diff --git a/pages/sut/ui/cross-origin-iframes.jsx b/pages/sut/ui/cross-origin-iframes.jsx new file mode 100644 index 0000000..6937630 --- /dev/null +++ b/pages/sut/ui/cross-origin-iframes.jsx @@ -0,0 +1,93 @@ +import Head from 'next/head'; + +/** + * SUT fixture: cross-origin iframe capture. + * + * Hidden test page (not linked from anywhere in the app) used by the A11y Engine + * P1 sanity/WA suites to verify that, with the cross-origin iframe capture flag + * ON, the engine surfaces accessibility violations that live inside cross-origin + * iframes. Reachable only by direct path: /sut/ui/cross-origin-iframes + * + * NOTE: unlike the sibling /sut/ui/* pages this fixture is intentionally NOT + * gated behind the sutSessionId cookie. The A11y scanner loads it with no + * session, so an auth redirect would stop it before the iframes ever render. + * + * Iframes (both genuinely cross-origin to bstackdemo.com): + * 1. Our A11y demo page (browserstack.github.io) - the deterministic source of + * in-iframe violations the assertion is baselined against. + * 2. https://www.qualified.com/ - stands in as a third-party "ad" slot to prove + * capture works across an unrelated external origin too. + */ +export default function CrossOriginIframes() { + return ( + <> + + Cross-Origin Iframe Fixture - SUT + + + +
+
+

StackDemo Partner Showcase

+

+ A sample page that embeds partner content from other origins. Used to + exercise accessibility scanning across cross-origin iframe boundaries. +

+
+ +
+

Accessibility demo content

+