OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <title>Cache Storage: Verify access in sandboxed iframes</title> |
| 3 <link rel="help" href="https://slightlyoff.github.io/ServiceWorker/spec/service_
worker/#cache-storage"> |
| 4 <script src="/resources/testharness.js"></script> |
| 5 <script src="/resources/testharnessreport.js"></script> |
| 6 <script src="/resources/testharness-helpers.js"></script> |
| 7 <script> |
| 8 |
| 9 function load_iframe(src, sandbox) { |
| 10 return new Promise(function(resolve, reject) { |
| 11 var iframe = document.createElement('iframe'); |
| 12 iframe.onload = function() { resolve(iframe); }; |
| 13 |
| 14 iframe.sandbox = sandbox; |
| 15 iframe.src = src; |
| 16 |
| 17 document.documentElement.appendChild(iframe); |
| 18 }); |
| 19 } |
| 20 |
| 21 function wait_for_message(id) { |
| 22 return new Promise(function(resolve) { |
| 23 self.addEventListener('message', function listener(e) { |
| 24 if (e.data.id === id) { |
| 25 resolve(e.data); |
| 26 self.removeEventListener(listener); |
| 27 } |
| 28 }); |
| 29 }); |
| 30 } |
| 31 |
| 32 var counter = 0; |
| 33 |
| 34 promise_test(function(t) { |
| 35 return load_iframe('../resources/iframe.html', |
| 36 'allow-scripts allow-same-origin') |
| 37 .then(function(iframe) { |
| 38 var id = ++counter; |
| 39 iframe.contentWindow.postMessage({id: id}, '*'); |
| 40 return wait_for_message(id); |
| 41 }) |
| 42 .then(function(message) { |
| 43 assert_equals( |
| 44 message.result, 'allowed', |
| 45 'Access should be allowed if sandbox has allow-same-origin'); |
| 46 }); |
| 47 }, 'Sandboxed iframe with allow-same-origin is allowed access'); |
| 48 |
| 49 promise_test(function(t) { |
| 50 return load_iframe('../resources/iframe.html', |
| 51 'allow-scripts') |
| 52 .then(function(iframe) { |
| 53 var id = ++counter; |
| 54 iframe.contentWindow.postMessage({id: id}, '*'); |
| 55 return wait_for_message(id); |
| 56 }) |
| 57 .then(function(message) { |
| 58 assert_equals( |
| 59 message.result, 'denied', |
| 60 'Access should be denied if sandbox lacks allow-same-origin'); |
| 61 assert_equals(message.name, 'SecurityError', |
| 62 'Failure should be a SecurityError'); |
| 63 }); |
| 64 }, 'Sandboxed iframe without allow-same-origin is denied access'); |
| 65 |
| 66 </script> |
OLD | NEW |