<!DOCTYPE html>
<title>Cache Storage: Verify access in sandboxed iframes</title>
<link rel="help" href="https://w3c.github.io/ServiceWorker/#cache-storage">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
function load_iframe(src, sandbox) {
return new Promise(function(resolve, reject) {
var iframe = document.createElement('iframe');
iframe.onload = function() { resolve(iframe); };
iframe.sandbox = sandbox;
iframe.src = src;
document.documentElement.appendChild(iframe);
});
}
function wait_for_message(id) {
return new Promise(function(resolve) {
self.addEventListener('message', function listener(e) {
if (e.data.id === id) {
resolve(e.data);
self.removeEventListener('message', listener);
}
});
});
}
var counter = 0;
promise_test(function(t) {
return load_iframe('./resources/iframe.html',
'allow-scripts allow-same-origin')
.then(function(iframe) {
var id = ++counter;
iframe.contentWindow.postMessage({id: id}, '*');
return wait_for_message(id);
})
.then(function(message) {
assert_equals(
message.result, 'allowed',
'Access should be allowed if sandbox has allow-same-origin');
});
}, 'Sandboxed iframe with allow-same-origin is allowed access');
promise_test(function(t) {
return load_iframe('./resources/iframe.html',
'allow-scripts')
.then(function(iframe) {
var id = ++counter;
iframe.contentWindow.postMessage({id: id}, '*');
return wait_for_message(id);
})
.then(function(message) {
assert_equals(
message.result, 'denied',
'Access should be denied if sandbox lacks allow-same-origin');
assert_equals(message.name, 'SecurityError',
'Failure should be a SecurityError');
});
}, 'Sandboxed iframe without allow-same-origin is denied access');
</script>
Codebase Browser
chromium