39 lines
1003 B
HTML
39 lines
1003 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<script src="../../resources/js-test-pre.js"></script>
|
|
<script>
|
|
window.jsTestIsAsync = true;
|
|
|
|
var allowedExecuted = 0;
|
|
var disallowedExecuted = 0;
|
|
window.addEventListener('message', function () {
|
|
disallowedExecuted++;
|
|
|
|
finish();
|
|
});
|
|
|
|
function finish() {
|
|
shouldBe("disallowedExecuted", "0");
|
|
shouldBe("allowedExecuted", "0");
|
|
|
|
finishJSTest();
|
|
};
|
|
</script>
|
|
<script src="../../resources/js-test-post.js"></script>
|
|
</head>
|
|
<body>
|
|
<iframe sandbox="allow-same-origin"
|
|
onload="finish()"
|
|
src="data:text/html,<script>alert('FAIL: Executed script without allow-scripts in data URL');window.parent.postMessage({'fail': true}, '*');</script>">
|
|
</iframe>
|
|
<script>
|
|
description("Verify that sandboxed frames without sandbox='allow-scripts' cannot execute script from data: URLs.");
|
|
</script>
|
|
</body>
|
|
</html>
|
|
|
|
|
|
|
|
|