File: iframe-srcdoc-history-inheritance.html

package info (click to toggle)
thunderbird 1%3A115.12.0-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,463,904 kB
  • sloc: cpp: 6,971,272; javascript: 5,208,988; ansic: 3,507,245; python: 1,137,377; asm: 432,531; xml: 205,149; java: 175,761; sh: 116,483; makefile: 22,157; perl: 13,971; objc: 12,561; yacc: 4,583; pascal: 2,840; lex: 1,720; ruby: 1,075; exp: 762; sql: 666; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (63 lines) | stat: -rw-r--r-- 2,335 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
<!DOCTYPE html>
<head>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
</head>

<body>
<iframe></iframe>
<script>
promise_test(async t => {
  // Wait for the page to load + one task so that navigations from here on are
  // not done in "replace" mode.
  await new Promise(resolve => window.onload = () => t.step_timeout(resolve, 0));
  const iframe = document.querySelector('iframe');

  iframe.srcdoc = `
    <h1>This is a dummy page that should not store the inherited policy
    container in this history entry</h1>
  `;

  await new Promise(resolve => iframe.onload = () => t.step_timeout(resolve, 0));

  // Navigate the iframe away.
  iframe.contentWindow.location.href = "/common/blank.html";
  await new Promise(resolve => iframe.onload = resolve);

  // Tighten the outer page's security policy.
  const meta = document.createElement("meta");
  meta.setAttribute("http-equiv", "Content-Security-Policy");
  meta.setAttribute("content", "img-src 'none'");
  document.head.append(meta);

  // Navigate the iframe back to the `about:srcdoc` page (this should work
  // independent of whether the implementation stores the srcdoc contents in the
  // history entry or reclaims it from the attribute).
  iframe.contentWindow.history.back();
  await new Promise(resolve => iframe.onload = resolve);

  const img = iframe.contentDocument.createElement('img');

  const promise = new Promise((resolve, reject) => {
    img.onload = resolve;
    // If the img is blocked because of Content Security Policy, a violation
    // should be reported first, and the test will fail. If for some other
    // reason the error event is fired without the violation being reported,
    // something else went wrong, hence the test should fail.
    img.error = e => {
      reject(new Error("The srcdoc iframe's img failed to load but not due to " +
                       "a CSP violation"));
    };
    iframe.contentDocument.onsecuritypolicyviolation = e => {
      reject(new Error("The srcdoc iframe's img has been blocked by the " +
        "new CSP. It means it was different and wasn't restored from history"));
    };
  });
  // The srcdoc iframe tries to load an image, which should succeed.
  img.src = "/common/square.png";

  return promise;
});
</script>
</body>
</html>