<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
async_test(t => {
var i = document.createElement('iframe');
i.sandbox = "allow-scripts allow-same-origin allow-modals";
i.srcdoc = "<script>" +
" window.onerror = (m,f,l,c,e) => { top.postMessage(m, '*'); }" +
"</scr" + "ipt>" +
"<a href='javascript:top.location=\"/security/frameNavigation/resources/fail.html\";'>click</a>";
window.onmessage = t.step_func_done(e => {
const expected =
"Uncaught SecurityError: Failed to set the 'href' " +
"property on 'Location': The current window does not " +
"have permission to navigate the target frame to " +
"'/security/frameNavigation/resources/fail.html'.";
assert_equals(e.data, expected, "The 'javascript:' navigation threw.");
assert_equals(i.contentDocument.body.innerText, "click", "The page contents did not change.");
});
var clicked = false;
i.onload = t.step_func(e => {
i.contentDocument.querySelector('a').click();
clicked = true;
});
document.body.appendChild(i);
}, "Sandboxed frames should throw when navigating the top-level window.");
</script>
</body>
Codebase Browser
chromium