| <!DOCTYPE html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <body> |
| <script> |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.sandbox = "allow-scripts allow-same-origin allow-modals"; |
| i.srcdoc = "<script>" + |
| " window.onerror = (m,f,l,c,e) => { top.postMessage(m, '*'); }" + |
| "</scr" + "ipt>" + |
| "<a href='javascript:top.location=\"/security/frameNavigation/resources/fail.html\";'>click</a>"; |
| |
| window.onmessage = t.step_func_done(e => { |
| // It was a SecurityError, but the error event got sanitized to |
| // "Script error." because the frames are cross-origin. |
| // See also: https://bugzilla.mozilla.org/show_bug.cgi?id=363897 |
| assert_equals(e.data, "Script error.", "The 'javascript:' navigation threw."); |
| assert_equals(i.contentDocument.body.innerText, "click", "The page contents did not change."); |
| }); |
| |
| var clicked = false; |
| i.onload = t.step_func(e => { |
| i.contentDocument.querySelector('a').click(); |
| clicked = true; |
| }); |
| |
| document.body.appendChild(i); |
| }, "Sandboxed frames should throw when navigating the top-level window."); |
| </script> |
| </body> |