| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>window.originIsolationRestricted for a data: URL</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| |
| <div id="log"></div> |
| |
| <script type="module"> |
| import { |
| waitForIframe, |
| testOriginIsolationRestricted |
| } from "./resources/helpers.mjs"; |
| |
| promise_setup(() => { |
| const iframe = document.createElement("iframe"); |
| |
| // This copies parts of resources/send-origin-isolation-header.py that allow |
| // us to reuse testOriginIsolationRestricted. |
| iframe.src = `data:text/html,<script> |
| window.onmessage = () => { |
| parent.postMessage(self.originIsolationRestricted, "*"); |
| }; |
| </` + `script> |
| `; |
| |
| const waitPromise = waitForIframe(iframe); |
| document.body.append(iframe); |
| return waitPromise; |
| }); |
| |
| // The data: URL iframe has an opaque origin, so it definitely should return |
| // false. It's pretty unlikely that it would return true anyway, since we can't |
| // set the header on the iframe, but we should test it to make sure there isn't |
| // some strange main page -> data: URL iframe inheritance going on. |
| |
| testOriginIsolationRestricted(0, false); |
| </script> |
