navigate-cross-origin-iframe-to-same-url-with-fragment-fire-load-event.html (1067B)
1 <!doctype html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <script src="/common/get-host-info.sub.js"></script> 5 <body> 6 <script> 7 async_test(t => { 8 const crossOriginUrl = new URL(get_host_info().HTTPS_REMOTE_ORIGIN); 9 crossOriginUrl.pathname = "/common/blank.html"; 10 const i = document.createElement("iframe"); 11 i.src = crossOriginUrl; 12 document.body.appendChild(i); 13 14 let wasLoadEventFired = false; 15 i.onload = t.step_func(() => { 16 // Though iframe is cross-origin and changing hash leads soft reload, the 17 // load event should be fired to protect sensitive information. 18 // See: https://crbug.com/1248444 19 crossOriginUrl.hash = "#foo"; 20 i.onload = () => { 21 assert_false(wasLoadEventFired) 22 wasLoadEventFired = true; 23 // Wait for a while to ensure other onload events are never fired. 24 t.step_timeout(() => t.done(), 100); 25 }; 26 i.src = crossOriginUrl; 27 }); 28 29 }, "Changing the URL hash of a cross-origin iframe should fire a load event"); 30 </script> 31 </body>