| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>Navigation resulted download in sandbox is allowed by allow-downloads.</title> |
| <meta name="timeout" content="long" /> |
| <link rel="help" href="https://html.spec.whatwg.org/multipage/#attr-iframe-sandbox"> |
| <link rel="help" href="https://html.spec.whatwg.org/multipage/#the-iframe-element"> |
| <script src="/resources/testharness.js"></script> |
| <script src='/resources/testharnessreport.js'></script> |
| <script src="support/iframe_sandbox_download_helper.js"></script> |
| <body> |
| <script> |
| "use strict"; |
| |
| async_test(t => { |
| const token = "{{$id:uuid()}}"; |
| var iframe = document.createElement("iframe"); |
| iframe.srcdoc = "<a>Download</a>"; |
| iframe.sandbox = "allow-same-origin allow-downloads"; |
| iframe.onload = t.step_func(function () { |
| iframe.contentWindow.addEventListener( |
| "unload", t.unreached_func("Unexpected navigation.")); |
| var anchor = iframe.contentDocument.getElementsByTagName('a')[0]; |
| // Set |finish-delay| to let the server stream a response over a period |
| // of time, so it's able to catch potential download cancellation by |
| // detecting a socket close. |
| anchor.href = "support/download_stash.py?token=" + token + "&finish-delay=" + StreamDownloadFinishDelay(); |
| anchor.click(); |
| AssertDownloadSuccess(t, token, StreamDownloadFinishDelay() + DownloadVerifyDelay()); |
| }); |
| |
| document.body.appendChild(iframe); |
| }, "Navigation resulted download in sandbox is allowed by allow-downloads."); |
| |
| async_test(t => { |
| const token = "{{$id:uuid()}}"; |
| var iframe = document.createElement("iframe"); |
| |
| const folder = location.origin+"/html/semantics/embedded-content/the-iframe-element/"; |
| const href = `${folder}support/download_stash.py?token=${token}&finish-delay=${StreamDownloadFinishDelay() }`; |
| const objectDoc =`<a href="${href}">download</a> |
| <${"script"}> document.querySelector("a").click(); </${"script"}>`; |
| |
| iframe.srcdoc = `<object data='data:text/html,${objectDoc}'></object>`; |
| iframe.sandbox = "allow-same-origin allow-scripts allow-downloads"; |
| iframe.addEventListener("load",()=>{ |
| AssertDownloadSuccess(t, token, StreamDownloadFinishDelay() + DownloadVerifyDelay()); |
| }) |
| document.body.appendChild(iframe); |
| }, "Navigation resulted download in sandbox from <object> is allowed by allow-downloads."); |
| |
| </script> |
| </body> |