| <!DOCTYPE html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <body> |
| <script> |
| async_test(t => { |
| var i = document.createElement('iframe'); |
| i.sandbox = "allow-scripts allow-same-origin allow-modals"; |
| i.srcdoc = "<script>" + |
| " window.onerror = (m,f,l,c,e) => { top.postMessage(m, '*'); }" + |
| "</scr" + "ipt>" + |
| "<a href='javascript:top.location=\"/security/frameNavigation/resources/fail.html\";'>click</a>"; |
| |
| window.onmessage = t.step_func_done(e => { |
| const expected = |
| "Uncaught SecurityError: Failed to set the 'href' " + |
| "property on 'Location': The current window does not " + |
| "have permission to navigate the target frame to " + |
| "'/security/frameNavigation/resources/fail.html'."; |
| assert_equals(e.data, expected, "The 'javascript:' navigation threw."); |
| assert_equals(i.contentDocument.body.innerText, "click", "The page contents did not change."); |
| }); |
| |
| var clicked = false; |
| i.onload = t.step_func(e => { |
| i.contentDocument.querySelector('a').click(); |
| clicked = true; |
| }); |
| |
| document.body.appendChild(i); |
| }, "Sandboxed frames should throw when navigating the top-level window."); |
| </script> |
| </body> |
