tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sandbox-inherited-from-initiator-frame.html (2079B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <title>Inherit sandbox flags from the initiator's frame</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <body>
      7 <script>
      8 // Check sandbox flags are properly inherited when a document initiate a
      9 // navigation inside another frame that it doesn't own directly.
     10 
     11 // This check the sandbox flags defined by the frame. See also the other test
     12 // about sandbox flags defined by the response (e.g. CSP sandbox):
     13 // => sandbox-inherited-from-initiators-response.html
     14 
     15 // Return a promise, resolving when |element| triggers |event_name| event.
     16 let future = (element, event_name) => {
     17  return new Promise(resolve => {
     18    element.addEventListener(event_name, event => resolve(event))
     19  });
     20 };
     21 
     22 promise_test(async test => {
     23  const iframe_1 = document.createElement("iframe");
     24  const iframe_2 = document.createElement("iframe");
     25 
     26  iframe_1.id = "iframe_1";
     27  iframe_2.id = "iframe_2";
     28 
     29  const iframe_1_script = encodeURI(`
     30    <script>
     31      try {
     32        document.domain = document.domain;
     33        parent.postMessage("not sandboxed", "*");
     34      } catch (exception) {
     35        parent.postMessage("sandboxed", "*");
     36      }
     37    </scr`+`ipt>
     38  `);
     39 
     40  const iframe_2_script = `
     41    <script>
     42      const iframe_1 = parent.document.querySelector("#iframe_1");
     43      iframe_1.src = "data:text/html,${iframe_1_script}";
     44    </scr`+`ipt>
     45  `;
     46 
     47  iframe_2.sandbox = "allow-scripts allow-same-origin";
     48  iframe_2.srcdoc = iframe_2_script;
     49 
     50  // Insert |iframe_1|. It will load the initial empty document, with no sandbox
     51  // flags.
     52  const iframe_1_load_1 = future(iframe_1, "load");
     53  document.body.appendChild(iframe_1);
     54  await iframe_1_load_1;
     55 
     56  // Insert |iframe_2|. It will load with sandbox flags. It will make |iframe_1|
     57  // to navigate toward a data-url, which should inherit the sandbox flags.
     58  const iframe_1_reply = future(window, "message");
     59  document.body.appendChild(iframe_2);
     60  const result = await iframe_1_reply;
     61 
     62  assert_equals("sandboxed", result.data);
     63 })
     64 </script>