Accueil Explorer Aide
Connexion
khronosschoty
/
palemoon-dev
Suivre 2
Voter 1
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
palemoon-dev
/
platform
/
docshell
/
test
/
iframesandbox
/
test_child_navigation_by_location.html

test_child_navigation_by_location.html 3.1 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. <!DOCTYPE HTML>
    2. 

  2. <html>
    3. 

  3. <!--
    4. 

  4. https://bugzilla.mozilla.org/show_bug.cgi?id=785310
    5. 

  5. html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
    6. 

  6. -->
    7. 

  7. <head>
    8. 

  8. <meta charset="utf-8">
    9. 

  9. <title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title>
    10. 

  10. <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
    11. 

  11. <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
    12. 

  12. 

  13. <script>
    14. 

  14.   SimpleTest.waitForExplicitFinish();
    15. 

  15. 

  16.   var testHtml = "<script>function onNav() { parent.parent.postMessage('childIframe', '*'); } window.onload = onNav; window.onhashchange = onNav;<\/script>";
    17. 

  17.   var testDataUri = "data:text/html," + testHtml;
    18. 

  18. 

  19.   function runScriptNavigationTest(testCase) {
    20. 

  20.     window.onmessage = function(event) {
    21. 

  21.       if (event.data != 'childIframe') {
    22. 

  22.         ok(false, "event.data: got '" + event.data + "', expected 'childIframe'");
    23. 

  23.       }
    24. 

  24.       ok(!testCase.shouldBeBlocked, testCase.desc, "child navigation was NOT blocked");
    25. 

  25.       runNextTest();
    26. 

  26.     };
    27. 

  27.     try {
    28. 

  28.       window["parentIframe"].eval(testCase.script);
    29. 

  29.     } catch(e) {
    30. 

  30.     ok(testCase.shouldBeBlocked, testCase.desc, e.message);
    31. 

  31.       runNextTest();
    32. 

  32.     }
    33. 

  33.   }
    34. 

  34. 

  35.   var testCaseIndex = -1;
    36. 

  36.   testCases = [
    37. 

  37.     {
    38. 

  38.       desc: "Test 1: cross origin child location.replace should NOT be blocked",
    39. 

  39.       script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")",
    40. 

  40.       shouldBeBlocked: false
    41. 

  41.     },
    42. 

  42.     {
    43. 

  43.       desc: "Test 2: cross origin child location.assign should be blocked",
    44. 

  44.       script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
    45. 

  45.       shouldBeBlocked: true
    46. 

  46.     },
    47. 

  47.     {
    48. 

  48.       desc: "Test 3: same origin child location.assign should NOT be blocked",
    49. 

  49.       script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
    50. 

  50.       shouldBeBlocked: false
    51. 

  51.     },
    52. 

  52.     {
    53. 

  53.       desc: "Test 4: cross origin child location.href should NOT be blocked",
    54. 

  54.       script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"",
    55. 

  55.       shouldBeBlocked: false
    56. 

  56.     },
    57. 

  57.     {
    58. 

  58.       desc: "Test 5: cross origin child location.hash should be blocked",
    59. 

  59.       script: "window['crossOriginChildIframe'].location.hash = 'wibble'",
    60. 

  60.       shouldBeBlocked: true
    61. 

  61.     },
    62. 

  62.     {
    63. 

  63.       desc: "Test 6: same origin child location.hash should NOT be blocked",
    64. 

  64.       script: "window['sameOriginChildIframe'].location.hash = 'wibble'",
    65. 

  65.       shouldBeBlocked: false
    66. 

  66.     }
    67. 

  67.   ];
    68. 

  68. 

  69.   function runNextTest() {
    70. 

  70.     ++testCaseIndex;
    71. 

  71.     if (testCaseIndex == testCases.length) {
    72. 

  72.       SimpleTest.finish();
    73. 

  73.       return;
    74. 

  74.     }
    75. 

  75. 

  76.     runScriptNavigationTest(testCases[testCaseIndex]);
    77. 

  77.   }
    78. 

  78. 

  79.   addLoadEvent(runNextTest);
    80. 

  80. </script>
    81. 

  81. </head>
    82. 

  82. <body>
    83. 

  83. <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
    84. 

  84. <p id="display"></p>
    85. 

  85. <div id="content">
    86. 

  86. Tests for Bug 785310
    87. 

  87. </div>
    88. 

  88. 

  89. <iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" src="data:text/html,<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe>
    90. 

  90. 

  91. </body>
    92. 

  92. </html>
    93. 

  93.