| <!doctype html> |
| <html> |
| <head> |
| <meta charset="utf-8"> |
| <title>Blobs and opaque origins, iframe</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| </head> |
| <body> |
| <script> |
| function with_iframe(url) { |
| return new Promise(function(resolve) { |
| var frame = document.createElement('iframe'); |
| frame.srcdoc = url; |
| frame.onload = function() { resolve(frame); }; |
| document.body.appendChild(frame); |
| }); |
| } |
| |
| promise_test(async (t) => { |
| const frame = await with_iframe('<'+ 'script>' + |
| 'onload = () => {' + |
| ' const blob = new Blob(["<" + "script>parent.postMessage(self.isSecureContext)</" + "script>"], { type : "text/html" });' + |
| ' const frame = document.createElement("iframe");' + |
| ' frame.src = URL.createObjectURL(blob);' + |
| ' document.body.appendChild(frame);' + |
| ' onmessage = (e) => parent.postMessage(e.data);' + |
| '}' + |
| '</' + 'script>'); |
| const result = await new Promise(resolve => window.onmessage = (e) => resolve(e.data)); |
| frame.remove(); |
| test(() => { |
| assert_true(result); |
| }, "Check iframe secure context from a blob created in opaque origin but secure context"); |
| }, "Load opaque origin blobs for iframe"); |
| </script> |
| </body> |
| </html> |