summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html')
-rw-r--r--testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html136
1 files changed, 136 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html b/testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html
new file mode 100644
index 0000000000..57a5bc49cf
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/sandbox-mandatory-flags.https.html
@@ -0,0 +1,136 @@
+<!DOCTYPE html>
+<meta name=timeout content=long>
+<title>Test of sandbox mandatory flags</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="resources/utils.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+
+<body>
+
+<script>
+
+const mandatory_flags = [
+ 'allow-same-origin',
+ 'allow-forms',
+ 'allow-scripts',
+ 'allow-popups',
+ 'allow-popups-to-escape-sandbox',
+ 'allow-top-navigation-by-user-activation'];
+
+promise_test(async t => {
+ const key = token();
+ const value = 'fenced frame loaded';
+ const iframe = document.createElement('iframe');
+ iframe.src =
+ 'resources/sandbox-mandatory-flags-iframe.sub.html?key=' + key +
+ '&value=' + value;
+ mandatory_flags.forEach(flag => {
+ iframe.sandbox.add(flag);
+ });
+
+ document.body.appendChild(iframe);
+ t.add_cleanup(() => {
+ iframe.remove();
+ });
+ const result = await nextValueFromServer(key);
+ assert_equals(result, value, 'The fenced frame must be loaded.');
+}, 'Sandboxed Iframe with mandatory flags can load a fenced frame.');
+
+promise_test(async t => {
+ const key = token();
+ // Try to load a fenced frame in a sandboxed iframe like this:
+ // <iframe sandbox="|mandatory_flags| without |missing_flag|"
+ // src="sandbox-mandatory-flags-iframe.sub.html">
+ // <fencedframe src="sandbox-mandatory-flags-inner.sub.html">
+ // <img src="key-value-store.py?key=|key|&value=|value|">
+ // <fencedframe>
+ // </iframe>
+ // But this should fail because the sandboxed iframe is loaded without
+ // |missing_flag|.
+ for (let missing_flag of mandatory_flags) {
+ const value =
+ 'a fenced frame was loaded in a sandboxed iframe without ' +
+ missing_flag + '.';
+ const iframe = document.createElement('iframe');
+ iframe.src =
+ 'resources/sandbox-mandatory-flags-iframe.sub.html?key=' + key +
+ '&value=' + value;
+ mandatory_flags.forEach(flag => {
+ if (flag != missing_flag) {
+ iframe.sandbox.add(flag);
+ }
+ });
+ document.body.appendChild(iframe);
+ t.add_cleanup(() => {
+ iframe.remove();
+ });
+ }
+ t.step_timeout(() => t.done(), 3000);
+ let server_value = await nextValueFromServer(key);
+ assert_unreached('fenced frame should not be loaded, but ' + server_value);
+}, 'Sandboxed Iframe without one of mandatory flag must fail to load a fenced' +
+ ' frame.');
+
+promise_test(async t => {
+ const key = token();
+ // Try to load a fenced frame in a nested sandboxed iframe like this:
+ // <iframe sandbox="|mandatory_flags| without |missing_flag|"
+ // src="sandbox-mandatory-flags-looser-restriction.sub.html">
+ // <iframe sandbox="|mandatory_flags|"
+ // src="sandbox-mandatory-flags-iframe.sub.html">
+ // <fencedframe src="resources/sandbox-mandatory-flags-inner.sub.html">
+ // <img src="key-value-store.py?key=|key|&value=|value|">
+ // <fencedframe>
+ // </iframe>
+ // </iframe>
+ // But this should fail because the nested iframe is loaded sandboxed
+ // without |missing_flag|.
+ for (let missing_flag of mandatory_flags) {
+ const value =
+ 'a fenced frame was loaded in a nested sandboxed iframe without ' +
+ missing_flag + '.';
+ const iframe = document.createElement('iframe');
+ iframe.src =
+ 'resources/sandbox-mandatory-flags-looser-restriction.sub.html?key=' +
+ key + '&value=' + value;
+ mandatory_flags.forEach(flag => {
+ if (flag != missing_flag) {
+ iframe.sandbox.add(flag);
+ }
+ });
+ document.body.appendChild(iframe);
+ t.add_cleanup(() => {
+ iframe.remove();
+ });
+ }
+ t.step_timeout(() => t.done(), 3000);
+ let server_value = await nextValueFromServer(key);
+ assert_unreached('fenced frame should not be loaded, but ' + server_value);
+}, 'Nested sandboxed iframe without one of mandatory flag must fail to load a' +
+ 'fenced frame even when the inner nested sandboxed iframe has all ' +
+ 'mandatory allow- flags.');
+
+promise_test(async t => {
+ const key = token();
+ // allow-scripts is needed to run iframe.execute, so we will test every other
+ // sandbox flag
+ for (let missing_flag of
+ mandatory_flags.filter(word => word != "allow-scripts")) {
+ const value =
+ 'canLoadOpaqueURL returned true even with flag ' +
+ missing_flag + ' not set.';
+ const flags_to_add = mandatory_flags
+ .filter(word => word != missing_flag)
+ .join(" ");
+ const iframe = attachIFrameContext(
+ {attributes: [["sandbox", flags_to_add]]});
+ await iframe.execute(async (t) => {
+ assert_false(navigator.canLoadAdAuctionFencedFrame());
+ });
+ }
+}, 'navigator.canLoadAdAuctionFencedFrame considers mandatory sandbox flags');
+</script>
+
+</body>