| <!DOCTYPE html> |
| <script> |
| if (window.internals) |
| internals.settings.setContentDispositionAttachmentSandboxEnabled(true); |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| window.addEventListener('load', function() { |
| // Due to the sandbox, it's not possible to run script in the iframe or even access its contentDocument. |
| // Submit the form by clicking its button with synthetic mouse events. |
| var iframeRect = document.getElementsByTagName('iframe')[0].getClientRects()[0]; |
| var submitButtonRect = document.getElementById('submitButtonForMetrics').getClientRects()[0]; |
| |
| // This assumes that the iframe has no border, and its document's body has no margin. |
| var x = iframeRect.left + submitButtonRect.width / 2; |
| var y = iframeRect.top + submitButtonRect.height / 2; |
| |
| eventSender.mouseMoveTo(x, y); |
| eventSender.mouseDown(); |
| eventSender.mouseUp(); |
| testRunner.notifyDone(); |
| }); |
| } |
| </script> |
| <p>This test verifies that form submission is disabled when 'Content-Disposition: attachment' sandboxing is enabled. A security error will be logged to the console if the test passes.</p> |
| <iframe style="border: 0px" src="resources/form-submission-frame.py"></iframe> |
| <input style="visibility: hidden" id="submitButtonForMetrics" type="submit"> |