sandbox-disallow-same-origin.html (1200B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Access to sandbox iframe</title> 5 <link rel="author" title="Kinuko Yasuda" href="mailto:kinuko@chromium.org"> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/#sandboxed-origin-browsing-context-flag"> 7 <link rel="help" href="https://html.spec.whatwg.org/multipage/#integration-with-idl"> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 </head> 11 12 <body> 13 <h1>Access to sandbox iframe</h1> 14 <script type="text/javascript"> 15 var t = async_test("Access to sandbox iframe is disallowed") 16 var called = 0; 17 function calledFromIframe() { 18 called++; 19 } 20 function loaded() { 21 t.step(() => { 22 assert_throws_dom("SecurityError", () => { 23 document.getElementById('sandboxedframe').contentWindow.document; 24 }); 25 assert_equals(called, 0); 26 t.done(); 27 }); 28 } 29 </script> 30 31 <iframe src="/html/browsers/sandboxing/inner-iframe.html" style="visibility:hidden;display:none" sandbox id="sandboxedframe" onload="loaded();"></iframe> 32 </body> 33 34 <div id="log"></div> 35 </html>