[ tor-browser ].git.dasho

test_iframe_sandbox_same_origin.html (4703B)
      1 \<!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=341604
      5 Implement HTML5 sandbox attribute for IFRAMEs - same origin tests
      6 -->
      7 <head>
      8  <meta charset="utf-8">
      9  <title>Test for Bug 341604</title>
     10  <script src="/tests/SimpleTest/SimpleTest.js"></script>
     11  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
     12 </head>
     13 <script type="application/javascript">
     14 /** Test for Bug 341604 - Implement HTML5 sandbox attribute for IFRAMEs */
     15 /** Same Origin Tests */
     16 
     17 SimpleTest.waitForExplicitFinish();
     18  
     19 var completedTests = 0;
     20 var passedTests = 0;
     21 
     22 function ok_wrapper(result, desc) {
     23  ok(result, desc);
     24 
     25  completedTests++;
     26 
     27  if (result) {
     28    passedTests++;
     29  }
     30 
     31  if (completedTests == 14) {
     32    is(passedTests, completedTests, "There are " + completedTests + " same-origin tests that should pass");
     33 
     34    SimpleTest.finish();
     35  }
     36 }
     37 
     38 function receiveMessage(event)
     39 {
     40  ok_wrapper(event.data.ok, event.data.desc);
     41 }
     42 
     43 // a postMessage handler that is used by sandboxed iframes without
     44 // 'allow-same-origin' to communicate pass/fail back to this main page.
     45 // it expects to be called with an object like {ok: true/false, desc:
     46 // <description of the test> which it then forwards to ok()
     47 window.addEventListener("message", receiveMessage);
     48 
     49 function doTest() {
     50  // 1) test that we can't access an iframe sandboxed without "allow-same-origin"
     51  var if_1 = document.getElementById("if_1");
     52  try {
     53    var b = if_1.contentDocument.body;
     54    ok_wrapper(false, "accessing body of a sandboxed document should not be allowed");
     55  } catch (err){
     56    ok_wrapper(true, "accessing body of a sandboxed document should not be allowed");
     57  }
     58 
     59  // 2) test that we can access an iframe sandboxed with "allow-same-origin"
     60  var if_2 = document.getElementById("if_2");
     61 
     62  try {
     63    var b = if_2.contentDocument.body;
     64    ok_wrapper(true, "accessing body of a sandboxed document with allow-same-origin should be allowed");
     65  } catch (err) {
     66    ok_wrapper(false, "accessing body of a sandboxed document with allow-same-origin should be allowed");
     67  }
     68 
     69  // 3) test that a sandboxed iframe without 'allow-same-origin' cannot access its parent
     70  // this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
     71 
     72  // 4) test that a sandboxed iframe with 'allow-same-origin' can access its parent
     73  // this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
     74 
     75  // 5) check that a sandboxed iframe with "allow-same-origin" can access document.cookie
     76  // this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
     77 
     78  // 6) check that a sandboxed iframe with "allow-same-origin" can access window.localStorage
     79  // this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
     80 
     81  // 7) check that a sandboxed iframe with "allow-same-origin" can access window.sessionStorage
     82  // this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
     83 
     84  // 8) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access document.cookie
     85  // this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
     86 
     87  // 9) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access window.localStorage
     88  // this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
     89 
     90  // 10) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access window.sessionStorage
     91  // this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
     92 
     93  // 11) check that XHR works normally in a sandboxed iframe with "allow-same-origin" and "allow-scripts"
     94  // this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
     95 
     96  // 12) check that XHR is blocked in a sandboxed iframe with "allow-scripts" but WITHOUT "allow-same-origin"
     97  // this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
     98 }
     99 addLoadEvent(doTest);
    100 </script>
    101 <body>
    102 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=341604">Mozilla Bug 341604</a> - Implement HTML5 sandbox attribute for IFRAMEs
    103 <p id="display"></p>
    104 <div id="content">
    105 <iframe sandbox="" id="if_1" src="file_iframe_sandbox_b_if1.html" height="10" width="10"></iframe>
    106 <iframe sandbox="allow-same-origin allow-scripts" id="if_2" src="file_iframe_sandbox_b_if2.html" height="10" width="10"></iframe>
    107 <iframe sandbox="allow-scripts" id="if_3" src="file_iframe_sandbox_b_if3.html" height="10" width="10"></iframe>
    108 </div>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE