Chromium Code Reviews Chromium Code Reviews
Issue 1199183002:
Throw a SecurityError when navigator.serviceWorker is accessed in a sandboxed iframe. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 <!DOCTYPE html> | |
| 2 <title>Accessing navigator.serviceWorker in sandboxed iframe.</title> | |
| 3 <script src="../../resources/testharness.js"></script> | |
| 4 <script src="../../resources/testharnessreport.js"></script> | |
| 5 <script src="../resources/test-helpers.js"></script> | |
| 6 <body> | |
| 7 <script> | |
| 8 | |
| 9 function with_sandboxed_iframe(url, sandbox) { | |
| 10 return new Promise(function(resolve) { | |
| 11 var frame = document.createElement('iframe'); | |
| 12 frame.sandbox = sandbox; | |
| 13 frame.src = url; | |
| 14 frame.onload = function() { resolve(frame); }; | |
| 15 document.body.appendChild(frame); | |
| 16 }); | |
| 17 } | |
| 18 | |
| 19 var lastCallbackId = 0; | |
| 20 var callbacks = {}; | |
| 21 function postMassageAndWaitResult(frame) { | |
| 22 return new Promise(function(resolve) { | |
| 23 var id = ++lastCallbackId; | |
| 24 callbacks[id] = resolve; | |
| 25 frame.contentWindow.postMessage({id:id}, '*'); | |
| 26 }); | |
| 27 } | |
| 28 | |
| 29 window.onmessage = function (e) { | |
| 30 message = e.data; | |
| 31 var id = message['id']; | |
| 32 var calback = callbacks[id]; | |
| 33 delete callbacks[id]; | |
| 34 calback(message['result']); | |
| 35 }; | |
| 36 | |
| 37 async_test(function(t) { | |
|
nhiroki
2015/06/24 02:48:17
promise_test?
horo
2015/06/24 03:39:20
Done.
| |
| 38 var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html'; | |
| 39 var frame; | |
| 40 with_iframe(url) | |
| 41 .then(function(f) { | |
| 42 frame = f; | |
| 43 return postMassageAndWaitResult(f); | |
| 44 }) | |
| 45 .then(function(result) { | |
| 46 frame.remove(); | |
| 47 assert_equals(result, 'ok'); | |
| 48 t.done(); | |
| 49 }) | |
| 50 .catch(unreached_rejection(t)); | |
| 51 }, 'Accessing navigator.serviceWorker in normal iframe should not throw.'); | |
| 52 | |
| 53 async_test(function(t) { | |
| 54 var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html'; | |
| 55 var frame; | |
| 56 with_sandboxed_iframe(url, 'allow-scripts') | |
| 57 .then(function(f) { | |
| 58 frame = f; | |
| 59 return postMassageAndWaitResult(f); | |
| 60 }) | |
| 61 .then(function(result) { | |
| 62 frame.remove(); | |
| 63 assert_equals( | |
| 64 result, | |
| 65 'SecurityError: Failed to read the \'serviceWorker\' property from \'Navigator\': Service worker is disabled because the context is sandboxed and lacks the \'allow-same-origin\' flag.'); | |
| 66 t.done(); | |
| 67 }) | |
| 68 .catch(unreached_rejection(t)); | |
| 69 }, 'Accessing navigator.serviceWorker in sandboxed iframe should throw.'); | |
| 70 | |
| 71 async_test(function(t) { | |
| 72 var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html'; | |
| 73 var frame; | |
| 74 with_sandboxed_iframe(url, 'allow-scripts allow-same-origin') | |
| 75 .then(function(f) { | |
| 76 frame = f; | |
| 77 return postMassageAndWaitResult(f); | |
| 78 }) | |
| 79 .then(function(result) { | |
| 80 frame.remove(); | |
| 81 assert_equals(result, 'ok'); | |
| 82 t.done(); | |
| 83 }) | |
| 84 .catch(unreached_rejection(t)); | |
| 85 }, 'Accessing navigator.serviceWorker in sandboxed iframe with allow-same-orig in flag should not throw.'); | |
|
nhiroki
2015/06/24 02:48:17
nit: Can you wrap this at 80 column?
horo
2015/06/24 03:39:20
Done.
| |
| 86 | |
| 87 </script> | |
| 88 </body> | |
| OLD | NEW |
