src="file_sibling_navigation_by_location.html"></iframe> | |
| 76 | |
| 77 </body> | |
| 78 </html> |
