sandbox-initial-empty-document-toward-same-origin.html (1097B)
1 <!DOCTYPE html> 2 <meta charset=utf-8> 3 <title> 4 Check sandbox-flags inheritance in case of javascript window reuse. 5 </title> 6 <script src="/resources/testharness.js"></script> 7 <script src="/resources/testharnessreport.js"></script> 8 <body> 9 <script> 10 promise_test(async test => { 11 let message = new Promise(resolve => 12 window.addEventListener("message", event => resolve(event.data)) 13 ); 14 15 // Create an initial empty document in the iframe, sandboxed. It will attempt 16 // to load a slow page, but won't have time. 17 let iframe = document.createElement("iframe"); 18 iframe.setAttribute("sandbox", "allow-scripts allow-same-origin"); 19 iframe.src = "/fetch/api/resources/infinite-slow-response.py"; 20 document.body.appendChild(iframe); 21 22 // Remove sandbox flags. This should apply to documents committed from 23 // navigations started after this instruction. 24 iframe.removeAttribute("sandbox"); 25 iframe.src = "./resources/check-sandbox-flags.html"; 26 27 // The window is reused, but the new sandbox flags should be used. 28 assert_equals(await message, "document-domain-is-allowed"); 29 }); 30 </script>