| OLD | NEW |
| (Empty) | |
| 1 <!doctype html> |
| 2 <html> |
| 3 <head> |
| 4 <meta charset=utf-8> |
| 5 <title>Origin of document produced from a 'data:' URL</title> |
| 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/browsers.html#
origin"> |
| 7 <script src="/resources/testharness.js"></script> |
| 8 <script src="/resources/testharnessreport.js"></script> |
| 9 </head> |
| 10 <body> |
| 11 <script> |
| 12 async_test(function (t) { |
| 13 window.addEventListener("message", t.step_func_done(function (e) { |
| 14 assert_equals(e.origin, "null", "Messages sent from a 'data:' URL shou
ld have an opaque origin (which serializes to 'null')."); |
| 15 assert_throws("SecurityError", function () { |
| 16 var couldAccessCrossOriginProperty = e.source.location.href; |
| 17 }, "The 'data:' frame should be cross-origin.") |
| 18 })); |
| 19 |
| 20 var i = document.createElement('iframe'); |
| 21 i.src = "data:text/html,<script>" + |
| 22 " window.parent.postMessage('Hello!', '*');" + |
| 23 "</scr" + "ipt>"; |
| 24 document.body.appendChild(i); |
| 25 }, "The origin of a 'data:' document in a frame is opaque."); |
| 26 </script> |
| 27 </body> |
| 28 </html> |
| OLD | NEW |