javascript-url-security-check-same-origin-domain.sub.html (854B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>javascript: URL security check for same-origin-domain but not same-origin</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 7 <iframe src="http://{{hosts[][www]}}:{{ports[http][0]}}/html/browsers/browsing-the-web/navigating-across-documents/resources/document-domain-set-to-site.sub.html"></iframe> 8 <script> 9 "use strict"; 10 document.domain = "{{host}}"; 11 12 setup({ explicit_done: true }); 13 14 window.onload = () => { 15 async_test(t => { 16 assert_equals(frames[0].document.body.textContent, "", "before"); 17 18 window.onmessage = t.step_func_done(() => { 19 assert_equals(frames[0].document.body.textContent, "new", "after"); 20 }); 21 22 frames[0].location.href = "javascript:parent.postMessage('done', '*'); 'new';"; 23 }); 24 done(); 25 }; 26 </script>