summaryrefslogtreecommitdiff
path: root/dom/html/test/test_iframe_sandbox_modal.html
blob: 1307ea9a506e033ce26566c97fe19b83e805ac64 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=766282
implement allow-popups directive for iframe sandbox
-->
<head>
  <meta charset="utf-8">
  <title>Tests for Bug 766282</title>
  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>

<script>

SimpleTest.waitForExplicitFinish();
SimpleTest.requestFlakyTimeout("untriaged");

// A postMessage handler that is used by sandboxed iframes without
// 'allow-same-origin' to communicate pass/fail back to this main page.
window.addEventListener("message", receiveMessage, false);

function receiveMessage(event) {
  switch (event.data.type) {
    case "attempted":
      testAttempted();
      break;
    case "ok":
      ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted);
      break;
    default:
      // allow for old style message
      if (event.data.ok != undefined) {
        ok_wrapper(event.data.ok, event.data.desc, event.data.addToAttempted);
      }
  }
}

var attemptedTests = 0;
var passedTests = 0;
var totalTestsToPass = 5;
var totalTestsToAttempt = 5;

function ok_wrapper(result, desc, addToAttempted = true) {
  ok(result, desc);

  if (result) {
    passedTests++;
  }

  if (addToAttempted) {
    testAttempted();
  }
}

// Added so that tests that don't register unless they fail,
// can at least notify that they've attempted to run.
function testAttempted() {
  attemptedTests++;
  if (attemptedTests == totalTestsToAttempt) {
    // Make sure all tests have had a chance to complete.
    setTimeout(function() {finish();}, 1000);
  }
}

var finishCalled = false;

function finish() {
  if (!finishCalled) {
    finishCalled = true;
    is(passedTests, totalTestsToPass, "There are " + totalTestsToPass + " modal tests that should pass");

    SimpleTest.finish();
  }
}

function doTest() {
  // passes if good and fails if bad
  // 1) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
  // allow-same-origin" should not have its origin sandbox flag set and be able to access
  // document.cookie. (Done by file_iframe_sandbox_k_if5.html opened from
  // file_iframe_sandbox_j_if1.html) using showModalDialog.)

  // passes if good
  // 2) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
  // allow-top-navigation" should not have its top-level navigation sandbox flag set and be able to
  // navigate top. (Done by file_iframe_sandbox_k_if5.html (and if6) opened from
  // file_iframe_sandbox_j_if1.html) using showModalDialog.)

  // passes if good
  // 3) A window opened from inside an iframe that has sandbox = "allow-scripts allow-popups
  // all-forms" should not have its forms sandbox flag set and be able to submit forms.
  // (Done by file_iframe_sandbox_k_if7.html opened from
  // file_iframe_sandbox_j_if1.html) using showModalDialog.)

  // passes if good
  // 4) Make sure that the sandbox flags copied to a new browsing context are taken from the
  // current active document not the browsing context (iframe / docShell).
  // This is done by removing allow-same-origin and calling doSubOpens from file_iframe_sandbox_j_if2.html,
  // which opens file_iframe_sandbox_k_if9.html using showModalDialog.
  var if_2 = document.getElementById('if_2');
  if_2.sandbox = 'allow-scripts allow-popups';
  if_2.contentWindow.doSubOpens();

  // passes if good
  // 5) Test that a sandboxed iframe with "allow-popups" can open a new window using window.ShowModalDialog.
  // This is done via file_iframe_sandbox_j_if3.html which is sandboxed with "allow-popups allow-scripts
  // allow-same-origin". The window it attempts to open calls window.opener.ok(true, ...) and
  // file_iframe_j_if3.html has an ok() function that calls window.parent.ok_wrapper.
}

addLoadEvent(doTest);
</script>

<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=766282">Mozilla Bug 766282</a> - implement allow-popups directive for iframe sandbox
<p id="display"></p>
<div id="content">
<iframe sandbox="allow-scripts allow-popups allow-modals allow-same-origin allow-forms allow-top-navigation" id="if_1" src="file_iframe_sandbox_j_if1.html" height="10" width="10"></iframe>
<iframe sandbox="allow-scripts allow-popups allow-modals allow-same-origin" id="if_2" src="file_iframe_sandbox_j_if2.html" height="10" width="10"></iframe>
<iframe sandbox="allow-popups allow-modals allow-same-origin allow-scripts" id="if_3" src="file_iframe_sandbox_j_if3.html" height="10" width="10"></iframe>
</div>