sandboxing-back-parent.html (1539B)
1 <!doctype html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <script src="return-value/resources/helpers.js"></script> 5 <iframe id="i" src="/common/blank.html?startI" sandbox="allow-scripts allow-same-origin"></iframe> 6 7 <script> 8 // Intended setup: 9 // Step 0: 10 // - Parent: (current URL) 11 // - i: /common/blank.html?startI 12 // Step 1: 13 // - Parent: (current URL) 14 // - i: resources/navigation-back.html 15 // Step 2: 16 // - Parent: (current URL)#end 17 // - i: resources/navigation-back.html 18 // 19 // Then, calling navigation.back() in i will take is from step 2 to step 0, which would navigate the parent. 20 // That is not allowed, so the call to back() must reject. 21 22 promise_test(async t => { 23 await new Promise(resolve => window.onload = resolve); 24 25 i.contentWindow.location.href = new URL("resources/navigation-back.html", location.href); 26 await new Promise(resolve => i.onload = resolve); 27 28 location.hash = "#end"; 29 await new Promise(resolve => window.onhashchange = resolve); 30 31 navigation.onnavigate = t.unreached_func("navigate must not fire"); 32 navigation.onnavigateerror = t.unreached_func("navigateerror must not fire"); 33 window.onpopstate = t.unreached_func("popstate must not fire"); 34 window.onhashchange = t.unreached_func("hashchange must not fire"); 35 36 await assertBothRejectDOM(t, i.contentWindow.doNavigationBack(), "SecurityError", i.contentWindow); 37 }, "A sandboxed iframe cannot navigate its parent via its own navigation object by using back()"); 38 </script>