docshell/test/iframesandbox/test_child_navigation_by_location.html
author Jeff Walden <jwalden@mit.edu>
Tue, 19 Nov 2019 04:55:39 +0000
changeset 502538 b5c5ba07d3dbd0d07b66fa42a103f4df2c27d3a2
parent 469640 c9c0c6f2eed54a187e124942e53c3660b4cf17d8
permissions -rw-r--r--
Bug 1596544 - intl_ValidateAndCanonicalizeUnicodeExtensionType should ignore the second |option| argument until it's needed to report an error. r=anba Differential Revision: https://phabricator.services.mozilla.com/D53145

<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
-->
<head>
<meta charset="utf-8">
<title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>

<script>
  SimpleTest.waitForExplicitFinish();

  var testDataUri = "file_child_navigation_by_location.html";

  function runScriptNavigationTest(testCase) {
    window.onmessage = function(event) {
      if (event.data != "childIframe") {
        ok(false, "event.data: got '" + event.data + "', expected 'childIframe'");
      }
      ok(!testCase.shouldBeBlocked, testCase.desc + " - child navigation was NOT blocked");
      runNextTest();
    };
    try {
      window.parentIframe.eval(testCase.script);
    } catch (e) {
      ok(testCase.shouldBeBlocked, testCase.desc + " - " + e.message);
      runNextTest();
    }
  }

  var testCaseIndex = -1;
  var testCases = [
    {
      desc: "Test 1: cross origin child location.replace should NOT be blocked",
      script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")",
      shouldBeBlocked: false,
    },
    {
      desc: "Test 2: cross origin child location.assign should be blocked",
      script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
      shouldBeBlocked: true,
    },
    {
      desc: "Test 3: same origin child location.assign should NOT be blocked",
      script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
      shouldBeBlocked: false,
    },
    {
      desc: "Test 4: cross origin child location.href should NOT be blocked",
      script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"",
      shouldBeBlocked: false,
    },
    {
      desc: "Test 5: cross origin child location.hash should be blocked",
      script: "window['crossOriginChildIframe'].location.hash = 'wibble'",
      shouldBeBlocked: true,
    },
    {
      desc: "Test 6: same origin child location.hash should NOT be blocked",
      script: "window['sameOriginChildIframe'].location.hash = 'wibble'",
      shouldBeBlocked: false,
    },
  ];

  function runNextTest() {
    ++testCaseIndex;
    if (testCaseIndex == testCases.length) {
      SimpleTest.finish();
      return;
    }

    runScriptNavigationTest(testCases[testCaseIndex]);
  }

  addLoadEvent(runNextTest);
</script>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
<p id="display"></p>
<div id="content">
Tests for Bug 785310
</div>

<iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" srcdoc="<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe>

</body>
</html>