forked from mykmelez/gecko
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1573203 [wpt PR 18391] - Add tests to prevent a sandbox iframe fr…
…om using history APIs, a=testonly Automatic update from web-platform-tests Add tests to prevent a sandbox iframe from using history APIs Spec change whatwg/html#4787 BUG=705583 Change-Id: I6fc5fee627156c10c771b63b609d1d25c6fd439c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1749444 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Domenic Denicola <[email protected]> Cr-Commit-Position: refs/heads/master@{#686032} -- wpt-commits: 5d435e04f41adf7c891c575b3f8ab120923766fe wpt-pr: 18391
- Loading branch information
1 parent
328cf26
commit 79b5ffb
Showing
4 changed files
with
80 additions
and
0 deletions.
There are no files selected for viewing
16 changes: 16 additions & 0 deletions
16
...antics/embedded-content/the-iframe-element/iframe_sandbox_navigate_history_go_back-2.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| <!doctype html> | ||
| <meta charset="utf-8"> | ||
| <title>Check that sandboxed iframe can navigate their self</title> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script> | ||
| var t = async_test(); | ||
| onmessage = t.step_func((e) => { | ||
| if (e.data == 'pushstatebackdone') t.done(); | ||
| }); | ||
|
|
||
| function doNavigation() { | ||
| frames[0].postMessage('pushstateback', '*'); | ||
| } | ||
| </script> | ||
| <iframe id="child_frame" sandbox="allow-scripts" src="support/iframe-tried-to-be-navigated-by-history.html" onload="doNavigation();"></iframe> |
18 changes: 18 additions & 0 deletions
18
...emantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_history_go_back.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| <!doctype html> | ||
| <meta charset="utf-8"> | ||
| <title>Check that sandboxed iframe can not navigate their ancestors</title> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script> | ||
| var t = async_test(); | ||
| onpopstate = t.unreached_func('no pop state'); | ||
|
|
||
| function doNavigation() { | ||
| history.pushState( {state: "one past"}, 'page 2', ''); | ||
| frames[0].postMessage('back', '*'); | ||
| t.step_timeout(() => { | ||
| t.done(); | ||
| }, 1000); | ||
| } | ||
| </script> | ||
| <iframe id="child_frame" sandbox="allow-scripts" src="support/iframe-tried-to-be-navigated-by-history.html" onload="doNavigation();"></iframe> |
28 changes: 28 additions & 0 deletions
28
...ntics/embedded-content/the-iframe-element/iframe_sandbox_navigate_history_go_forward.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| <!doctype html> | ||
| <meta charset="utf-8"> | ||
| <title>Check that sandboxed iframe can not navigate their ancestors</title> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script> | ||
| var t = async_test(); | ||
| var pop_state_count = 0; | ||
| onpopstate = t.step_func((e) => { | ||
| pop_state_count++; | ||
| if (pop_state_count == 1) { | ||
| // Should not generate a pop state | ||
| frames[0].postMessage('forward', '*'); | ||
| t.step_timeout(() => { | ||
| t.done(); | ||
| }, 1000); | ||
| } else if (pop_state_count > 1) { | ||
| assert_unreached('no pop state'); | ||
| } | ||
| }); | ||
|
|
||
| function doNavigation() { | ||
| history.pushState( {state: "one past"}, 'page 2', ''); | ||
| // Should generate a pop state | ||
| history.back(); | ||
| } | ||
| </script> | ||
| <iframe id="child_frame" sandbox="allow-scripts" src="support/iframe-tried-to-be-navigated-by-history.html" onload="doNavigation();"></iframe> |
18 changes: 18 additions & 0 deletions
18
.../embedded-content/the-iframe-element/support/iframe-tried-to-be-navigated-by-history.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| <!DOCTYPE html> | ||
| <p>This is a frame that tries to navigate via history API.</p> | ||
| <script> | ||
| window.onmessage = (e) => { | ||
| if (e.data == 'back') { | ||
| history.back(); | ||
| } else if (e.data == 'forward') { | ||
| history.forward(); | ||
| } else if (e.data = 'pushstateback') { | ||
| onpopstate = (e) => { | ||
| parent.postMessage('pushstatebackdone', '*'); | ||
| }; | ||
|
|
||
| history.pushState({someState: 'blah'}, ''); | ||
| history.back(); | ||
| } | ||
| }; | ||
| </script> |