sandboxed-iframe-history-denied.html 1.03 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
<html>
<head>
<script>
if (window.layoutTestController) {
    layoutTestController.dumpAsText();
    layoutTestController.waitUntilDone();
}

window.unload = function() {
    alert("FAIL");
}

window.onload = function() {
    // There's no way to write a test that determinstically fails because the
    // history API is asynchronous.  There's no way to know whether the
    // asynchronous haven't yet happened or never will.  Consequently, we just
    // wait for a bit.
    setTimeout(function() {
        alert("PASS");
        if (window.layoutTestController)
            layoutTestController.notifyDone();
    }, 20);
}
</script>
</head>
<body>
<p>This test verifies that a sandboxed IFrame cannot navigate the top-level frame using the history API.</p>
<iframe sandbox="allow-scripts" src="data:text/html,<script>top.history.back()</script>">
<iframe sandbox="allow-scripts" src="data:text/html,<script>top.history.forward()</script>">
<iframe sandbox="allow-scripts" src="data:text/html,<script>top.history.go(-1)</script>">
</body>
</html>