allow-scripts-flag-changing-1.html (1602B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>Meta refresh is blocked by the allow-scripts sandbox flag at its creation time, not when refresh comes due</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv-refresh"> 7 8 <div id="log"></div> 9 10 <script> 11 "use strict"; 12 setup({ single_test: true }); 13 14 const sourceIFrame = document.createElement("iframe"); 15 sourceIFrame.setAttribute("sandbox", "allow-same-origin"); 16 17 const destIFrame = document.createElement("iframe"); 18 19 let sourceLoadCount = 0; 20 let destLoadCount = 0; 21 22 sourceIFrame.onload = () => { 23 ++sourceLoadCount; 24 25 if (sourceLoadCount === 2) { 26 assert_unreached("The iframe from which the meta came from must not refresh"); 27 } 28 29 maybeStartTest(); 30 }; 31 32 destIFrame.onload = () => { 33 ++destLoadCount; 34 35 if (destLoadCount === 2) { 36 // destIFrame doesn't have the sandboxed automatic features browsing context 37 // flag sets, thus navigated. 38 assert_equals(destIFrame.contentDocument.body.textContent.trim(), "foo"); 39 done(); 40 } 41 42 maybeStartTest(); 43 }; 44 45 function maybeStartTest() { 46 if (sourceLoadCount === 1 && destLoadCount === 1) { 47 const meta = sourceIFrame.contentDocument.querySelector("meta"); 48 destIFrame.contentDocument.body.appendChild(meta); 49 } 50 } 51 52 sourceIFrame.src = "support/refresh.sub.html?input=" + encodeURIComponent("1; url=foo"); 53 destIFrame.src = "support/ufoo"; 54 55 document.body.appendChild(sourceIFrame); 56 document.body.appendChild(destIFrame); 57 </script>