sandbox-document-open-mutation.window.js (1256B)
1 // Return whether the current context is sandboxed or not. The implementation do 2 // not matter much, but might have to change over time depending on what side 3 // effect sandbox flag have. Feel free to update as needed. 4 const is_sandboxed = () => { 5 try { 6 document.domain = document.domain; 7 return "not sandboxed"; 8 } catch (error) { 9 return "sandboxed"; 10 } 11 }; 12 13 promise_test(async test => { 14 const message = new Promise(r => window.addEventListener("message", r)); 15 16 const iframe_unsandboxed = document.createElement("iframe"); 17 document.body.appendChild(iframe_unsandboxed); 18 19 const iframe_sandboxed = document.createElement("iframe"); 20 iframe_sandboxed.sandbox = "allow-same-origin allow-scripts"; 21 document.body.appendChild(iframe_sandboxed); 22 23 iframe_sandboxed.srcdoc = ` 24 <script> 25 parent.frames[0].document.write(\` 26 <script> 27 const is_sandboxed = ${is_sandboxed}; 28 window.parent.postMessage(is_sandboxed(), '*'); 29 </scr\`+\`ipt> 30 \`); 31 parent.frames[0].document.close(); 32 </scr`+`ipt> 33 `; 34 assert_equals((await message).data, "not sandboxed"); 35 36 }, "Using document.open() against a document from a different window must not" + 37 " mutate the other window's sandbox flags");