<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
async_test(t => {
assert_equals(location.protocol, "https:");
var f = document.createElement("iframe");
window.addEventListener("message", t.step_func(e => {
if (e.source !== f.contentWindow)
return;
assert_equals(e.data, "PASS: origin=null");
t.done();
}));
f.sandbox = "allow-scripts";
f.srcdoc = `
<script>
var url = URL.createObjectURL(new Blob(["parent.postMessage('PASS: origin=' + self.origin, '*');"]));
var s = document.createElement("script");
s.src = url;
document.head.appendChild(s);
<\/script>
`;
document.body.appendChild(f);
}, "Sandboxed unique-origin frames can load 'blob:' resources.");
</script>
</body>
Codebase Browser
chromium