File: sandbox-initial-empty-document-toward-same-origin.html

package info (click to toggle)
thunderbird 1%3A91.13.0-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,953,400 kB
  • sloc: cpp: 6,084,049; javascript: 4,790,441; ansic: 3,341,496; python: 862,958; asm: 366,542; xml: 204,277; java: 152,477; sh: 111,436; makefile: 21,388; perl: 15,312; yacc: 4,583; objc: 3,026; lex: 1,720; exp: 762; pascal: 635; awk: 564; sql: 453; php: 436; lisp: 432; ruby: 99; sed: 69; csh: 45
file content (30 lines) | stat: -rw-r--r-- 1,097 bytes parent folder | download | duplicates (22) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
<!DOCTYPE html>
<meta charset=utf-8>
<title>
  Check sandbox-flags inheritance in case of javascript window reuse.
</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
promise_test(async test => {
  let message = new Promise(resolve =>
    window.addEventListener("message", event => resolve(event.data))
  );

  // Create an initial empty document in the iframe, sandboxed. It will attempt
  // to load a slow page, but won't have time.
  let iframe = document.createElement("iframe");
  iframe.setAttribute("sandbox", "allow-scripts allow-same-origin");
  iframe.src = "/fetch/api/resources/infinite-slow-response.py";
  document.body.appendChild(iframe);

  // Remove sandbox flags. This should apply to documents committed from
  // navigations started after this instruction.
  iframe.removeAttribute("sandbox");
  iframe.src = "./resources/check-sandbox-flags.html";

  // The window is reused, but the new sandbox flags should be used.
  assert_equals(await message, "document-domain-is-allowed");
});
</script>