chromium/src/third_party/blink/web_tests/http/tests/security/cross-origin-window-properties-undefined.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <meta charset=utf-8>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <iframe id="cross-origin-iframe" src="https://localhost:8000/security/resources/blank.html"></iframe>
 <!--
   HTML 7.2.3.3 CrossOriginGetOwnPropertyHelper ( O, P )
   https://html.spec.whatwg.org/multipage/browsers.html#crossorigingetownpropertyhelper-(-o,-p-)
   step 3. If P is "then", @@toStringTag, @@hasInstance, or @@isConcatSpreadable, then return PropertyDescriptor{ [[Value]]: undefined, [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: true }.

   Test that window.then and location.then return undefined in case of cross origin.
 -->
 <script>
 onload = function() {

   test(function() {
     let iframe = document.getElementById('cross-origin-iframe');
     let w = iframe.contentWindow;  // cross origin window
     assert_throws_dom('SecurityError', function() { w.document; }, "The window 'w' must be cross origin.");
     assert_equals(w.then, undefined, "The value of 'then' must be undefined.");
     assert_equals(w.location.then, undefined, "The value of 'location.then' must be undefined.");

   }, "Test that 'then' on cross origin window and location returns undefined.");

   test(function() {
     let iframe = document.getElementById('cross-origin-iframe');
     let w = iframe.contentWindow;  // cross origin window
     assert_throws_dom('SecurityError', function() { w.document; }, "The window 'w' must be cross origin.");

     // Make a child browsing context named 'then', which shouldn't be shadowed.
     let child_then_frame = document.createElement('iframe');
     child_then_frame.name = 'then';
     child_then_frame.src = 'https://localhost:8000/security/resources/blank.html';
     document.body.appendChild(child_then_frame);

     assert_equals(typeof w.then, 'object', "The value of 'then' must be a WindowProxy.");
     assert_equals(w.location.then, undefined, "The value of 'location.then' must be undefined.");
   }, "Test that a child browsing context named 'then' is not shadowed.");

 };
 </script>
	<!DOCTYPE html>
	<meta charset=utf-8>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<iframe id="cross-origin-iframe" src="https://localhost:8000/security/resources/blank.html"></iframe>
	<!--
	HTML 7.2.3.3 CrossOriginGetOwnPropertyHelper ( O, P )
	https://html.spec.whatwg.org/multipage/browsers.html#crossorigingetownpropertyhelper-(-o,-p-)
	step 3. If P is "then", @@toStringTag, @@hasInstance, or @@isConcatSpreadable, then return PropertyDescriptor{ [[Value]]: undefined, [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: true }.

	Test that window.then and location.then return undefined in case of cross origin.
	-->
	<script>
	onload = function() {

	test(function() {
	let iframe = document.getElementById('cross-origin-iframe');
	let w = iframe.contentWindow; // cross origin window
	assert_throws_dom('SecurityError', function() { w.document; }, "The window 'w' must be cross origin.");
	assert_equals(w.then, undefined, "The value of 'then' must be undefined.");
	assert_equals(w.location.then, undefined, "The value of 'location.then' must be undefined.");

	}, "Test that 'then' on cross origin window and location returns undefined.");

	test(function() {
	let iframe = document.getElementById('cross-origin-iframe');
	let w = iframe.contentWindow; // cross origin window
	assert_throws_dom('SecurityError', function() { w.document; }, "The window 'w' must be cross origin.");

	// Make a child browsing context named 'then', which shouldn't be shadowed.
	let child_then_frame = document.createElement('iframe');
	child_then_frame.name = 'then';
	child_then_frame.src = 'https://localhost:8000/security/resources/blank.html';
	document.body.appendChild(child_then_frame);

	assert_equals(typeof w.then, 'object', "The value of 'then' must be a WindowProxy.");
	assert_equals(w.location.then, undefined, "The value of 'location.then' must be undefined.");
	}, "Test that a child browsing context named 'then' is not shadowed.");

	};
	</script>