Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /html/browsers/sandboxing/popup-from-initial-empty-sandboxed-document.window.html - WPT Dashboard Interop Dashboard
// META: timeout=long
// META: script=/common/utils.js
// META: script=/common/dispatcher/dispatcher.js
//
// From a sandboxed iframe allowing popups, scripts, and same-origin. Open a
// popup using the WindowProxy of a new iframe that is still on the initial
// empty document. Check that the sandbox flags are properly inherited.
// Return true if the execution context is sandboxed.
const isSandboxed = () => {
try {
// Setting document.domain in sandboxed document throw errors.
document.domain = document.domain;
return false;
} catch (error) {
return true;
}
}
promise_test(async test => {
// 1. Create a sandboxed iframe, allowing popups, same-origin and scripts.
const iframe_token = token();
const iframe_document = new RemoteContext(iframe_token);
const iframe_url = remoteExecutorUrl(iframe_token);
const iframe = document.createElement("iframe");
iframe.sandbox = "allow-same-origin allow-scripts allow-popups";
iframe.src = iframe_url;
document.body.appendChild(iframe);
assert_true(await iframe_document.execute_script(isSandboxed),
"iframe is sandboxed");
// 2. From the sandboxed iframe, create an empty iframe, and open a popup
// using it's WindowProxy. The popup must inherit sandbox flags.
const popup_token = token();
const popup_document = new RemoteContext(popup_token);
const popup_url = remoteExecutorUrl(popup_token);
iframe_document.execute_script((popup_url) => {
let iframe = document.createElement("iframe");
iframe.name = "iframe_name";
document.body.appendChild(iframe);
iframe_name.open(popup_url);
}, [popup_url.href]);
assert_true(await popup_document.execute_script(isSandboxed), "popup is sandboxed");
});