firefox/testing/web-platform/tests/scroll-to-text-fragment/iframes.sub.html

<!doctype html>
<title>Navigating to text fragment directives in iframes</title>
<meta charset=utf-8>
<meta name="timeout" content="long">
<link rel="help" href="https://wicg.github.io/ScrollToTextFragment/">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
  function getResult(iframe) {
    return new Promise((resolve) => {
      window.addEventListener('message', (e) => {
        resolve(e.data);
      }, {once: true});
      iframe.contentWindow.postMessage('getResult', '*');
    });
  }

  function reset(iframe) {
    return new Promise((resolve) => {
      window.addEventListener('message', (e) => {
        resolve();
      }, {once: true});
      iframe.contentWindow.postMessage('reset', '*');
    });
  }

  function runTests() {
    const attribute_iframe = document.getElementById('srcattrib');
    const sameorigin_iframe = document.getElementById('sameorigin');
    const crossorigin_iframe = document.getElementById('crossorigin');

    // Check behavior that occurs when a text fragment is specified directly in
    // an iframe's src attribute. We expect the text fragment to be blocked.
    promise_test(t => new Promise(async resolve => {
        // No reset since we're checking the hash specified in the `src` attribute.
        const data = await getResult(attribute_iframe);
        resolve(data);
      }).then( data => {
        assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
        assert_equals(data.scrollPosition, 'top', 'Should not scroll to text fragment');
    }), 'Text fragment specified in iframe.src');

    // Check behavior when we set a text fragment using script from a
    // same-origin parent. The text fragment should be allowed because this is
    // a same-document navigation initiated by an origin that's same-origin
    // with the current document.
    promise_test(t => new Promise(async resolve => {
        await reset(sameorigin_iframe);
        sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#:~:text=Target`;
        const data = await getResult(sameorigin_iframe);
        resolve(data);
      }).then( data => {
        assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
        assert_equals(data.scrollPosition, 'target', 'Should scroll to text fragment');
    }), 'Navigate same-origin iframe via window.location');

    // Check behavior when we set a text fragment using script from a
    // cross-origin parent. The text fragment should be blocked because the
    // initiating origin is not same-origin with the current document.
    promise_test(t => new Promise(async resolve => {
        await reset(crossorigin_iframe);
        crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#:~:text=Target`;
        const data = await getResult(crossorigin_iframe);
        resolve(data);
      }).then( data => {
        assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
        assert_equals(data.scrollPosition, 'top', 'Should not to scroll to text fragment.');
    }), 'Navigate cross-origin iframe via window.location');

    // Check the element-id fallback behavior when the text is not found. We
    // should fallback to a regular element-id hash navigation.
    promise_test(t => new Promise(async resolve => {
        await reset(sameorigin_iframe);
        sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#elementid:~:text=NonExistentText`;
        const data = await getResult(sameorigin_iframe);
        resolve(data);
      }).then( data => {
        assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.');
    }), 'Non-matching text with element-id fallback');

    // Check the element-id fallback behaviour when used across origins. The
    // text fragment should be blocked across origins but the element id hash
    // should not.
    promise_test(t => new Promise(async resolve => {
        await reset(crossorigin_iframe);
        crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#elementid:~:text=Target%20Text`;
        const data = await getResult(crossorigin_iframe);
        resolve(data);
      }).then( data => {
        assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.');
    }), 'Cross-origin with element-id fallback');
  }
</script>
<style>
  iframe {
    width: 100px;
    height: 100px;
  }
</style>
<body onload="runTests()">
  <div>
    Same-Origin with text fragment in src attribute:
    <iframe id="srcattrib" src="iframe-target.html#:~:text=Target"></iframe>
  </div>
  <div>
    Same-Origin:
    <iframe id="sameorigin" src="iframe-target.html"></iframe>
  </div>
  <div>
    Cross-Origin:
    <iframe id="crossorigin" src="http://{{hosts[][www]}}:{{ports[http][0]}}/scroll-to-text-fragment/iframe-target.html"></iframe>
  </div>
</body>