1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/docshell/test/iframesandbox/test_child_navigation_by_location.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,92 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<!--
1.7 +https://bugzilla.mozilla.org/show_bug.cgi?id=785310
1.8 +html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
1.9 +-->
1.10 +<head>
1.11 +<meta charset="utf-8">
1.12 +<title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title>
1.13 +<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.14 +<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
1.15 +
1.16 +<script>
1.17 + SimpleTest.waitForExplicitFinish();
1.18 +
1.19 + var testHtml = "<script>function onNav() { parent.parent.postMessage('childIframe', '*'); } window.onload = onNav; window.onhashchange = onNav;<\/script>";
1.20 + var testDataUri = "data:text/html," + testHtml;
1.21 +
1.22 + function runScriptNavigationTest(testCase) {
1.23 + window.onmessage = function(event) {
1.24 + if (event.data != 'childIframe') {
1.25 + ok(false, "event.data: got '" + event.data + "', expected 'childIframe'");
1.26 + }
1.27 + ok(!testCase.shouldBeBlocked, testCase.desc, "child navigation was NOT blocked");
1.28 + runNextTest();
1.29 + };
1.30 + try {
1.31 + window["parentIframe"].eval(testCase.script);
1.32 + } catch(e) {
1.33 + ok(testCase.shouldBeBlocked, testCase.desc, e.message);
1.34 + runNextTest();
1.35 + }
1.36 + }
1.37 +
1.38 + var testCaseIndex = -1;
1.39 + testCases = [
1.40 + {
1.41 + desc: "Test 1: cross origin child location.replace should NOT be blocked",
1.42 + script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")",
1.43 + shouldBeBlocked: false
1.44 + },
1.45 + {
1.46 + desc: "Test 2: cross origin child location.assign should be blocked",
1.47 + script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
1.48 + shouldBeBlocked: true
1.49 + },
1.50 + {
1.51 + desc: "Test 3: same origin child location.assign should NOT be blocked",
1.52 + script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
1.53 + shouldBeBlocked: false
1.54 + },
1.55 + {
1.56 + desc: "Test 4: cross origin child location.href should NOT be blocked",
1.57 + script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"",
1.58 + shouldBeBlocked: false
1.59 + },
1.60 + {
1.61 + desc: "Test 5: cross origin child location.hash should be blocked",
1.62 + script: "window['crossOriginChildIframe'].location.hash = 'wibble'",
1.63 + shouldBeBlocked: true
1.64 + },
1.65 + {
1.66 + desc: "Test 6: same origin child location.hash should NOT be blocked",
1.67 + script: "window['sameOriginChildIframe'].location.hash = 'wibble'",
1.68 + shouldBeBlocked: false
1.69 + }
1.70 + ];
1.71 +
1.72 + function runNextTest() {
1.73 + ++testCaseIndex;
1.74 + if (testCaseIndex == testCases.length) {
1.75 + SimpleTest.finish();
1.76 + return;
1.77 + }
1.78 +
1.79 + runScriptNavigationTest(testCases[testCaseIndex]);
1.80 + }
1.81 +
1.82 + addLoadEvent(runNextTest);
1.83 +</script>
1.84 +</head>
1.85 +<body>
1.86 +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
1.87 +<p id="display"></p>
1.88 +<div id="content">
1.89 +Tests for Bug 785310
1.90 +</div>
1.91 +
1.92 +<iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" src="data:text/html,<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe>
1.93 +
1.94 +</body>
1.95 +</html>
