<!doctype html>
<html>
<head>
<title>javascript: aliases security origin</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
promise_test(t => {
let iframe = document.createElement('iframe');
document.body.appendChild(iframe);
// Should not throw: srcdoc should always be same-origin.
iframe.contentDocument;
iframe.contentWindow.location = 'javascript:"Hello world!"';
return new Promise(resolve => {
iframe.addEventListener('load', resolve);
}).then(() => {
// Explicitly set `domain` component of origin: any other same-origin
// browsing contexts are now cross-origin unless they also explicitly
// set document.domain to the same value.
document.domain = document.domain;
// Should not throw: the origin should be aliased, so setting
// document.domain in one Document should affect both Documents.
assert_equals(
iframe.contentWindow.document.body.textContent,
'Hello world!');
});
});
</script>
</body>
</html>
Codebase Browser
chromium