location-properties-smoke-test.window.js (1856B)
1 // META: variant=?assign 2 // META: variant=?customproperty 3 // META: variant=?hash 4 // META: variant=?host 5 // META: variant=?hostname 6 // META: variant=?pathname 7 // META: variant=?port 8 // META: variant=?protocol 9 // META: variant=?reload 10 // META: variant=?search 11 // META: variant=?toString 12 // META: variant=?valueOf 13 // META: script=/common/get-host-info.sub.js 14 // META: script=/common/utils.js 15 // META: script=/common/dispatcher/dispatcher.js 16 17 const property = window.location.search.substr(1); 18 19 promise_test(async t => { 20 const iframeContext = new RemoteContext(token()); 21 const iframe = document.createElement("iframe"); 22 iframe.src = get_host_info().REMOTE_ORIGIN + 23 "/common/dispatcher/remote-executor.html?uuid=" + iframeContext.context_id; 24 document.body.appendChild(iframe); 25 26 // Wait for the cross-origin document to be loaded inside the iframe. 27 assert_equals( 28 await iframeContext.execute_script(() => "Document loaded") , 29 "Document loaded" 30 ); 31 32 assert_throws_dom("SecurityError", () => { 33 const unused = iframe.contentWindow.location[property]; 34 }, "Cross origin get of a location property should throw a security error"); 35 36 assert_throws_dom("SecurityError", () => { 37 iframe.contentWindow.location[property] = "Random string"; 38 }, "Cross origin set of a location property should throw a security error"); 39 40 // Verify that the property was indeed not modified. 41 assert_not_equals( 42 await iframeContext.execute_script(property => location[property], 43 [property]), 44 "Random string", 45 ); 46 47 assert_throws_dom("SecurityError", () => { 48 const unused = Object.getOwnPropertyDescriptor( 49 iframe.contentWindow.location, property); 50 }, "Cross origin get of descriptors should throw a security error"); 51 }, `Verifying that cross-origin access of '${property}' is restricted`);