45 lines
1.5 KiB
HTML
45 lines
1.5 KiB
HTML
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>Storage Permission Restrictions</title>
|
|
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<script type="text/javascript" src="storagePermissionsUtils.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
<iframe></iframe>
|
|
|
|
<script type="text/javascript">
|
|
|
|
task(function* () {
|
|
yield setCookieBehavior(BEHAVIOR_LIMIT_FOREIGN);
|
|
|
|
// We should be able to access storage
|
|
yield storageAllowed();
|
|
|
|
// Same origin iframes should be allowed.
|
|
yield runIFrame("frameStorageAllowed.html");
|
|
yield runIFrame("frameStorageChrome.html?allowed=yes");
|
|
|
|
// Null principal iframes should not.
|
|
yield runIFrame("frameStorageNullprincipal.sjs");
|
|
|
|
// Sandboxed iframes should have the null principal, and thus can't access storage
|
|
document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
|
|
yield runIFrame("frameStoragePrevented.html#nullprincipal");
|
|
yield runIFrame("frameStorageNullprincipal.sjs");
|
|
document.querySelector('iframe').removeAttribute('sandbox');
|
|
|
|
// Thirdparty iframes should be blocked, even when accessed from chrome over Xrays.
|
|
yield runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
|
|
yield runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
|
|
yield runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
|
|
|
|
// Workers should be unable to access storage
|
|
yield runWorker("workerStorageAllowed.js");
|
|
});
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|