third_party/blink/web_tests/external/wpt/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter_null.tentative.html - chromium/src - Git at Google

 <!DOCTYPE html>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <body>
 <!-- SEKRITS! -->
 <input id="sekrit" value="omg!">

 <script>
   function postMessageToFrame(frame, message) {
     return new Promise(resolve => {
       var c = new MessageChannel();
       c.port1.onmessage = e => {
         resolve({ data: e.data, frame: frame })
       };
       frame.contentWindow.postMessage(message, '*', [c.port2]);
     });
   }

   function createFrame() {
     return new Promise(resolve => {
       var i = document.createElement('iframe');
       i.src = "./support/document_domain_frame.html";
       window.addEventListener('message', m => {
         if (m.source == i.contentWindow)
           resolve(i);
       });
       document.body.appendChild(i);
     });
   }

   promise_test(t => {
     return createFrame()
       .then(f => postMessageToFrame(f, 'poke-at-parent'))
       .then(result => {
         assert_equals(result.data, document.querySelector('#sekrit').value);
         result.frame.remove();
       });
   }, "Access allowed with no 'document.domain' modification. (Sanity check)");

   promise_test(t => {
     return createFrame()
       .then(f => postMessageToFrame(f, { domain: null }))
       .then(result => {
         assert_equals(result.data, 'Done');
         return postMessageToFrame(result.frame, 'poke-at-parent')
           .then(result => {
             assert_equals(result.data, 'SecurityError');
             result.frame.remove();
           });
       });
   }, "No access when frame sets a `null` 'document.domain'.");

   promise_test(t => {
     return createFrame()
       .then(f => {
         document.domain = null;
         assert_equals(document.domain, "null");
         return postMessageToFrame(f, 'poke-at-parent');
       })
       .then(result => {
         assert_equals(result.data, 'SecurityError');
         result.frame.remove();
       });
   }, "No access when parent sets a `null` 'document.domain'.");

   promise_test(t => {
     return createFrame()
       .then(f => {
         document.domain = null;
         assert_equals(document.domain, "null");
         return postMessageToFrame(f, { domain: null });
       })
       .then(result => {
         assert_equals(result.data, 'Done');
         return postMessageToFrame(result.frame, 'poke-at-parent')
           .then(result => {
             assert_equals(result.data, 'SecurityError');
             result.frame.remove();
           });
       });
   }, "No access when both sides set a `null` 'document.domain'.");
 </script>
	<!DOCTYPE html>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<body>
	<!-- SEKRITS! -->
	<input id="sekrit" value="omg!">

	<script>
	function postMessageToFrame(frame, message) {
	return new Promise(resolve => {
	var c = new MessageChannel();
	c.port1.onmessage = e => {
	resolve({ data: e.data, frame: frame })
	};
	frame.contentWindow.postMessage(message, '*', [c.port2]);
	});
	}

	function createFrame() {
	return new Promise(resolve => {
	var i = document.createElement('iframe');
	i.src = "./support/document_domain_frame.html";
	window.addEventListener('message', m => {
	if (m.source == i.contentWindow)
	resolve(i);
	});
	document.body.appendChild(i);
	});
	}

	promise_test(t => {
	return createFrame()
	.then(f => postMessageToFrame(f, 'poke-at-parent'))
	.then(result => {
	assert_equals(result.data, document.querySelector('#sekrit').value);
	result.frame.remove();
	});
	}, "Access allowed with no 'document.domain' modification. (Sanity check)");

	promise_test(t => {
	return createFrame()
	.then(f => postMessageToFrame(f, { domain: null }))
	.then(result => {
	assert_equals(result.data, 'Done');
	return postMessageToFrame(result.frame, 'poke-at-parent')
	.then(result => {
	assert_equals(result.data, 'SecurityError');
	result.frame.remove();
	});
	});
	}, "No access when frame sets a `null` 'document.domain'.");

	promise_test(t => {
	return createFrame()
	.then(f => {
	document.domain = null;
	assert_equals(document.domain, "null");
	return postMessageToFrame(f, 'poke-at-parent');
	})
	.then(result => {
	assert_equals(result.data, 'SecurityError');
	result.frame.remove();
	});
	}, "No access when parent sets a `null` 'document.domain'.");

	promise_test(t => {
	return createFrame()
	.then(f => {
	document.domain = null;
	assert_equals(document.domain, "null");
	return postMessageToFrame(f, { domain: null });
	})
	.then(result => {
	assert_equals(result.data, 'Done');
	return postMessageToFrame(result.frame, 'poke-at-parent')
	.then(result => {
	assert_equals(result.data, 'SecurityError');
	result.frame.remove();
	});
	});
	}, "No access when both sides set a `null` 'document.domain'.");
	</script>