tor-browser

test_iframe_sandbox_popups_inheritance.html (6146B)

---

<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=766282
Implement HTML5 sandbox allow-popuos directive for IFRAMEs - inheritance tests
-->
<head>
 <meta charset="utf-8">
 <title>Tests for Bug 766282</title>
 <script src="/tests/SimpleTest/SimpleTest.js"></script>
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>

<script type="application/javascript">

SimpleTest.expectAssertions(0, 5);
SimpleTest.waitForExplicitFinish();
SimpleTest.requestFlakyTimeout("untriaged");

// A postMessage handler that is used by sandboxed iframes without
// 'allow-same-origin' to communicate pass/fail back to this main page.
window.addEventListener("message", receiveMessage);

function receiveMessage(event) {
 switch (event.data.type) {
   case "attempted":
     testAttempted();
     break;
   case "ok":
     ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted);
     break;
   default:
     // allow for old style message
     if (event.data.ok != undefined) {
       ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted);
     }
 }
}

var iframesWithWindowsToClose = new Array();

var attemptedTests = 0;
var passedTests = 0;
var totalTestsToPass = 15;
var totalTestsToAttempt = 21;

function ok_wrapper(result, desc, addToAttempted = true) {
 ok(result, desc);

 if (result) {
   passedTests++;
 }

 if (addToAttempted) {
   testAttempted();
 }
}

// Added so that tests that don't register unless they fail,
// can at least notify that they've attempted to run.
function testAttempted() {
 attemptedTests++;
 if (attemptedTests == totalTestsToAttempt) {
   // Make sure all tests have had a chance to complete.
   setTimeout(function() {finish();}, 1000);
 }
}

var finishCalled = false;

function finish() {
 if (!finishCalled) {
   finishCalled = true;
   is(passedTests, totalTestsToPass, "There are " + totalTestsToPass + " inheritance tests that should pass");

   closeWindows();

   SimpleTest.finish();
 }
}

function checkTestsFinished() {
 // If our own finish() has not been called, probably failed due to a timeout, so close remaining windows.
 if (!finishCalled) {
   closeWindows();
 }
}

function closeWindows() {
 for (var i = 0; i < iframesWithWindowsToClose.length; i++) {
   document.getElementById(iframesWithWindowsToClose[i]).contentWindow.postMessage({type: "closeWindows"}, "*");
 }
}

function doTest() {
 // passes if good and fails if bad
 // 1,2,3) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
 // allow-same-origin" should not have its origin sandbox flag set and be able to access document.cookie.
 // (Done by file_iframe_sandbox_k_if5.html opened from file_iframe_sandbox_k_if4.html)
 // This is repeated for 3 different ways of opening the window,
 // see file_iframe_sandbox_k_if4.html for details.

 // passes if good
 // 4,5,6) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
 // allow-top-navigation" should not have its top-level navigation sandbox flag set and be able to
 // navigate top. (Done by file_iframe_sandbox_k_if5.html (and if6) opened from
 // file_iframe_sandbox_k_if4.html).  This is repeated for 3 different ways of opening the window,
 // see file_iframe_sandbox_k_if4.html for details.

 // passes if good
 // 7,8,9) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
 // all-forms" should not have its forms sandbox flag set and be able to submit forms.
 // (Done by file_iframe_sandbox_k_if7.html opened from file_iframe_sandbox_k_if4.html)
 // This is repeated for 3 different ways of opening the window,
 // see file_iframe_sandbox_k_if4.html for details.

 // passes if good
 // 10,11,12) Make sure that the sandbox flags copied to a new browsing context are taken from the
 // current active document not the browsing context (iframe / docShell).
 // This is done by removing allow-same-origin and calling doSubOpens from file_iframe_sandbox_k_if8.html,
 // which opens file_iframe_sandbox_k_if9.html in 3 different ways.
 // It then navigates to file_iframe_sandbox_k_if1.html to run tests 13 - 21 below.
 var if_8_1 = document.getElementById('if_8_1');
 if_8_1.sandbox = 'allow-scripts allow-popups';
 if_8_1.contentWindow.doSubOpens();

 // passes if good and fails if bad
 // 13,14,15) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups"
 // should have its origin sandbox flag set and not be able to access document.cookie.
 // This is done by file_iframe_sandbox_k_if8.html navigating to file_iframe_sandbox_k_if1.html
 // after allow-same-origin has been removed from iframe if_8_1.  file_iframe_sandbox_k_if1.html
 // opens file_iframe_sandbox_k_if2.html in 3 different ways to perform the tests.
 iframesWithWindowsToClose.push("if_8_1");

 // fails if bad
 // 16,17,18) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups"
 // should have its forms sandbox flag set and not be able to submit forms.
 // This is done by file_iframe_sandbox_k_if2.html, see test 10 for details of how this is opened.

 // fails if bad
 // 19,20,21) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups"
 // should have its top-level navigation sandbox flag set and not be able to navigate top.
 // This is done by file_iframe_sandbox_k_if2.html, see test 10 for details of how this is opened.
}

addLoadEvent(doTest);
</script>

<body onunload="checkTestsFinished()">
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=766282">Mozilla Bug 766282</a> - Implement HTML5 sandbox allow-popups directive for IFRAMEs
<p id="display"></p>
<div id="content">
<iframe sandbox="allow-scripts allow-popups allow-same-origin allow-forms allow-top-navigation" id="if_4" src="file_iframe_sandbox_k_if4.html" height="10" width="10"></iframe>
<iframe sandbox="allow-scripts allow-popups allow-same-origin" id="if_8_1" src="file_iframe_sandbox_k_if8.html" height="10" width="10"></iframe>
</div>
</body>
</html>