Index: LayoutTests/http/tests/cachestorage/window/sandboxed-iframes.html |
diff --git a/LayoutTests/http/tests/cachestorage/window/sandboxed-iframes.html b/LayoutTests/http/tests/cachestorage/window/sandboxed-iframes.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8ffac7c891bb5f0215a03968538548b4f39794d5 |
--- /dev/null |
+++ b/LayoutTests/http/tests/cachestorage/window/sandboxed-iframes.html |
@@ -0,0 +1,66 @@ |
+<!DOCTYPE html> |
+<title>Cache Storage: Verify access in sandboxed iframes</title> |
+<link rel="help" href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#cache-storage"> |
+<script src="/resources/testharness.js"></script> |
+<script src="/resources/testharnessreport.js"></script> |
+<script src="/resources/testharness-helpers.js"></script> |
+<script> |
+ |
+function load_iframe(src, sandbox) { |
+ return new Promise(function(resolve, reject) { |
+ var iframe = document.createElement('iframe'); |
+ iframe.onload = function() { resolve(iframe); }; |
+ |
+ iframe.sandbox = sandbox; |
+ iframe.src = src; |
+ |
+ document.documentElement.appendChild(iframe); |
+ }); |
+} |
+ |
+function wait_for_message(id) { |
+ return new Promise(function(resolve) { |
+ self.addEventListener('message', function listener(e) { |
+ if (e.data.id === id) { |
+ resolve(e.data); |
+ self.removeEventListener(listener); |
+ } |
+ }); |
+ }); |
+} |
+ |
+var counter = 0; |
+ |
+promise_test(function(t) { |
+ return load_iframe('../resources/iframe.html', |
+ 'allow-scripts allow-same-origin') |
+ .then(function(iframe) { |
+ var id = ++counter; |
+ iframe.contentWindow.postMessage({id: id}, '*'); |
+ return wait_for_message(id); |
+ }) |
+ .then(function(message) { |
+ assert_equals( |
+ message.result, 'allowed', |
+ 'Access should be allowed if sandbox has allow-same-origin'); |
+ }); |
+}, 'Sandboxed iframe with allow-same-origin is allowed access'); |
+ |
+promise_test(function(t) { |
+ return load_iframe('../resources/iframe.html', |
+ 'allow-scripts') |
+ .then(function(iframe) { |
+ var id = ++counter; |
+ iframe.contentWindow.postMessage({id: id}, '*'); |
+ return wait_for_message(id); |
+ }) |
+ .then(function(message) { |
+ assert_equals( |
+ message.result, 'denied', |
+ 'Access should be denied if sandbox lacks allow-same-origin'); |
+ assert_equals(message.name, 'SecurityError', |
+ 'Failure should be a SecurityError'); |
+ }); |
+}, 'Sandboxed iframe without allow-same-origin is denied access'); |
+ |
+</script> |