<!DOCTYPE html>
<html>
<head>
<title>Authenticated origin with srcdoc iframe is secure</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/get-host-info.js"></script>
</head>
<body>
<script>
if (window.location.origin != get_host_info().AUTHENTICATED_ORIGIN) {
window.location = get_host_info().AUTHENTICATED_ORIGIN +
window.location.pathname;
} else {
test(function () {
assert_equals(window.location.origin, get_host_info().AUTHENTICATED_ORIGIN, "Sanity check the test runner.");
assert_true(window.isSecureContext);
}, "authenticated origin is secure.");
async_test(function (t) {
var messages = 0;
window.addEventListener("message", t.step_func(function (e) {
assert_true(e.data.isSecureContext);
messages++;
if (messages >= 1)
t.done();
}), false);
var i1 = document.createElement("iframe");
i1.srcdoc = "<iframe src='" + get_host_info().HTTPS_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status.html" + "'></iframe>";
document.body.appendChild(i1);
}, "Frames inside sandboxed frames are secure");
}
</script>
</body>
</html>
Codebase Browser
chromium