origin-of-data-document.html (1282B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset=utf-8> 5 <title>Origin of document produced from a 'data:' URL</title> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/browsers.html#origin"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 </head> 10 <body> 11 <script> 12 async_test(function (t) { 13 var i = document.createElement('iframe'); 14 i.src = "data:text/html,<script>" + 15 " window.parent.postMessage('Hello!', '*');" + 16 "</scr" + "ipt>"; 17 18 window.addEventListener("message", t.step_func_done(function (e) { 19 assert_equals(e.origin, "null", "Messages sent from a 'data:' URL should have an opaque origin (which serializes to 'null')."); 20 assert_throws_dom("SecurityError", function () { 21 var couldAccessCrossOriginProperty = e.source.location.href; 22 }, "The 'data:' frame should be cross-origin: 'window.location.href'"); 23 assert_equals(i.contentDocument, null, "The 'data:' iframe should be unable to access its contentDocument."); 24 })); 25 26 document.body.appendChild(i); 27 }, "The origin of a 'data:' document in a frame is opaque."); 28 </script> 29 </body> 30 </html>