diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-22 18:51:38 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-22 18:51:38 +0200 |
commit | 1b4c4256ee7705724b02919b4d432b2a391bcd04 (patch) | |
tree | ba2e9442b55afaa4288c096ae81ca64c8523b3c2 /dom/security/test/general/file_block_toplevel_data_navigation2.html | |
parent | c30ebdac27c93b57e368c69e9c13055a17229992 (diff) | |
download | UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar.gz UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar.lz UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar.xz UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.zip |
moebius#223: Consider blocking top level window data: URIs (part 1/3 without tests)
https://github.com/MoonchildProductions/moebius/pull/223
Diffstat (limited to 'dom/security/test/general/file_block_toplevel_data_navigation2.html')
-rw-r--r-- | dom/security/test/general/file_block_toplevel_data_navigation2.html | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/dom/security/test/general/file_block_toplevel_data_navigation2.html b/dom/security/test/general/file_block_toplevel_data_navigation2.html new file mode 100644 index 000000000..e0308e1ae --- /dev/null +++ b/dom/security/test/general/file_block_toplevel_data_navigation2.html @@ -0,0 +1,29 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Toplevel data navigation</title> +</head> +<body> +test2: data: URI in iframe tries to window.open(data:, _blank);<br/> +<iframe id="testFrame" src=""></iframe> +<script> + let DATA_URI = `data:text/html,<body><script> + var win = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>", "_blank"); + setTimeout(function () { + var result = win.document.body.innerHTML === "" ? "blocked" : "navigated"; + parent.postMessage(result, "*"); + win.close(); + }, 1000); + <\/script></body>`; + + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); + // propagate the information back to the caller + window.opener.postMessage(event.data, "*"); + } + document.getElementById('testFrame').src = DATA_URI; +</script> +</body> +</html> |