fenced-frame/sandbox-attribute.https.html - external/w3c/web-platform-tests.git - Git at Google

 <!DOCTYPE html>
 <title>Test fenced frame sandbox attribute.</title>
 <meta name="timeout" content="long">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
 <script src="/common/dispatcher/dispatcher.js"></script>
 <script src="resources/utils.js"></script>

 <body>
 <script>

 async function runTest(t, sandbox_flags, success) {
   const frame = await attachFencedFrameContext({
       generator_api: 'fledge', resolve_to_config: true,
       attributes: [['sandbox', sandbox_flags]]});

   assert_equals(frame.element.sandbox.value, sandbox_flags);
   if (sandbox_flags) {
     assert_equals(frame.element.sandbox.length, sandbox_flags.split(' ').length);
   } else {
     assert_equals(frame.element.sandbox.length, 0);
   }

   const result = await Promise.any([
     frame.execute(() => { return 'success';}),
     new Promise(resolve => t.step_timeout(() => resolve('failure'), 2000))]);
   if (success) {
     assert_equals(result, 'success');
   } else {
     assert_equals(result, 'failure');
   }
 }

 // We omit test cases that lack the sandbox attribute, because that's covered
 // by every other test that doesn't explicitly use the `sandbox` attribute.

 promise_test(async t => {
   return runTest(t, '', false);
 }, 'Navigation fails with no allowed features');

 promise_test(async t => {
   return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation', true);
 }, 'Navigation succeeds with exactly the required unsandboxed features');

 promise_test(async t => {
   return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-pointer-lock', true);
 }, 'Navigation succeeds with extra unsandboxed features');

 promise_test(async t => {
   return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox', false);
 }, 'Navigation fails with too few unsandboxed features');

 promise_test(async t => {
   return runTest(t, 'foo bar baz', false);
 }, 'Navigation fails with malformed sandbox flags');

 promise_test(async t => {
   return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-foobarbaz', true);
 }, 'Navigation fails with the required unsandboxed features, plus some malformed ones');

 </script>
 </body>
	<!DOCTYPE html>
	<title>Test fenced frame sandbox attribute.</title>
	<meta name="timeout" content="long">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/utils.js"></script>
	<script src="/common/dispatcher/dispatcher.js"></script>
	<script src="resources/utils.js"></script>

	<body>
	<script>

	async function runTest(t, sandbox_flags, success) {
	const frame = await attachFencedFrameContext({
	generator_api: 'fledge', resolve_to_config: true,
	attributes: [['sandbox', sandbox_flags]]});

	assert_equals(frame.element.sandbox.value, sandbox_flags);
	if (sandbox_flags) {
	assert_equals(frame.element.sandbox.length, sandbox_flags.split(' ').length);
	} else {
	assert_equals(frame.element.sandbox.length, 0);
	}

	const result = await Promise.any([
	frame.execute(() => { return 'success';}),
	new Promise(resolve => t.step_timeout(() => resolve('failure'), 2000))]);
	if (success) {
	assert_equals(result, 'success');
	} else {
	assert_equals(result, 'failure');
	}
	}

	// We omit test cases that lack the sandbox attribute, because that's covered
	// by every other test that doesn't explicitly use the `sandbox` attribute.

	promise_test(async t => {
	return runTest(t, '', false);
	}, 'Navigation fails with no allowed features');

	promise_test(async t => {
	return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation', true);
	}, 'Navigation succeeds with exactly the required unsandboxed features');

	promise_test(async t => {
	return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-pointer-lock', true);
	}, 'Navigation succeeds with extra unsandboxed features');

	promise_test(async t => {
	return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox', false);
	}, 'Navigation fails with too few unsandboxed features');

	promise_test(async t => {
	return runTest(t, 'foo bar baz', false);
	}, 'Navigation fails with malformed sandbox flags');

	promise_test(async t => {
	return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-foobarbaz', true);
	}, 'Navigation fails with the required unsandboxed features, plus some malformed ones');

	</script>
	</body>