| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta charset="utf-8"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <script> |
| var test_suborigin_options = [ |
| [ 'foobar \'', 'Single quote as option' ], |
| [ 'foobar \'unsafe-postmessage-send\';', 'Character after single policy' ], |
| [ 'foobar \'unsafe-postmessage-send\'; \'unsafe-cookies\';', |
| 'Charecters after multiple policies' ], |
| [ 'foobar; \'unsafe-postmessage-send\'', 'Character before policy' ], |
| [ 'foobar \'b@d character$\'', 'Bad characters in option' ], |
| ]; |
| |
| var tests = []; |
| |
| function run_next_test() { |
| if (tests.length) { |
| tests.shift()(); |
| } |
| } |
| |
| function generate_test_case(option) { |
| var test = async_test(test_suborigin_options[option][1]); |
| var iframe; |
| window.addEventListener('message', test.step_func(event => { |
| if (event.source != iframe.contentWindow) |
| return; |
| |
| assert_equals(event.data, 'I am a secret'); |
| setTimeout(run_next_test, 0); |
| test.done(); |
| })); |
| iframe = document.createElement('iframe'); |
| iframe.setAttribute('src', 'resources/reach-into-iframe.php?childsuborigin=' + |
| test_suborigin_options[option][0]); |
| return () => { document.body.appendChild(iframe) }; |
| } |
| |
| for (option in test_suborigin_options) { |
| tests.push(generate_test_case(option)); |
| } |
| |
| run_next_test(); |
| </script> |
| </body> |
| </html> |