third_party/WebKit/LayoutTests/fast/innerHTML/script-execution.html - Issue 2657263002: Experiment with blocking script inside fragment-parser-inserted `<iframe srcdoc>`.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/LayoutTests/fast/innerHTML/script-execution.html

Issue 2657263002: Experiment with blocking script inside fragment-parser-inserted `<iframe srcdoc>`.

Patch Set: Bitwise logic is hard. Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/LayoutTests/fast/innerHTML/script-execution.html

diff --git a/third_party/WebKit/LayoutTests/fast/innerHTML/script-execution.html b/third_party/WebKit/LayoutTests/fast/innerHTML/script-execution.html

new file mode 100644

index 0000000000000000000000000000000000000000..b88423118f0f69e4e6f8020e63a0efa333291832

--- /dev/null

+++ b/third_party/WebKit/LayoutTests/fast/innerHTML/script-execution.html

@@ -0,0 +1,60 @@

+<!DOCTYPE html>

+<script src="../../resources/testharness.js"></script>

+<script src="../../resources/testharnessreport.js"></script>

+<body>

+<script>

+ async_test(t => {

+ var container = document.createElement('div');

+ container.innerHTML = '<script>document.currentScript.executed = true;</scr' + 'ipt>';

+ document.body.appendChild(container);

+ // run the test after this task ends, to yield to the parser and give the

+ // script time to potentially execute.

+ requestAnimationFrame(t.step_func_done(_ => {

+ assert_equals(container.querySelector('script').executed, undefined);

+ }));

+ }, "<script> inserted via innerHTML does not execute.");

+ var payload = `

+ <script>

+ var current = window;

+ while (current.frameElement) {

+ current.frameElement.executed = true;

+ current = current.parent;

+ }

+ </scr` + `ipt>

+ `;

+ function assert_no_execution(name, html) {

+ async_test(t => {

+ var container = document.createElement('div');

+ document.body.appendChild(container);

+ var observer = new MutationObserver(mutations => {

+ for (var mutation of mutations) {

+ for (var node of mutation.addedNodes) {

+ if (node.dataset['test'] == name) {

+ observer.disconnect();

+ node.addEventListener('load', t.step_func(e => {

+ // Give nested scripts a frame or so to execute:

+ requestAnimationFrame(t.step_func_done(_ => {

+ assert_equals(node.executedScript, undefined, "Script should not execute.");

+ container.remove();

+ }));

+ }

+ });

+ observer.observe(container, { childList: true });

+ container.innerHTML = html.replace(/<iframe/, `<iframe data-test="${name}"`);

+ }, name);

+ }

+</script>

+<script>

+ assert_no_execution("script in srcdoc", `<iframe srcdoc="${payload}"></iframe>`);

+</script>

+<script>

+ assert_no_execution("script in nested srcdoc", `<iframe srcdoc="<iframe srcdoc='${payload}'></iframe>"></iframe>`);

+</script>

+<script>

+ assert_no_execution("script in nested srcdoc in nested srcdoc", `<iframe srcdoc="<iframe srcdoc="<iframe srcdoc='${payload}'></iframe>"></iframe>"></iframe>`);

+</script>

« no previous file with comments | « no previous file | third_party/WebKit/Source/build/scripts/make_element_factory.py » ('j') | no next file with comments »