| <html> |
| <head> |
| <script> |
| |
| if (window.testRunner) |
| window.testRunner.dumpAsText(); |
| |
| window.onload = function() |
| { |
| document.getElementById("result").innerHTML = (document.getElementById("f").sandbox != "allow-scripts") |
| ? "FAIL: sandbox attribute modified" |
| : "PASS"; |
| } |
| |
| </script> |
| </head> |
| |
| <body> |
| <p>This is a "sanity" test case to verify that a sandboxed |
| frame cannot break out of its sandbox by modifying its own sandbox |
| attribute. Two attempts are made:</p> |
| |
| <ol> |
| <li>First, an attempt is made to modify the sandbox attribute of the |
| "self" object, referring to the frame's window. This should |
| not have any effect (the attribute is associated with the iframe DOM |
| node, not the window). No warning is expected.</li> |
| <li>Second, an attempt is made to modify the iframe DOM object's sandbox |
| attribute. A warning message (about cross-site scripting) is expected, |
| and the sandbox attribute should remain intact.</li> |
| </ol> |
| |
| <p>This test will print "PASS" on success.</p> |
| |
| <p id="result">FAIL</p> |
| |
| <iframe id="f" |
| sandbox="allow-scripts" |
| src="resources/sandboxed-iframe-modify-self.html"> |
| </iframe> |
| </body> |
| </html> |
