blob: 9cc1ea27dff0f417df3a92a79ab41d6b0764f6bc [file] [log] [blame]
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<script>
async_test(t => {
var i = document.createElement('iframe');
i.sandbox = "allow-scripts allow-same-origin allow-modals";
i.srcdoc = "<script>" +
" window.onerror = (m,f,l,c,e) => { top.postMessage(m, '*'); }" +
"</scr" + "ipt>" +
"<a href='javascript:top.location=\"/security/frameNavigation/resources/fail.html\";'>click</a>";
window.onmessage = t.step_func_done(e => {
// It was a SecurityError, but the error event got sanitized to
// "Script error." because the frames are cross-origin.
// See also: https://bugzilla.mozilla.org/show_bug.cgi?id=363897
assert_equals(e.data, "Script error.", "The 'javascript:' navigation threw.");
assert_equals(i.contentDocument.body.innerText, "click", "The page contents did not change.");
});
var clicked = false;
i.onload = t.step_func(e => {
i.contentDocument.querySelector('a').click();
clicked = true;
});
document.body.appendChild(i);
}, "Sandboxed frames should throw when navigating the top-level window.");
</script>
</body>