Skip to main content

Browse the archive

https://github.com/web-platform-tests/wpt
26 December 2018, 22:31:15 UTC
Raw File
Tip revision: c26bdad5f6e564f0a791c746c549493c6f9dae7a authored by andypaicu@chromium.org on 16 August 2017, 15:22:43 UTC
Fixed securityviolationevent not containing the full src and path
Tip revision: c26bdad
invalid.sub.html 
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./support/helper.js"></script>
<body>
<script>
  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "./support/xfo.py?value=INVALID";

    wait_for_message_from(i, t)
      .then(t.step_func_done(e => {
        assert_equals(e.data, "Loaded");
        i.remove();
      }));

    document.body.appendChild(i);
  }, "`XFO: INVALID` allows same-origin framing.");

  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=INVALID";

    wait_for_message_from(i, t)
      .then(t.step_func_done(e => {
        assert_equals(e.data, "Loaded");
        i.remove();
      }));

    document.body.appendChild(i);
  }, "`XFO: INVALID` allows cross-origin framing.");

  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "./support/xfo.py?value=ALLOWALL";

    wait_for_message_from(i, t)
      .then(t.step_func_done(e => {
        assert_equals(e.data, "Loaded");
        i.remove();
      }));

    document.body.appendChild(i);
  }, "`XFO: ALLOWALL` allows same-origin framing.");

  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=ALLOWALL";

    wait_for_message_from(i, t)
      .then(t.step_func_done(e => {
        assert_equals(e.data, "Loaded");
        i.remove();
      }));

    document.body.appendChild(i);
  }, "`XFO: ALLOWALL` allows cross-origin framing.");

  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "./support/xfo.py?value=";

    wait_for_message_from(i, t)
      .then(t.step_func_done(e => {
        assert_equals(e.data, "Loaded");
        i.remove();
      }));

    document.body.appendChild(i);
  }, "Empty `XFO:` allows same-origin framing.");

  async_test(t => {
    var i = document.createElement('iframe');
    i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=";

    wait_for_message_from(i, t)
      .then(t.step_func_done(e => {
        assert_equals(e.data, "Loaded");
        i.remove();
      }));

    document.body.appendChild(i);
  }, "Empty `XFO:` allows cross-origin framing.");
</script>
back to top