test_bug13871.html (3288B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <script src="/tests/SimpleTest/SimpleTest.js"></script> 5 <script src="/tests/SimpleTest/EventUtils.js"></script> 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 7 <script type="text/javascript" src="NavigationUtils.js"></script> 8 <style type="text/css"> 9 iframe { width: 90%; height: 50px; } 10 </style> 11 <script> 12 async function runTest() { 13 navigateByLocation(window0.frames[0]); 14 navigateByOpen("window1_child0"); 15 navigateByForm("window2_child0"); 16 navigateByHyperlink("window3_child0"); 17 18 await waitForFinishedFrames(4); 19 20 isInaccessible(window0.frames[0], "Should not be able to navigate off-domain frame by setting location."); 21 isInaccessible(window1.frames[0], "Should not be able to navigate off-domain frame by calling window.open."); 22 isInaccessible(window2.frames[0], "Should not be able to navigate off-domain frame by submitting form."); 23 isInaccessible(window3.frames[0], "Should not be able to navigate off-domain frame by targeted hyperlink."); 24 25 window0.close(); 26 window1.close(); 27 window2.close(); 28 window3.close(); 29 30 await cleanupWindows(); 31 SimpleTest.finish(); 32 } 33 34 // Because our open()'d windows are cross-origin, we can't wait for onload. 35 // We instead wait for a postMessage from parent.html. 36 var windows = new Map(); 37 addEventListener("message", function windowLoaded(evt) { 38 // Because window.open spins the event loop in order to open new windows, 39 // we might receive the "ready" message before we call waitForLoad. 40 // In that case, windows won't contain evt.source and we just note that the 41 // window is ready. Otherwise, windows contains the "resolve" function for 42 // that window's promise and we just have to call it. 43 if (windows.has(evt.source)) { 44 windows.get(evt.source)(); 45 } else { 46 windows.set(evt.source, true); 47 } 48 }); 49 50 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 51 var window0 = window.open("http://test1.example.org:80/tests/docshell/test/navigation/parent.html", "window0", "width=10,height=10"); 52 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 53 var window1 = window.open("http://test1.example.org:80/tests/docshell/test/navigation/parent.html", "window1", "width=10,height=10"); 54 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 55 var window2 = window.open("http://test1.example.org:80/tests/docshell/test/navigation/parent.html", "window2", "width=10,height=10"); 56 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 57 var window3 = window.open("http://test1.example.org:80/tests/docshell/test/navigation/parent.html", "window3", "width=10,height=10"); 58 59 function waitForLoad(w) { 60 return new Promise(function(resolve) { 61 // If we already got the "ready" message, resolve immediately. 62 if (windows.has(w)) { 63 resolve(); 64 } else { 65 windows.set(w, resolve); 66 } 67 }); 68 } 69 70 Promise.all([ waitForLoad(window0), 71 waitForLoad(window1), 72 waitForLoad(window2), 73 waitForLoad(window3) ]) 74 .then(runTest); 75 </script> 76 </head> 77 <body> 78 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=13871">Mozilla Bug 13871</a> 79 <pre id="test"> 80 <script type="text/javascript"> 81 SimpleTest.waitForExplicitFinish(); 82 </script> 83 </pre> 84 </body> 85 </html>