test_iframe_sandbox_inheritance.html (8914B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 https://bugzilla.mozilla.org/show_bug.cgi?id=341604 5 Implement HTML5 sandbox attribute for IFRAMEs - inheritance tests 6 --> 7 <head> 8 <meta charset="utf-8"> 9 <title>Test for Bug 341604</title> 10 <script src="/tests/SimpleTest/SimpleTest.js"></script> 11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 12 </head> 13 <script type="application/javascript"> 14 /** Test for Bug 341604 - Implement HTML5 sandbox attribute for IFRAMEs */ 15 /** Inheritance Tests */ 16 17 SimpleTest.waitForExplicitFinish(); 18 SimpleTest.requestFlakyTimeout("untriaged"); 19 20 // A postMessage handler that is used by sandboxed iframes without 21 // 'allow-same-origin' to communicate pass/fail back to this main page. 22 // It expects to be called with an object like {ok: true/false, desc: 23 // <description of the test> which it then forwards to ok(). 24 window.addEventListener("message", receiveMessage); 25 26 function receiveMessage(event) { 27 switch (event.data.type) { 28 case "attempted": 29 testAttempted(); 30 break; 31 case "ok": 32 ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted); 33 break; 34 default: 35 // allow for old style message 36 if (event.data.ok != undefined) { 37 ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted); 38 } 39 } 40 } 41 42 var attemptedTests = 0; 43 var passedTests = 0; 44 var totalTestsToPass = 15; 45 var totalTestsToAttempt = 19; 46 47 function ok_wrapper(result, desc, addToAttempted = true) { 48 ok(result, desc); 49 50 if (result) { 51 passedTests++; 52 } 53 54 if (addToAttempted) { 55 testAttempted(); 56 } 57 } 58 59 // Added so that tests that don't register unless they fail, 60 // can at least notify that they've attempted to run. 61 function testAttempted() { 62 attemptedTests++; 63 if (attemptedTests == totalTestsToAttempt) { 64 // Make sure all tests have had a chance to complete. 65 setTimeout(function() {finish();}, 1000); 66 } 67 } 68 69 var finishCalled = false; 70 71 function finish() { 72 if (!finishCalled) { 73 finishCalled = true; 74 is(passedTests, totalTestsToPass, "There are " + totalTestsToPass + " inheritance tests that should pass"); 75 76 SimpleTest.finish(); 77 } 78 } 79 80 function doTest() { 81 // fails if bad 82 // 1) an iframe with no sandbox attribute inside an iframe that has sandbox = "" 83 // should not be able to execute scripts (cannot ever loosen permissions) 84 // (done by file_iframe_sandbox_a_if2.html contained within file_iframe_sandbox_a_if1.html) 85 testAttempted(); 86 87 // fails if bad 88 // 2) an iframe with sandbox = "allow-scripts" inside an iframe that has sandbox = "" 89 // should not be able to execute scripts (cannot ever loosen permissions) 90 // (done by file_iframe_sandbox_a_if2.html contained within file_iframe_sandbox_a_if1.html) 91 testAttempted(); 92 93 // passes if good and fails if bad 94 // 3) an iframe with no sandbox attribute inside an iframe that has sandbox = "allow-scripts" 95 // should not be same origin with the top window 96 // (done by file_iframe_sandbox_a_if4.html contained within file_iframe_sandbox_a_if3.html) 97 98 // passes if good and fails if bad 99 // 4) an iframe with no sandbox attribute inside an iframe that has sandbox = "allow-scripts" 100 // should not be same origin with its parent 101 // (done by file_iframe_sandbox_a_if4.html contained within file_iframe_sandbox_a_if3.html) 102 103 // passes if good 104 // 5) an iframe with 'allow-same-origin' and 'allow-scripts' inside an iframe with 'allow-same-origin' 105 // and 'allow-scripts' should be same origin with the top window 106 // (done by file_iframe_sandbox_a_if6.html contained within file_iframe_sandbox_a_if5.html) 107 108 // passes if good 109 // 6) an iframe with 'allow-same-origin' and 'allow-scripts' inside an iframe with 'allow-same-origin' 110 // and 'allow-scripts' should be same origin with its parent 111 // (done by file_iframe_sandbox_a_if6.html contained within file_iframe_sandbox_a_if5.html) 112 113 // passes if good 114 // 7) an iframe with no sandbox attribute inside an iframe that has sandbox = "allow-scripts" 115 // should be able to execute scripts 116 // (done by file_iframe_sandbox_a_if7.html contained within file_iframe_sandbox_a_if3.html) 117 118 // fails if bad 119 // 8) an iframe with sandbox="" inside an iframe that has allow-scripts should not be able 120 // to execute scripts 121 // (done by file_iframe_sandbox_a_if2.html contained within file_iframe_sandbox_a_if3.html) 122 testAttempted(); 123 124 // passes if good 125 // 9) make sure that changing the sandbox flags on an iframe (if_8) doesn't affect 126 // the sandboxing of subloads of content within that iframe 127 var if_8 = document.getElementById('if_8'); 128 if_8.sandbox = 'allow-scripts'; 129 if_8.contentWindow.doSubload(); 130 131 // passes if good 132 // 10) a <frame> inside an <iframe> sandboxed with 'allow-scripts' should not be same 133 // origin with this document 134 // done by file_iframe_sandbox_a_if11.html which is contained with file_iframe_sandbox_a_if10.html 135 136 // passes if good 137 // 11) a <frame> inside a <frame> inside an <iframe> sandboxed with 'allow-scripts' should not be same 138 // origin with its parent frame or this document 139 // done by file_iframe_sandbox_a_if12.html which is contained with file_iframe_sandbox_a_if11.html 140 141 // passes if good, fails if bad 142 // 12) An <object> inside an <iframe> sandboxed with 'allow-scripts' should not be same 143 // origin with this document 144 // Done by file_iframe_sandbox_a_if14.html which is contained within file_iframe_sandbox_a_if13.html 145 146 // passes if good, fails if bad 147 // 13) An <object> inside an <object> inside an <iframe> sandboxed with 'allow-scripts' should not be same 148 // origin with its parent frame or this document 149 // Done by file_iframe_sandbox_a_if15.html which is contained within file_iframe_sandbox_a_if14.html 150 151 // passes if good, fails if bad 152 // 14) An <object> inside a <frame> inside an <iframe> sandboxed with 'allow-scripts' should not be same 153 // origin with its parent frame or this document 154 // Done by file_iframe_sandbox_a_if15.html which is contained within file_iframe_sandbox_a_if16.html 155 // which is contained within file_iframe_sandbox_a_if10.html 156 157 // passes if good 158 // 15) An <object> inside an <object> inside an <iframe> sandboxed with 'allow-scripts allow-forms' 159 // should be able to submit forms. 160 // Done by file_iframe_sandbox_a_if15.html which is contained within file_iframe_sandbox_a_if14.html 161 162 // passes if good 163 // 16) An <object> inside a <frame> inside an <iframe> sandboxed with 'allow-scripts allow-forms' 164 // should be able to submit forms. 165 // Done by file_iframe_sandbox_a_if15.html which is contained within file_iframe_sandbox_a_if16.html 166 // which is contained within file_iframe_sandbox_a_if10.html 167 168 // fails if bad 169 // 17) An <object> inside an <iframe> sandboxed with 'allow-same-origin' 170 // should not be able to run scripts. 171 // Done by iframe "if_no_scripts", which loads file_iframe_sandbox_srcdoc_no_allow_scripts.html. 172 testAttempted(); 173 174 // passes if good 175 // 18) An <object> inside an <iframe> sandboxed with 'allow-scripts allow-same-origin' 176 // should be able to run scripts and be same origin with this document. 177 // Done by iframe "if_scripts", which loads file_iframe_sandbox_srcdoc_allow_scripts.html. 178 179 // passes if good, fails if bad 180 // 19) Make sure that the parent's document's sandboxing flags are copied when 181 // changing the sandbox flags on an iframe inside an iframe. 182 // Done in file_iframe_sandbox_a_if17.html and file_iframe_sandbox_a_if18.html 183 } 184 185 addLoadEvent(doTest); 186 </script> 187 <body> 188 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=341604">Mozilla Bug 341604</a> - Implement HTML5 sandbox attribute for IFRAMEs 189 <p id="display"></p> 190 <div id="content"> 191 <iframe sandbox="" id="if_1" src="file_iframe_sandbox_a_if1.html" height="10" width="10"></iframe> 192 <iframe sandbox="allow-scripts" id="if_3" src="file_iframe_sandbox_a_if3.html" height="10" width="10"></iframe> 193 <iframe sandbox="allow-scripts allow-same-origin" id="if_5" src="file_iframe_sandbox_a_if5.html" height="10" width="10"></iframe> 194 <iframe sandbox="allow-scripts allow-same-origin" id="if_8" src="file_iframe_sandbox_a_if8.html" height="10" width="10"></iframe> 195 <iframe sandbox="allow-scripts allow-forms" id="if_10" src="file_iframe_sandbox_a_if10.html" height="10" width="10"></iframe> 196 <iframe sandbox="allow-scripts allow-forms" id="if_13" src="file_iframe_sandbox_a_if13.html" height="10" width="10"></iframe> 197 <iframe sandbox="allow-same-origin" id="if_no_scripts" srcdoc="<object data='file_iframe_sandbox_srcdoc_no_allow_scripts.html'></object>" height="10" width="10"></iframe> 198 <iframe sandbox="allow-scripts allow-same-origin" id="if_scripts" srcdoc="<object data='file_iframe_sandbox_srcdoc_allow_scripts.html'></object>" height="10" width="10"></iframe> 199 <iframe sandbox="allow-scripts" id="if_17" src="file_iframe_sandbox_a_if17.html" height="10" width="10"></iframe> 200 </div> 201 </body> 202 </html>