sandboxed-iframes.https.html (2224B)
1 <!DOCTYPE html> 2 <title>Cache Storage: Verify access in sandboxed iframes</title> 3 <link rel="help" href="https://w3c.github.io/ServiceWorker/#cache-storage"> 4 <meta name="timeout" content="long"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script> 8 9 function load_iframe(src, sandbox) { 10 return new Promise(function(resolve, reject) { 11 var iframe = document.createElement('iframe'); 12 iframe.onload = function() { resolve(iframe); }; 13 14 iframe.sandbox = sandbox; 15 iframe.src = src; 16 17 document.documentElement.appendChild(iframe); 18 }); 19 } 20 21 function wait_for_message(id) { 22 return new Promise(function(resolve) { 23 self.addEventListener('message', function listener(e) { 24 if (e.data.id === id) { 25 resolve(e.data); 26 self.removeEventListener('message', listener); 27 } 28 }); 29 }); 30 } 31 32 var counter = 0; 33 34 promise_test(function(t) { 35 return load_iframe('./resources/iframe.html', 36 'allow-scripts allow-same-origin') 37 .then(function(iframe) { 38 var id = ++counter; 39 iframe.contentWindow.postMessage({id: id}, '*'); 40 return wait_for_message(id); 41 }) 42 .then(function(message) { 43 assert_equals( 44 message.result, 'allowed', 45 'Access should be allowed if sandbox has allow-same-origin'); 46 }); 47 }, 'Sandboxed iframe with allow-same-origin is allowed access'); 48 49 promise_test(function(t) { 50 return load_iframe('./resources/iframe.html', 51 'allow-scripts') 52 .then(function(iframe) { 53 var id = ++counter; 54 iframe.contentWindow.postMessage({id: id}, '*'); 55 return wait_for_message(id); 56 }) 57 .then(function(message) { 58 assert_equals( 59 message.result, 'denied', 60 'Access should be denied if sandbox lacks allow-same-origin'); 61 assert_equals(message.name, 'SecurityError', 62 'Failure should be a SecurityError'); 63 }); 64 }, 'Sandboxed iframe without allow-same-origin is denied access'); 65 66 </script>