| <html> |
| <head> |
| <style> |
| iframe { width: 400px; height: 200px;} |
| </style> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| function loaded() |
| { |
| document.getElementsByTagName('h4')[0].innerHTML = document.domain; |
| var iframe = document.getElementById("iframe"); |
| // The iframe uses eventSender to emulate a user navigation, which requires absolute coordinates. |
| // Because the iframe is cross-origin, it can't get the offsets itself, so leak them. |
| frames[0].postMessage({x: iframe.offsetLeft, y: iframe.offsetTop}, "*"); |
| } |
| |
| window.addEventListener("message", function(event) { |
| console.error(event.data); |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| }, false); |
| </script> |
| </head> |
| <body onload="loaded();"> |
| <p>This tests that a sandboxed iframe without 'allow-top-navigation-by-user-activation' |
| cannot navigate the top level page, even when navigation is trigged by a user gesture.</p> |
| <h4>DOMAIN</h4> |
| <iframe id="iframe" sandbox="allow-scripts" src="resources/iframe-that-performs-parent-navigation-with-user-activation.html"></iframe> |
| </body> |
| </html> |
