Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/sandboxed-iframe-javascript-url.html

Issue 2154213003: Prevent 'javascript:' URL execution in sandboxed frame. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/sandboxed-iframe-javascript-url.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-iframe-javascript-url.html b/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-iframe-javascript-url.html
new file mode 100644
index 0000000000000000000000000000000000000000..bb30ccccb1f1224be04a943172c5c8466a7b9af7
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-iframe-javascript-url.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+ async_test(t => {
+ var i = document.createElement('iframe');
+ i.setAttribute("sandbox", "allow-scripts");
+ i.setAttribute("src", "javascript:top.postMessage('fail', '*');");
+ window.addEventListener(
+ "message",
+ t.unreached_func("The sandboxed 'javascript:' URL should not execute."));
+
+ document.body.appendChild(i);
+
+ // TODO(mkwst): I would love a better test here, but I don't know how else to
+ // verify that the script _doesn't_ execute.
+ setTimeout(t.done.bind(t), 250);
+ }, "JavaScript URLs in sandboxed iframes should not execute, as the origin is distinct from its opener.");
+</script>
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698