File: sandbox-initial-empty-document-toward-same-origin.html

package info (click to toggle)
thunderbird 1%3A128.14.0esr-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,334,824 kB
  • sloc: cpp: 7,391,917; javascript: 5,617,271; ansic: 3,833,216; python: 1,230,742; xml: 619,690; asm: 456,022; java: 179,892; sh: 118,796; makefile: 21,908; perl: 14,825; objc: 12,399; yacc: 4,583; pascal: 2,973; lex: 1,720; ruby: 1,190; exp: 762; sql: 674; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (30 lines) | stat: -rw-r--r-- 1,097 bytes parent folder | download | duplicates (22) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
<!DOCTYPE html>
<meta charset=utf-8>
<title>
  Check sandbox-flags inheritance in case of javascript window reuse.
</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
promise_test(async test => {
  let message = new Promise(resolve =>
    window.addEventListener("message", event => resolve(event.data))
  );

  // Create an initial empty document in the iframe, sandboxed. It will attempt
  // to load a slow page, but won't have time.
  let iframe = document.createElement("iframe");
  iframe.setAttribute("sandbox", "allow-scripts allow-same-origin");
  iframe.src = "/fetch/api/resources/infinite-slow-response.py";
  document.body.appendChild(iframe);

  // Remove sandbox flags. This should apply to documents committed from
  // navigations started after this instruction.
  iframe.removeAttribute("sandbox");
  iframe.src = "./resources/check-sandbox-flags.html";

  // The window is reused, but the new sandbox flags should be used.
  assert_equals(await message, "document-domain-is-allowed");
});
</script>