OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <title>Cache Storage: Verify access in sandboxed iframes</title> | |
3 <link rel="help" href="https://slightlyoff.github.io/ServiceWorker/spec/service_
worker/#cache-storage"> | |
4 <script src="/resources/testharness.js"></script> | |
5 <script src="/resources/testharnessreport.js"></script> | |
6 <script> | |
7 | |
8 function load_iframe(src, sandbox) { | |
9 return new Promise(function(resolve, reject) { | |
10 var iframe = document.createElement('iframe'); | |
11 iframe.onload = function() { resolve(iframe); }; | |
12 | |
13 iframe.sandbox = sandbox; | |
14 iframe.src = src; | |
15 | |
16 document.documentElement.appendChild(iframe); | |
17 }); | |
18 } | |
19 | |
20 function wait_for_message(id) { | |
21 return new Promise(function(resolve) { | |
22 self.addEventListener('message', function listener(e) { | |
23 if (e.data.id === id) { | |
24 resolve(e.data); | |
25 self.removeEventListener('message', listener); | |
26 } | |
27 }); | |
28 }); | |
29 } | |
30 | |
31 var counter = 0; | |
32 | |
33 promise_test(function(t) { | |
34 return load_iframe('../resources/iframe.html', | |
35 'allow-scripts allow-same-origin') | |
36 .then(function(iframe) { | |
37 var id = ++counter; | |
38 iframe.contentWindow.postMessage({id: id}, '*'); | |
39 return wait_for_message(id); | |
40 }) | |
41 .then(function(message) { | |
42 assert_equals( | |
43 message.result, 'allowed', | |
44 'Access should be allowed if sandbox has allow-same-origin'); | |
45 }); | |
46 }, 'Sandboxed iframe with allow-same-origin is allowed access'); | |
47 | |
48 promise_test(function(t) { | |
49 return load_iframe('../resources/iframe.html', | |
50 'allow-scripts') | |
51 .then(function(iframe) { | |
52 var id = ++counter; | |
53 iframe.contentWindow.postMessage({id: id}, '*'); | |
54 return wait_for_message(id); | |
55 }) | |
56 .then(function(message) { | |
57 assert_equals( | |
58 message.result, 'denied', | |
59 'Access should be denied if sandbox lacks allow-same-origin'); | |
60 assert_equals(message.name, 'SecurityError', | |
61 'Failure should be a SecurityError'); | |
62 }); | |
63 }, 'Sandboxed iframe without allow-same-origin is denied access'); | |
64 | |
65 </script> | |
OLD | NEW |