docshell/test/iframesandbox/test_child_navigation_by_location.html@6474c204b198
docshell/test/iframesandbox/test_child_navigation_by_location.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!DOCTYPE HTML>
2 <html>
3 <!--
4 https://bugzilla.mozilla.org/show_bug.cgi?id=785310
5 html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
6 -->
7 <head>
8 <meta charset="utf-8">
9 <title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title>
10 <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
13 <script>
14 SimpleTest.waitForExplicitFinish();
16 var testHtml = "<script>function onNav() { parent.parent.postMessage('childIframe', '*'); } window.onload = onNav; window.onhashchange = onNav;<\/script>";
17 var testDataUri = "data:text/html," + testHtml;
19 function runScriptNavigationTest(testCase) {
20 window.onmessage = function(event) {
21 if (event.data != 'childIframe') {
22 ok(false, "event.data: got '" + event.data + "', expected 'childIframe'");
23 }
24 ok(!testCase.shouldBeBlocked, testCase.desc, "child navigation was NOT blocked");
25 runNextTest();
26 };
27 try {
28 window["parentIframe"].eval(testCase.script);
29 } catch(e) {
30 ok(testCase.shouldBeBlocked, testCase.desc, e.message);
31 runNextTest();
32 }
33 }
35 var testCaseIndex = -1;
36 testCases = [
37 {
38 desc: "Test 1: cross origin child location.replace should NOT be blocked",
39 script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")",
40 shouldBeBlocked: false
41 },
42 {
43 desc: "Test 2: cross origin child location.assign should be blocked",
44 script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
45 shouldBeBlocked: true
46 },
47 {
48 desc: "Test 3: same origin child location.assign should NOT be blocked",
49 script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
50 shouldBeBlocked: false
51 },
52 {
53 desc: "Test 4: cross origin child location.href should NOT be blocked",
54 script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"",
55 shouldBeBlocked: false
56 },
57 {
58 desc: "Test 5: cross origin child location.hash should be blocked",
59 script: "window['crossOriginChildIframe'].location.hash = 'wibble'",
60 shouldBeBlocked: true
61 },
62 {
63 desc: "Test 6: same origin child location.hash should NOT be blocked",
64 script: "window['sameOriginChildIframe'].location.hash = 'wibble'",
65 shouldBeBlocked: false
66 }
67 ];
69 function runNextTest() {
70 ++testCaseIndex;
71 if (testCaseIndex == testCases.length) {
72 SimpleTest.finish();
73 return;
74 }
76 runScriptNavigationTest(testCases[testCaseIndex]);
77 }
79 addLoadEvent(runNextTest);
80 </script>
81 </head>
82 <body>
83 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
84 <p id="display"></p>
85 <div id="content">
86 Tests for Bug 785310
87 </div>
89 <iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" src="data:text/html,<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe>
91 </body>
92 </html>
