| Index: third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..7b534f5f02953cf5cfc6f5db932eaf3f28d8bea7
|
| --- /dev/null
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html
|
| @@ -0,0 +1,28 @@
|
| +<!DOCTYPE html>
|
| +<script src="/resources/testharness.js"></script>
|
| +<script src="/resources/testharnessreport.js"></script>
|
| +<body>
|
| +<script>
|
| + async_test(t => {
|
| + var i = document.createElement('iframe');
|
| + i.sandbox = "allow-scripts allow-same-origin allow-modals";
|
| + i.srcdoc = "<script>" +
|
| + " window.onerror = (m,f,l,c,e) => { top.postMessage(e.name, '*'); }" +
|
| + "</scr" + "ipt>" +
|
| + "<a href='javascript:top.location=\"/security/frameNavigation/resources/fail.html\";'>click</a>";
|
| +
|
| + window.onmessage = t.step_func_done(e => {
|
| + assert_equals(e.data, "SecurityError", "The 'javascript:' navigation threw.");
|
| + assert_equals(i.contentDocument.body.innerText, "click", "The page contents did not change.");
|
| + });
|
| +
|
| + var clicked = false;
|
| + i.onload = t.step_func(e => {
|
| + i.contentDocument.querySelector('a').click();
|
| + clicked = true;
|
| + });
|
| +
|
| + document.body.appendChild(i);
|
| + }, "Sandboxed frames should throw when navigating the top-level window.");
|
| +</script>
|
| +</body>
|
|
|