Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- Manifest: dom/html/test/mochitest.toml
<!DOCTYPE HTML>
<html>
<!--
Implement HTML5 sandbox allow-popuos directive for IFRAMEs - inheritance tests
-->
<head>
<meta charset="utf-8">
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<script type="application/javascript">
SimpleTest.expectAssertions(0, 5);
SimpleTest.waitForExplicitFinish();
SimpleTest.requestFlakyTimeout("untriaged");
// A postMessage handler that is used by sandboxed iframes without
// 'allow-same-origin' to communicate pass/fail back to this main page.
window.addEventListener("message", receiveMessage);
function receiveMessage(event) {
switch (event.data.type) {
case "attempted":
testAttempted();
break;
case "ok":
ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted);
break;
default:
// allow for old style message
if (event.data.ok != undefined) {
ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted);
}
}
}
var iframesWithWindowsToClose = new Array();
var attemptedTests = 0;
var passedTests = 0;
var totalTestsToPass = 15;
var totalTestsToAttempt = 21;
function ok_wrapper(result, desc, addToAttempted = true) {
ok(result, desc);
if (result) {
passedTests++;
}
if (addToAttempted) {
testAttempted();
}
}
// Added so that tests that don't register unless they fail,
// can at least notify that they've attempted to run.
function testAttempted() {
attemptedTests++;
if (attemptedTests == totalTestsToAttempt) {
// Make sure all tests have had a chance to complete.
setTimeout(function() {finish();}, 1000);
}
}
var finishCalled = false;
function finish() {
if (!finishCalled) {
finishCalled = true;
is(passedTests, totalTestsToPass, "There are " + totalTestsToPass + " inheritance tests that should pass");
closeWindows();
SimpleTest.finish();
}
}
function checkTestsFinished() {
// If our own finish() has not been called, probably failed due to a timeout, so close remaining windows.
if (!finishCalled) {
closeWindows();
}
}
function closeWindows() {
for (var i = 0; i < iframesWithWindowsToClose.length; i++) {
document.getElementById(iframesWithWindowsToClose[i]).contentWindow.postMessage({type: "closeWindows"}, "*");
}
}
function doTest() {
// passes if good and fails if bad
// 1,2,3) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
// allow-same-origin" should not have its origin sandbox flag set and be able to access document.cookie.
// (Done by file_iframe_sandbox_k_if5.html opened from file_iframe_sandbox_k_if4.html)
// This is repeated for 3 different ways of opening the window,
// see file_iframe_sandbox_k_if4.html for details.
// passes if good
// 4,5,6) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
// allow-top-navigation" should not have its top-level navigation sandbox flag set and be able to
// navigate top. (Done by file_iframe_sandbox_k_if5.html (and if6) opened from
// file_iframe_sandbox_k_if4.html). This is repeated for 3 different ways of opening the window,
// see file_iframe_sandbox_k_if4.html for details.
// passes if good
// 7,8,9) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
// all-forms" should not have its forms sandbox flag set and be able to submit forms.
// (Done by file_iframe_sandbox_k_if7.html opened from file_iframe_sandbox_k_if4.html)
// This is repeated for 3 different ways of opening the window,
// see file_iframe_sandbox_k_if4.html for details.
// passes if good
// 10,11,12) Make sure that the sandbox flags copied to a new browsing context are taken from the
// current active document not the browsing context (iframe / docShell).
// This is done by removing allow-same-origin and calling doSubOpens from file_iframe_sandbox_k_if8.html,
// which opens file_iframe_sandbox_k_if9.html in 3 different ways.
// It then navigates to file_iframe_sandbox_k_if1.html to run tests 13 - 21 below.
var if_8_1 = document.getElementById('if_8_1');
if_8_1.sandbox = 'allow-scripts allow-popups';
if_8_1.contentWindow.doSubOpens();
// passes if good and fails if bad
// 13,14,15) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups"
// should have its origin sandbox flag set and not be able to access document.cookie.
// This is done by file_iframe_sandbox_k_if8.html navigating to file_iframe_sandbox_k_if1.html
// after allow-same-origin has been removed from iframe if_8_1. file_iframe_sandbox_k_if1.html
// opens file_iframe_sandbox_k_if2.html in 3 different ways to perform the tests.
iframesWithWindowsToClose.push("if_8_1");
// fails if bad
// 16,17,18) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups"
// should have its forms sandbox flag set and not be able to submit forms.
// This is done by file_iframe_sandbox_k_if2.html, see test 10 for details of how this is opened.
// fails if bad
// 19,20,21) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups"
// should have its top-level navigation sandbox flag set and not be able to navigate top.
// This is done by file_iframe_sandbox_k_if2.html, see test 10 for details of how this is opened.
}
addLoadEvent(doTest);
</script>
<body onunload="checkTestsFinished()">
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=766282">Mozilla Bug 766282</a> - Implement HTML5 sandbox allow-popups directive for IFRAMEs
<p id="display"></p>
<div id="content">
<iframe sandbox="allow-scripts allow-popups allow-same-origin allow-forms allow-top-navigation" id="if_4" src="file_iframe_sandbox_k_if4.html" height="10" width="10"></iframe>
<iframe sandbox="allow-scripts allow-popups allow-same-origin" id="if_8_1" src="file_iframe_sandbox_k_if8.html" height="10" width="10"></iframe>
</div>
</body>
</html>