HTML: basic document.domain test

Author: annevk

html/browsers/origin/cross-origin-objects/cross-origin-due-to-document-domain-only.html

@@ -0,0 +1,33 @@
+<!doctype html>
+<title>Cross-origin due to document.domain</title>
+<meta charset=utf-8>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<div id=log></div>
+<iframe src=resources/cross-origin-due-to-document-domain-only-helper.html></iframe>
+<script>
+async_test(t => {
+  onload = t.step_func_done(() => {
+    const frame = document.querySelector("iframe");
+    const innerSelf = self[0];
+    const innerLocation = innerSelf.location;
+    const innerDocument = innerSelf.document;
+    assert_equals(innerLocation.host, location.host);
+    assert_true(innerSelf.expandosForever);
+    assert_true(innerLocation.expandosForever);
+    assert_equals(frame.contentWindow, innerSelf);
+    assert_equals(frame.contentDocument, innerDocument);
+    innerSelf.setDocumentDomain();
+    assert_throws("SecurityError", () => innerSelf.expandosForever);
+    assert_throws("SecurityError", () => innerLocation.expandosForever);
+    assert_throws("SecurityError", () => innerLocation.host);
+    assert_equals(innerSelf.parent, self);
+    assert_throws("SecurityError", () => innerSelf.frameElement);
+    assert_throws("SecurityError", () => innerLocation.reload());
+    assert_equals(frame.contentWindow, innerSelf);
+    assert_equals(frame.contentDocument, null);
+    // Cross-origin Document object obtained before it became cross-origin has no protections
+    assert_equals(innerDocument.URL, frame.src);
+  });
+});
+</script>

html/browsers/origin/cross-origin-objects/resources/cross-origin-due-to-document-domain-only-helper.html

@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<script>
+self.expandosForever = true
+self.location.expandosForever = true
+function setDocumentDomain() {
+  document.domain = document.domain
+}
+</script>