зеркало из https://github.com/mozilla/gecko-dev.git
109 строки
4.6 KiB
HTML
109 строки
4.6 KiB
HTML
\<!DOCTYPE HTML>
|
|
<html>
|
|
<!--
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=341604
|
|
Implement HTML5 sandbox attribute for IFRAMEs - same origin tests
|
|
-->
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Test for Bug 341604</title>
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
|
</head>
|
|
<script type="application/javascript">
|
|
/** Test for Bug 341604 - Implement HTML5 sandbox attribute for IFRAMEs **/
|
|
/** Same Origin Tests **/
|
|
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
var completedTests = 0;
|
|
var passedTests = 0;
|
|
|
|
function ok_wrapper(result, desc) {
|
|
ok(result, desc);
|
|
|
|
completedTests++;
|
|
|
|
if (result) {
|
|
passedTests++;
|
|
}
|
|
|
|
if (completedTests == 14) {
|
|
is(passedTests, completedTests, "There are " + completedTests + " same-origin tests that should pass");
|
|
|
|
SimpleTest.finish();
|
|
}
|
|
}
|
|
|
|
function receiveMessage(event)
|
|
{
|
|
ok_wrapper(event.data.ok, event.data.desc);
|
|
}
|
|
|
|
// a postMessage handler that is used by sandboxed iframes without
|
|
// 'allow-same-origin' to communicate pass/fail back to this main page.
|
|
// it expects to be called with an object like {ok: true/false, desc:
|
|
// <description of the test> which it then forwards to ok()
|
|
window.addEventListener("message", receiveMessage);
|
|
|
|
function doTest() {
|
|
// 1) test that we can't access an iframe sandboxed without "allow-same-origin"
|
|
var if_1 = document.getElementById("if_1");
|
|
try {
|
|
var b = if_1.contentDocument.body;
|
|
ok_wrapper(false, "accessing body of a sandboxed document should not be allowed");
|
|
} catch (err){
|
|
ok_wrapper(true, "accessing body of a sandboxed document should not be allowed");
|
|
}
|
|
|
|
// 2) test that we can access an iframe sandboxed with "allow-same-origin"
|
|
var if_2 = document.getElementById("if_2");
|
|
|
|
try {
|
|
var b = if_2.contentDocument.body;
|
|
ok_wrapper(true, "accessing body of a sandboxed document with allow-same-origin should be allowed");
|
|
} catch (err) {
|
|
ok_wrapper(false, "accessing body of a sandboxed document with allow-same-origin should be allowed");
|
|
}
|
|
|
|
// 3) test that a sandboxed iframe without 'allow-same-origin' cannot access its parent
|
|
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
|
|
|
// 4) test that a sandboxed iframe with 'allow-same-origin' can access its parent
|
|
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
|
|
|
// 5) check that a sandboxed iframe with "allow-same-origin" can access document.cookie
|
|
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
|
|
|
// 6) check that a sandboxed iframe with "allow-same-origin" can access window.localStorage
|
|
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
|
|
|
// 7) check that a sandboxed iframe with "allow-same-origin" can access window.sessionStorage
|
|
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
|
|
|
// 8) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access document.cookie
|
|
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
|
|
|
// 9) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access window.localStorage
|
|
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
|
|
|
// 10) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access window.sessionStorage
|
|
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
|
|
|
// 11) check that XHR works normally in a sandboxed iframe with "allow-same-origin" and "allow-scripts"
|
|
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
|
|
|
// 12) check that XHR is blocked in a sandboxed iframe with "allow-scripts" but WITHOUT "allow-same-origin"
|
|
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
|
}
|
|
addLoadEvent(doTest);
|
|
</script>
|
|
<body>
|
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=341604">Mozilla Bug 341604</a> - Implement HTML5 sandbox attribute for IFRAMEs
|
|
<p id="display"></p>
|
|
<div id="content">
|
|
<iframe sandbox="" id="if_1" src="file_iframe_sandbox_b_if1.html" height="10" width="10"></iframe>
|
|
<iframe sandbox="allow-same-origin allow-scripts" id="if_2" src="file_iframe_sandbox_b_if2.html" height="10" width="10"></iframe>
|
|
<iframe sandbox="allow-scripts" id="if_3" src="file_iframe_sandbox_b_if3.html" height="10" width="10"></iframe>
|
|
</div>
|