about-srcdoc.html (1083B)
1 <!doctype html> 2 <html> 3 <head> 4 <title>about:srcdoc aliases security origin</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 </head> 8 <body> 9 <script> 10 test(() => { 11 let iframe = document.createElement('iframe'); 12 iframe.srcdoc = '<body></body>'; 13 document.body.appendChild(iframe); 14 // Should not throw: srcdoc should always be same-origin. 15 iframe.contentWindow.document.body.innerHTML = '<p>Hello world!</p>'; 16 17 // Explicitly set `domain` component of origin: any other same-origin 18 // browsing contexts are now cross-origin unless they also explicitly 19 // set document.domain to the same value. 20 document.domain = document.domain; 21 // Should not throw: the origin should be aliased, so setting 22 // document.domain in one Document should affect both Documents. 23 assert_equals( 24 iframe.contentWindow.document.body.textContent, 25 'Hello world!'); 26 }); 27 </script> 28 </body> 29 </html>