javascript-url.html (1217B)
1 <!doctype html> 2 <html> 3 <head> 4 <title>javascript: aliases security origin</title> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 </head> 8 <body> 9 <script> 10 promise_test(t => { 11 let iframe = document.createElement('iframe'); 12 document.body.appendChild(iframe); 13 // Should not throw: srcdoc should always be same-origin. 14 iframe.contentDocument; 15 16 iframe.contentWindow.location = 'javascript:"Hello world!"'; 17 return new Promise(resolve => { 18 iframe.addEventListener('load', resolve); 19 }).then(() => { 20 // Explicitly set `domain` component of origin: any other same-origin 21 // browsing contexts are now cross-origin unless they also explicitly 22 // set document.domain to the same value. 23 document.domain = document.domain; 24 // Should not throw: the origin should be aliased, so setting 25 // document.domain in one Document should affect both Documents. 26 assert_equals( 27 iframe.contentWindow.document.body.textContent, 28 'Hello world!'); 29 }); 30 }); 31 </script> 32 </body> 33 </html>