Add spec for cross-origin blockage

2026-01-10 07:58:08 -05:00 · 2017-05-24 13:07:50 -07:00
parent e735aa7dee
commit 36989e19f8
2 changed files with 27 additions and 0 deletions
--- a/spec/api-browser-window-spec.js
+++ b/spec/api-browser-window-spec.js
@@ -1285,6 +1285,14 @@ describe('BrowserWindow module', function () {
        w.loadURL('file://' + path.join(fixtures, 'api', 'native-window-open-file.html'))
      })

+      it('blocks accessing cross-origin frames', (done) => {
+        ipcMain.once('answer', (event, content) => {
+          assert.equal(content, 'Blocked a frame with origin "file://" from accessing a cross-origin frame.')
+          done()
+        })
+        w.loadURL('file://' + path.join(fixtures, 'api', 'native-window-open-cross-origin.html'))
+      })
+
      it('opens window from <iframe> tags', (done) => {
        ipcMain.once('answer', (event, content) => {
          assert.equal(content, 'Hello')
--- a/spec/fixtures/api/native-window-open-cross-origin.html
+++ b/spec/fixtures/api/native-window-open-cross-origin.html
@@ -0,0 +1,19 @@
+<html>
+<body>
+<script type="text/javascript" charset="utf-8">
+  const {ipcRenderer} = require('electron')
+  const popup = window.open('http://host')
+  const intervalID = setInterval(function () {
+    try {
+      if (popup.location.toString() !== 'about:blank') {
+        clearInterval(intervalID)
+        ipcRenderer.send('answer', 'did not throw error')
+      }
+    } catch (error) {
+      clearInterval(intervalID)
+      ipcRenderer.send('answer', error.message)
+    }
+  }, 10)
+</script>
+</body>
+</html>