chromium/src/third_party/blink/web_tests/external/wpt/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter.html - manifest_repos/chromium_src - Git at Google

 <!doctype html>
 <html>
   <head>
     <title>document.domain's setter</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/common/get-host-info.sub.js"></script>
   </head>
   <body>
     <iframe id="iframe"></iframe>
     <script>
       var host_info = get_host_info();
       var HTTP_PORT = host_info.HTTP_PORT;
       var ORIGINAL_HOST = host_info.ORIGINAL_HOST;
       var SUFFIX_HOST = ORIGINAL_HOST.substring(ORIGINAL_HOST.lastIndexOf('.') + 1); // e.g. "test"
       var REMOTE_HOST = host_info.REMOTE_HOST;
       var iframe = document.getElementById("iframe");
       var iframe_url = new URL("support/document_domain_setter_iframe.html", document.location);
       iframe_url.hostname = REMOTE_HOST;
       iframe.src = iframe_url;

       test(function() {
         assert_throws_dom("SecurityError", function() { document.domain = SUFFIX_HOST; });
         assert_throws_dom("SecurityError", function() { document.domain = "." + SUFFIX_HOST; });
         assert_throws_dom("SecurityError", function() { document.domain = REMOTE_HOST; });
         assert_throws_dom("SecurityError", function() { document.domain = "example.com"; });
       }, "failed setting of document.domain");

       async_test(function(t) {
         iframe.addEventListener("load", t.step_func_done(function() {
           // Before setting document.domain, the iframe is not
           // same-origin-domain, so security checks fail.
           assert_equals(iframe.contentDocument, null);
           assert_throws_dom("SecurityError", () => iframe.contentWindow.frameElement);
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.origin; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.href; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.protocol; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.host; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.port; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.hostname; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.pathname; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.hash; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.search; });
           assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.toString(); });
           // Set document.domain
           document.domain = ORIGINAL_HOST;
           // After setting document.domain, the iframe is
           // same-origin-domain, so security checks pass.
           assert_equals(iframe.contentDocument.domain, document.domain);
           assert_equals(iframe.contentWindow.frameElement, iframe);
           assert_equals(iframe.contentWindow.origin, iframe_url.origin);
           assert_equals(iframe.contentWindow.location.href, iframe_url.href);
           assert_equals(iframe.contentWindow.location.protocol, iframe_url.protocol);
           assert_equals(iframe.contentWindow.location.host, iframe_url.host);
           assert_equals(iframe.contentWindow.location.port, iframe_url.port);
           assert_equals(iframe.contentWindow.location.hostname, iframe_url.hostname);
           assert_equals(iframe.contentWindow.location.pathname, iframe_url.pathname);
           assert_equals(iframe.contentWindow.location.hash, iframe_url.hash);
           assert_equals(iframe.contentWindow.location.search, iframe_url.search);
           assert_equals(iframe.contentWindow.location.search, iframe_url.search);
           assert_equals(iframe.contentWindow.location.toString(), iframe_url.toString());
           // document.open checks for same-origin, not same-origin-domain,
           // https://github.com/whatwg/html/issues/2282
           assert_throws_dom("SecurityError", iframe.contentWindow.DOMException,
                             function() { iframe.contentDocument.open(); });
         }));
       }, "same-origin-domain iframe");

       test(() => {
         assert_throws_dom("SecurityError", () => { (new Document).domain = document.domain });
         assert_throws_dom("SecurityError", () => { document.implementation.createHTMLDocument().domain = document.domain });
         assert_throws_dom("SecurityError", () => { document.implementation.createDocument(null, "").domain = document.domain });
       }, "failed setting of document.domain for documents without browsing context");
     </script>
   </body>
 </html>
	<!doctype html>
	<html>
	<head>
	<title>document.domain's setter</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/get-host-info.sub.js"></script>
	</head>
	<body>
	<iframe id="iframe"></iframe>
	<script>
	var host_info = get_host_info();
	var HTTP_PORT = host_info.HTTP_PORT;
	var ORIGINAL_HOST = host_info.ORIGINAL_HOST;
	var SUFFIX_HOST = ORIGINAL_HOST.substring(ORIGINAL_HOST.lastIndexOf('.') + 1); // e.g. "test"
	var REMOTE_HOST = host_info.REMOTE_HOST;
	var iframe = document.getElementById("iframe");
	var iframe_url = new URL("support/document_domain_setter_iframe.html", document.location);
	iframe_url.hostname = REMOTE_HOST;
	iframe.src = iframe_url;

	test(function() {
	assert_throws_dom("SecurityError", function() { document.domain = SUFFIX_HOST; });
	assert_throws_dom("SecurityError", function() { document.domain = "." + SUFFIX_HOST; });
	assert_throws_dom("SecurityError", function() { document.domain = REMOTE_HOST; });
	assert_throws_dom("SecurityError", function() { document.domain = "example.com"; });
	}, "failed setting of document.domain");

	async_test(function(t) {
	iframe.addEventListener("load", t.step_func_done(function() {
	// Before setting document.domain, the iframe is not
	// same-origin-domain, so security checks fail.
	assert_equals(iframe.contentDocument, null);
	assert_throws_dom("SecurityError", () => iframe.contentWindow.frameElement);
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.origin; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.href; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.protocol; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.host; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.port; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.hostname; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.pathname; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.hash; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.search; });
	assert_throws_dom("SecurityError", function() { iframe.contentWindow.location.toString(); });
	// Set document.domain
	document.domain = ORIGINAL_HOST;
	// After setting document.domain, the iframe is
	// same-origin-domain, so security checks pass.
	assert_equals(iframe.contentDocument.domain, document.domain);
	assert_equals(iframe.contentWindow.frameElement, iframe);
	assert_equals(iframe.contentWindow.origin, iframe_url.origin);
	assert_equals(iframe.contentWindow.location.href, iframe_url.href);
	assert_equals(iframe.contentWindow.location.protocol, iframe_url.protocol);
	assert_equals(iframe.contentWindow.location.host, iframe_url.host);
	assert_equals(iframe.contentWindow.location.port, iframe_url.port);
	assert_equals(iframe.contentWindow.location.hostname, iframe_url.hostname);
	assert_equals(iframe.contentWindow.location.pathname, iframe_url.pathname);
	assert_equals(iframe.contentWindow.location.hash, iframe_url.hash);
	assert_equals(iframe.contentWindow.location.search, iframe_url.search);
	assert_equals(iframe.contentWindow.location.search, iframe_url.search);
	assert_equals(iframe.contentWindow.location.toString(), iframe_url.toString());
	// document.open checks for same-origin, not same-origin-domain,
	// https://github.com/whatwg/html/issues/2282
	assert_throws_dom("SecurityError", iframe.contentWindow.DOMException,
	function() { iframe.contentDocument.open(); });
	}));
	}, "same-origin-domain iframe");

	test(() => {
	assert_throws_dom("SecurityError", () => { (new Document).domain = document.domain });
	assert_throws_dom("SecurityError", () => { document.implementation.createHTMLDocument().domain = document.domain });
	assert_throws_dom("SecurityError", () => { document.implementation.createDocument(null, "").domain = document.domain });
	}, "failed setting of document.domain for documents without browsing context");
	</script>
	</body>
	</html>