LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing.html - WebKit - Git at Google

 <html>
 <head>
 <script>

 if (window.layoutTestController)
     window.layoutTestController.dumpAsText();

 var failed = false;
 var frames = 0;         /* number of allowed frames that called back */

 function fail(message)
 {
     setStatus("FAIL: " + message);
     failed = true;
 }

 function setStatus(status)
 {
     document.getElementById("testStatus").innerHTML = status;
 }

 function allowedCallFromSandbox()
 {
     ++frames;
 }

 function disallowedCallFromSandbox()
 {
     fail("disallowed script executed");
 }

 function disallowedFormSubmitted()
 {
     fail("sandboxing failed: form submitted in sandboxed frame");
 }

 window.onload = function()
 {
     if (frames == 5 && !failed)
         setStatus("PASS");
     else if (!failed)
         fail("scripting disabled in one or more frames where it should be enabled");
 }

 </script>
 </head>

 <body>

     <p>This test case verifies the parsing of the iframe sandbox attribute. Two sets of iframes
     are used: one where scripting is allowed, and another one where it is disallowed. The test
     verifies that the allowed frames execute scripts (but other sandboxed properties still
     apply -- specifically, forms are disabled), and the disallowed ones do not. If successful
     the test prints &quot;PASS&quot;.</p>

     <!-- iframes where script execution is allowed, but origin is not shared -->

     <!-- plain, proper attribute value -->
     <iframe sandbox="allow-scripts"
             name="f1"
             src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
     </iframe>

     <!-- line feed characters before and after attribute value -->
     <iframe sandbox="

 allow-scripts

 "
             name="f2"
             src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
     </iframe>

     <!-- ridiculously long, invalid text (well, for these purposes at least)
          with non-ASCII characters surrounding attribute value -->
     <iframe sandbox="
         För var vers, jag gör,
         Lovar du en kyss mig giva;
         Arket fullt jag borde skriva,
         Mindre har jag skrivit för.
         Men man måste hålla måtta,
         Jag med vers, med kyssar du.
         Låt mig räkna: Där är sju!
         En därtill det gör mig åtta.

         Numro åtta är fatal,
         Greklands sångmör voro nio,
         Och en svensk därtill gör tio. —
         Elva var apostelns tal,
         Ty jag räknar icke Judas,
         Honom, som i vänners lag
         Kysste falskt; det gör ej jag,
         Helst när vackra läppar bjudas.

         Huru står min räkning här?
         Aderton; det är dock något.
         Nitton — rimmet gör besvär,
         Därföre jag fyller tjoget.
         Strofen är ej full som jag,
         In i hamnen vill jag styra,
         Därföre till godo tag
         Denna gång med tjugofyra.

         'Kyssarna' ('The kisses'), Esaias Tegnér, 1782-1846

     allow-scripts

         int main(void)
         {
           return 0;
         }"
             name="f3"
             src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
     </iframe>

     <!-- tab characters before and after attribute value -->
     <iframe sandbox="		allow-scripts		"
             name="f4"
             src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
     </iframe>

     <!-- mixed case -->
     <iframe sandbox="AlLoW-sCrIpTs"
             name="f5"
             src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
     </iframe>

     <!-- iframes where script execution is disallowed -->

     <iframe sandbox="allowscripts"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox="allows-cripts"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox="-allow-scripts"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox="allow_scripts"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox="allowScripts"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox="aallow-scripts"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox="allow-scriptss"
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <iframe sandbox
             src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
     </iframe>

     <p id='testStatus'>FAIL: Script didn't run</p>

 </body>
 </html>
	<html>
	<head>
	<script>

	if (window.layoutTestController)
	window.layoutTestController.dumpAsText();

	var failed = false;
	var frames = 0; /* number of allowed frames that called back */

	function fail(message)
	{
	setStatus("FAIL: " + message);
	failed = true;
	}

	function setStatus(status)
	{
	document.getElementById("testStatus").innerHTML = status;
	}

	function allowedCallFromSandbox()
	{
	++frames;
	}

	function disallowedCallFromSandbox()
	{
	fail("disallowed script executed");
	}

	function disallowedFormSubmitted()
	{
	fail("sandboxing failed: form submitted in sandboxed frame");
	}

	window.onload = function()
	{
	if (frames == 5 && !failed)
	setStatus("PASS");
	else if (!failed)
	fail("scripting disabled in one or more frames where it should be enabled");
	}

	</script>
	</head>

	<body>

	<p>This test case verifies the parsing of the iframe sandbox attribute. Two sets of iframes
	are used: one where scripting is allowed, and another one where it is disallowed. The test
	verifies that the allowed frames execute scripts (but other sandboxed properties still
	apply -- specifically, forms are disabled), and the disallowed ones do not. If successful
	the test prints "PASS".</p>

	<!-- iframes where script execution is allowed, but origin is not shared -->

	<!-- plain, proper attribute value -->
	<iframe sandbox="allow-scripts"
	name="f1"
	src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
	</iframe>

	<!-- line feed characters before and after attribute value -->
	<iframe sandbox="

	allow-scripts

	"
	name="f2"
	src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
	</iframe>

	<!-- ridiculously long, invalid text (well, for these purposes at least)
	with non-ASCII characters surrounding attribute value -->
	<iframe sandbox="
	För var vers, jag gör,
	Lovar du en kyss mig giva;
	Arket fullt jag borde skriva,
	Mindre har jag skrivit för.
	Men man måste hålla måtta,
	Jag med vers, med kyssar du.
	Låt mig räkna: Där är sju!
	En därtill det gör mig åtta.

	Numro åtta är fatal,
	Greklands sångmör voro nio,
	Och en svensk därtill gör tio. —
	Elva var apostelns tal,
	Ty jag räknar icke Judas,
	Honom, som i vänners lag
	Kysste falskt; det gör ej jag,
	Helst när vackra läppar bjudas.

	Huru står min räkning här?
	Aderton; det är dock något.
	Nitton — rimmet gör besvär,
	Därföre jag fyller tjoget.
	Strofen är ej full som jag,
	In i hamnen vill jag styra,
	Därföre till godo tag
	Denna gång med tjugofyra.

	'Kyssarna' ('The kisses'), Esaias Tegnér, 1782-1846

	allow-scripts

	int main(void)
	{
	return 0;
	}"
	name="f3"
	src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
	</iframe>

	<!-- tab characters before and after attribute value -->
	<iframe sandbox=" allow-scripts "
	name="f4"
	src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
	</iframe>

	<!-- mixed case -->
	<iframe sandbox="AlLoW-sCrIpTs"
	name="f5"
	src="resources/sandboxed-iframe-attribute-parsing-allowed.html">
	</iframe>

	<!-- iframes where script execution is disallowed -->

	<iframe sandbox="allowscripts"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox="allows-cripts"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox="-allow-scripts"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox="allow_scripts"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox="allowScripts"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox="aallow-scripts"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox="allow-scriptss"
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<iframe sandbox
	src="resources/sandboxed-iframe-attribute-parsing-disallowed.html">
	</iframe>

	<p id='testStatus'>FAIL: Script didn't run</p>

	</body>
	</html>