origin-check-in-document-open-same-origin-domain.sub.html (1600B)
1 <!doctype html> 2 <title>Origin check in document.open() - same origin-domain (but not same origin) documents</title> 3 <link rel="author" title="Jochen Eisinger" href="mailto:jochen@chromium.org"> 4 <link rel="help" href="https://html.spec.whatwg.org/multipage/#opening-the-input-stream"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/html/resources/common.js"></script> 8 <body> 9 <script> 10 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) => { 11 document.domain = document.domain; 12 let doc = ctx.iframes[0].contentDocument; 13 let constructor = ctx.iframes[0].contentWindow.DOMException; 14 assert_throws_dom("SecurityError", constructor, doc.open.bind(doc), "Opening a same origin-domain (but not same origin) document doesn't throw."); 15 }, "It should not be possible to open same origin-domain (but not same origin) documents."); 16 17 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) => { 18 document.domain = document.domain; 19 let doc = ctx.iframes[0].contentDocument; 20 let constructor = ctx.iframes[0].contentWindow.DOMException; 21 assert_throws_dom("SecurityError", constructor, doc.write.bind(doc, ""), "Implicitly opening a same origin-domain (but not same origin) document doesn't throw."); 22 }, "It should not be possible to implicitly open same origin-domain (but not same origin) documents."); 23 </script> 24 </body>