sandbox-disallow-scripts-via-unsandboxed-popup.tentative.html (1404B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <body> 5 <script> 6 async_test(t => { 7 let i = document.createElement('iframe'); 8 i.sandbox = "allow-same-origin allow-popups allow-popups-to-escape-sandbox"; 9 i.srcdoc = `<a target='_blank' rel='opener' 10 href="javascript:window.opener.top.postMessage('FAIL', '*');">Click me!</a> 11 <a target='_blank' rel='opener' 12 href="./resources/post-done-to-opener.html">Click me next!</a>`; 13 14 i.onload = _ => { 15 // Since the frame is sandboxed, but allow-same-origin, we can reach into it to grab the 16 // anchor element to click. We'll click the `javascript:` URL first, then pop up a new 17 // window that posts `DONE`. 18 // 19 // TODO(mkwst): This feels like a race, but it's one that we consistently win when I'm 20 // running the test locally 10,000 times. Good enough!™ 21 i.contentDocument.body.querySelectorAll('a')[0].click(); 22 i.contentDocument.body.querySelectorAll('a')[1].click(); 23 }; 24 document.body.appendChild(i); 25 26 window.addEventListener('message', t.step_func(e => { 27 assert_not_equals(e.data, "FAIL"); 28 if (e.data == "DONE") 29 t.done(); 30 })); 31 }, "Sandboxed => unsandboxed popup"); 32 </script> 33 </body>