OLD | NEW |
1 This page should be sandboxed. | 1 This page should be sandboxed. |
2 | 2 |
3 <script> | 3 <script> |
4 // We're not served with the extension default CSP, we can use inline script. | 4 // We're not served with the extension default CSP, we can use inline script. |
5 | 5 |
6 var sendResponse = function(msg) { | |
7 var mainWindow = window.opener || window.top; | |
8 mainWindow.postMessage(msg, '*'); | |
9 }; | |
10 | |
11 var remote_frame_loaded = false; | |
12 window.addEventListener('securitypolicyviolation', function(e) { | |
13 if (remote_frame_loaded) | |
14 sendResponse('succeeded'); | |
15 else | |
16 sendResponse('failed'); | |
17 }); | |
18 | |
19 var loadFrameExpectResponse = function(iframe, url) { | 6 var loadFrameExpectResponse = function(iframe, url) { |
20 var identifier = performance.now(); | 7 var identifier = performance.now(); |
21 return new Promise(function(resolve, reject) { | 8 return new Promise(function(resolve, reject) { |
22 window.addEventListener('message', function(e) { | 9 window.addEventListener('message', function(e) { |
23 var data = JSON.parse(e.data); | 10 var data = JSON.parse(e.data); |
24 if (data[0] == 'local frame msg' && data[1] == identifier) { | 11 if (data[0] == 'local frame msg' && data[1] == identifier) { |
25 resolve(); | 12 resolve(); |
26 } else { | 13 } else { |
27 reject(); | 14 reject(); |
28 } | 15 } |
29 }); | 16 }); |
30 iframe.onerror = reject; | 17 iframe.onerror = reject; |
31 iframe.onload = function() { | 18 iframe.onload = function() { |
32 iframe.contentWindow.postMessage( | 19 iframe.contentWindow.postMessage( |
33 JSON.stringify(['sandboxed frame msg', identifier]), '*'); | 20 JSON.stringify(['sandboxed frame msg', identifier]), '*'); |
34 }; | 21 }; |
35 iframe.src = url; | 22 iframe.src = url; |
36 }); | 23 }); |
37 }; | 24 }; |
38 | 25 |
39 var runTestAndRespond = function(localUrl, remoteUrl) { | 26 var runTestAndRespond = function(localUrl, remoteUrl) { |
40 var iframe = document.createElement('iframe'); | 27 var iframe = document.createElement('iframe'); |
| 28 var sendResponse = function(msg) { |
| 29 var mainWindow = window.opener || window.top; |
| 30 mainWindow.postMessage(msg, '*'); |
| 31 }; |
41 | 32 |
42 // First load local resource in |iframe|, expect the local frame to respond. | 33 // First load local resource in |iframe|, expect the local frame to respond. |
43 loadFrameExpectResponse(iframe, localUrl).then(function() { | 34 loadFrameExpectResponse(iframe, localUrl).then(function() { |
44 // Then load remote resource in |iframe|, expect the navigation to be | 35 // Then try to load remote resource on the same iframe element. The remote |
45 // blocked by the Content-Security-Policy. | 36 // resource will fail to load but we'd get an iframe.onload event and the |
46 // Rely on the SecurityPolicyViolationEvent to detect that the frame has | 37 // local frame will still be there. Therefore, expect the local frame to |
47 // been blocked. | 38 // respond again. |
48 remote_frame_loaded = true; | 39 return loadFrameExpectResponse(iframe, remoteUrl); |
49 iframe.src = remoteUrl; | 40 }).then(function() { |
| 41 sendResponse('succeeded'); |
| 42 }).catch(function(err) { |
| 43 sendResponse('failed'); |
50 }); | 44 }); |
51 document.body.appendChild(iframe); | 45 document.body.appendChild(iframe); |
52 }; | 46 }; |
53 | 47 |
54 onmessage = function(e) { | 48 onmessage = function(e) { |
55 var command = JSON.parse(e.data); | 49 var command = JSON.parse(e.data); |
56 if (command[0] == 'load') { | 50 if (command[0] == 'load') { |
57 var localUrl = command[1]; | 51 var localUrl = command[1]; |
58 var remoteUrl = command[2]; | 52 var remoteUrl = command[2]; |
59 runTestAndRespond(localUrl, remoteUrl); | 53 runTestAndRespond(localUrl, remoteUrl); |
60 } | 54 } |
61 }; | 55 }; |
62 | 56 |
63 </script> | 57 </script> |
OLD | NEW |