third_party/blink/web_tests/external/wpt/x-frame-options/multiple.sub.html - chromium/src - Git at Google

 <!DOCTYPE html>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="./support/helper.js"></script>
 <body>
 <script>
   async_test(t => {
     var i = document.createElement('iframe');
     i.src = "./support/xfo.py?value=SAMEORIGIN&value2=SAMEORIGIN";

     wait_for_message_from(i, t)
       .then(t.step_func_done(e => {
         assert_equals(e.data, "Loaded");
         i.remove();
       }));

     document.body.appendChild(i);
   }, "`XFO: SAMEORIGIN; XFO: SAMEORIGIN` allows same-origin framing.");

   async_test(t => {
     var i = document.createElement('iframe');
     i.src = "./support/xfo.py?value=SAMEORIGIN&value2=DENY";

     assert_no_message_from(i, t);

     i.onload = t.step_func_done(_ => {
       assert_equals(i.contentDocument, null);
       i.remove();
     });

     document.body.appendChild(i);
   }, "`XFO: SAMEORIGIN; XFO: DENY` blocks same-origin framing.");

   async_test(t => {
     var i = document.createElement('iframe');
     i.src = "./support/xfo.py?value=DENY&value2=SAMEORIGIN";

     assert_no_message_from(i, t);

     i.onload = t.step_func_done(_ => {
       assert_equals(i.contentDocument, null);
       i.remove();
     });

     document.body.appendChild(i);
   }, "`XFO: DENY; XFO: SAMEORIGIN` blocks same-origin framing.");

   async_test(t => {
     var i = document.createElement('iframe');
     i.src = "./support/xfo.py?value=INVALID&value2=SAMEORIGIN";

     wait_for_message_from(i, t)
       .then(t.step_func_done(e => {
         assert_equals(e.data, "Loaded");
         i.remove();
       }));

     document.body.appendChild(i);
   }, "`XFO: INVALID; XFO: SAMEORIGIN` allows same-origin framing.");

   async_test(t => {
     var i = document.createElement('iframe');
     i.src = "./support/xfo.py?value=SAMEORIGIN&value2=INVALID";

     wait_for_message_from(i, t)
       .then(t.step_func_done(e => {
         assert_equals(e.data, "Loaded");
         i.remove();
       }));

     document.body.appendChild(i);
   }, "`XFO: SAMEORIGIN; XFO: INVALID` allows same-origin framing.");

   async_test(t => {
     var i = document.createElement('iframe');
     i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=SAMEORIGIN&value2=SAMEORIGIN";

     assert_no_message_from(i, t);

     i.onload = t.step_func_done(_ => {
       assert_equals(i.contentDocument, null);
       i.remove();
     });

     document.body.appendChild(i);
   }, "`XFO: SAMEORIGIN; XFO: SAMEORIGIN` blocks cross-origin framing.");
 </script>
	<!DOCTYPE html>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="./support/helper.js"></script>
	<body>
	<script>
	async_test(t => {
	var i = document.createElement('iframe');
	i.src = "./support/xfo.py?value=SAMEORIGIN&value2=SAMEORIGIN";

	wait_for_message_from(i, t)
	.then(t.step_func_done(e => {
	assert_equals(e.data, "Loaded");
	i.remove();
	}));

	document.body.appendChild(i);
	}, "`XFO: SAMEORIGIN; XFO: SAMEORIGIN` allows same-origin framing.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.src = "./support/xfo.py?value=SAMEORIGIN&value2=DENY";

	assert_no_message_from(i, t);

	i.onload = t.step_func_done(_ => {
	assert_equals(i.contentDocument, null);
	i.remove();
	});

	document.body.appendChild(i);
	}, "`XFO: SAMEORIGIN; XFO: DENY` blocks same-origin framing.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.src = "./support/xfo.py?value=DENY&value2=SAMEORIGIN";

	assert_no_message_from(i, t);

	i.onload = t.step_func_done(_ => {
	assert_equals(i.contentDocument, null);
	i.remove();
	});

	document.body.appendChild(i);
	}, "`XFO: DENY; XFO: SAMEORIGIN` blocks same-origin framing.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.src = "./support/xfo.py?value=INVALID&value2=SAMEORIGIN";

	wait_for_message_from(i, t)
	.then(t.step_func_done(e => {
	assert_equals(e.data, "Loaded");
	i.remove();
	}));

	document.body.appendChild(i);
	}, "`XFO: INVALID; XFO: SAMEORIGIN` allows same-origin framing.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.src = "./support/xfo.py?value=SAMEORIGIN&value2=INVALID";

	wait_for_message_from(i, t)
	.then(t.step_func_done(e => {
	assert_equals(e.data, "Loaded");
	i.remove();
	}));

	document.body.appendChild(i);
	}, "`XFO: SAMEORIGIN; XFO: INVALID` allows same-origin framing.");

	async_test(t => {
	var i = document.createElement('iframe');
	i.src = "http://{{domains[www]}}:{{ports[http][0]}}/x-frame-options/support/xfo.py?value=SAMEORIGIN&value2=SAMEORIGIN";

	assert_no_message_from(i, t);

	i.onload = t.step_func_done(_ => {
	assert_equals(i.contentDocument, null);
	i.remove();
	});

	document.body.appendChild(i);
	}, "`XFO: SAMEORIGIN; XFO: SAMEORIGIN` blocks cross-origin framing.");
	</script>