sandbox-new-execution-context.html (1703B)
1 <!doctype html> 2 <html> 3 <head> 4 <title>Reuse of iframe about:blank document execution context</title> 5 <link rel="author" title="Dan Clark" href="mailto:daniec@microsoft.com"> 6 <link rel="help" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#sandboxing"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 </head> 10 11 <body> 12 <h1>Reuse of iframe about:blank document execution context in sandbox="allow-scripts" iframe</h1> 13 <script type="text/javascript"> 14 async_test(t => { 15 let iframe = document.createElement("iframe"); 16 document.body.appendChild(iframe); 17 18 let iframeAboutBlankDocument = iframe.contentDocument; 19 assert_equals(iframeAboutBlankDocument.URL, "about:blank"); 20 21 iframe.sandbox = "allow-scripts"; 22 iframe.src = './sandbox-new-execution-context-iframe.html'; 23 24 iframe.onload = t.step_func_done(() => { 25 assert_equals(iframe.contentDocument, null, 26 "New document in sandboxed iframe should have opaque origin"); 27 28 assert_equals(Object.getPrototypeOf(iframeAboutBlankDocument).changeFromSandboxedIframe, undefined, 29 "Sandboxed iframe contents should not have been able to mess with type system of about:blank document"); 30 31 let iframeAboutBlankContents = iframeAboutBlankDocument.querySelectorAll('body'); 32 assert_equals(iframeAboutBlankContents[0].tagName, "BODY", 33 "about:blank document's contents should still be accessible"); 34 }); 35 },"iframe with sandbox should load with new execution context"); 36 </script> 37 <div id="log"></div> 38 </body> 39 </html>