chromium/src/third_party/blink/web_tests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-insecure-origin.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <title>Geolocation On An Secure Origin Embedded in an Insecure Origin</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/resources/get-host-info.js"></script>
 </head>
 <body></body>
 <script>
     if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
         window.location = get_host_info().UNAUTHENTICATED_ORIGIN +
                           window.location.pathname;
     } else {
         var num_received = 0;
         if (window.testRunner)
             testRunner.overridePreference(
                 "WebKitStrictPowerfulFeatureRestrictions", true);

         async_test(function () {
             window.addEventListener("message", this.step_func(function (event) {
                 assert_equals(
                     event.data.message,
                     'Only secure origins are allowed ' +
                     '(see: https://goo.gl/Y0ZkNV).');
                 num_received++;
                 if (num_received == 4)
                     this.done();
             }));

             var iframe = document.createElement("iframe");
             iframe.src = get_host_info().HTTP_ORIGIN +
                          "/security/powerfulFeatureRestrictions/" +
                          "resources/geolocation.html";
             iframe.allow = 'geolocation *;';
            document.body.appendChild(iframe);

            // A srcdoc should be skipped in the ancestor check.
            var iframe = document.createElement("iframe");
            iframe.srcdoc = "<script>" +
                            "window.addEventListener('message', function(evt) {" +
                            "window.parent.postMessage(evt.data, '*'); });" +
                            "</sc" + "ript>" +
                            "<iframe src='" + get_host_info().HTTP_ORIGIN +
                            "/security/powerfulFeatureRestrictions/resources" +
                            "/geolocation.html' allow='geolocation *;'>" +
                            "</iframe>";
            iframe.allow = 'geolocation *;';
            document.body.appendChild(iframe);

            // A sandboxed iframe should use the frame's URL as the origin to
            // check.
            var iframe = document.createElement("iframe");
            iframe.sandbox = "allow-scripts allow-same-origin";
            iframe.src = get_host_info().HTTP_ORIGIN +
                         "/security/powerfulFeatureRestrictions/resources/" +
                         "geolocation.html";
            iframe.allow = 'geolocation *;';
            document.body.appendChild(iframe);

            // Insecure origin frames sandboxed secure origin frames secure
            // origin.
            var iframe = document.createElement("iframe");
            iframe.sandbox = "allow-scripts allow-same-origin";
            iframe.src = get_host_info().HTTP_ORIGIN +
                         "/security/powerfulFeatureRestrictions/resources/" +
                         "geolocation-in-iframe.html";
            iframe.allow = 'geolocation *;';
            document.body.appendChild(iframe);


         }, 'getCurrentPosition in iframe');
     }
 </script>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Geolocation On An Secure Origin Embedded in an Insecure Origin</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/resources/get-host-info.js"></script>
	</head>
	<body></body>
	<script>
	if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
	window.location = get_host_info().UNAUTHENTICATED_ORIGIN +
	window.location.pathname;
	} else {
	var num_received = 0;
	if (window.testRunner)
	testRunner.overridePreference(
	"WebKitStrictPowerfulFeatureRestrictions", true);

	async_test(function () {
	window.addEventListener("message", this.step_func(function (event) {
	assert_equals(
	event.data.message,
	'Only secure origins are allowed ' +
	'(see: https://goo.gl/Y0ZkNV).');
	num_received++;
	if (num_received == 4)
	this.done();
	}));

	var iframe = document.createElement("iframe");
	iframe.src = get_host_info().HTTP_ORIGIN +
	"/security/powerfulFeatureRestrictions/" +
	"resources/geolocation.html";
	iframe.allow = 'geolocation *;';
	document.body.appendChild(iframe);

	// A srcdoc should be skipped in the ancestor check.
	var iframe = document.createElement("iframe");
	iframe.srcdoc = "<script>" +
	"window.addEventListener('message', function(evt) {" +
	"window.parent.postMessage(evt.data, '*'); });" +
	"</sc" + "ript>" +
	"<iframe src='" + get_host_info().HTTP_ORIGIN +
	"/security/powerfulFeatureRestrictions/resources" +
	"/geolocation.html' allow='geolocation *;'>" +
	"</iframe>";
	iframe.allow = 'geolocation *;';
	document.body.appendChild(iframe);

	// A sandboxed iframe should use the frame's URL as the origin to
	// check.
	var iframe = document.createElement("iframe");
	iframe.sandbox = "allow-scripts allow-same-origin";
	iframe.src = get_host_info().HTTP_ORIGIN +
	"/security/powerfulFeatureRestrictions/resources/" +
	"geolocation.html";
	iframe.allow = 'geolocation *;';
	document.body.appendChild(iframe);

	// Insecure origin frames sandboxed secure origin frames secure
	// origin.
	var iframe = document.createElement("iframe");
	iframe.sandbox = "allow-scripts allow-same-origin";
	iframe.src = get_host_info().HTTP_ORIGIN +
	"/security/powerfulFeatureRestrictions/resources/" +
	"geolocation-in-iframe.html";
	iframe.allow = 'geolocation *;';
	document.body.appendChild(iframe);


	}, 'getCurrentPosition in iframe');
	}
	</script>
	</html>