sandbox-inherited-from-initiator-frame.html

Enable keyboard shortcuts

This WPT test may be referenced by the following Test IDs:
- /html/browsers/sandboxing/sandbox-inherited-from-initiator-frame.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset=utf-8>

<title>Inherit sandbox flags from the initiator's frame</title>

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<body>

<script>

// Check sandbox flags are properly inherited when a document initiate a

// navigation inside another frame that it doesn't own directly.

// This check the sandbox flags defined by the frame. See also the other test

// about sandbox flags defined by the response (e.g. CSP sandbox):

// => sandbox-inherited-from-initiators-response.html

// Return a promise, resolving when |element| triggers |event_name| event.

let future = (element, event_name) => {

  return new Promise(resolve => {

    element.addEventListener(event_name, event => resolve(event))

});

};

promise_test(async test => {

  const iframe_1 = document.createElement("iframe");

  const iframe_2 = document.createElement("iframe");

  iframe_1.id = "iframe_1";

  iframe_2.id = "iframe_2";

  const iframe_1_script = encodeURI(`

    <script>

      try {

        document.domain = document.domain;

        parent.postMessage("not sandboxed", "*");

      } catch (exception) {

        parent.postMessage("sandboxed", "*");

    </scr`+`ipt>

`);

  const iframe_2_script = `

    <script>

      const iframe_1 = parent.document.querySelector("#iframe_1");

      iframe_1.src = "data:text/html,${iframe_1_script}";

    </scr`+`ipt>

`;

  iframe_2.sandbox = "allow-scripts allow-same-origin";

  iframe_2.srcdoc = iframe_2_script;

  // Insert |iframe_1|. It will load the initial empty document, with no sandbox

  // flags.

  const iframe_1_load_1 = future(iframe_1, "load");

  document.body.appendChild(iframe_1);

  await iframe_1_load_1;

  // Insert |iframe_2|. It will load with sandbox flags. It will make |iframe_1|

  // to navigate toward a data-url, which should inherit the sandbox flags.

  const iframe_1_reply = future(window, "message");

  document.body.appendChild(iframe_2);

  const result = await iframe_1_reply;

  assert_equals("sandboxed", result.data);

})

</script>