summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/js/behaviours/HostEnsureCanAddPrivateElement.window.js
blob: 03435fa37abe36926ce364069a9908178b461088 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

// META: script=/common/get-host-info.sub.js

// HTML PR https://github.com/whatwg/html/pull/8198 adds a definition for the
// HostEnsureCanAddPrivateElement host hook which disallows private fields on
// WindowProxy and Location objects.
//
// This test case ensure the hook works as designed.

let host_info = get_host_info();

const path = location.pathname.substring(0, location.pathname.lastIndexOf('/')) + '/frame.html';
const path_setdomain = path + "?setdomain";

class Base {
    constructor(o) {
        return o;
    }
}

class Stamper extends Base {
    #x = 10;
    static hasX(o) { return #x in o; }
};

function test_iframe_window(a_src, b_src) {
    const iframe = document.body.appendChild(document.createElement("iframe"));

    var resolve, reject;
    var promise = new Promise((res, rej) => {
        resolve = res;
        reject = rej
    });

    iframe.src = a_src;
    iframe.onload = () => {
        const windowA = iframe.contentWindow;
        try {
            assert_throws_js(TypeError, () => {
                new Stamper(windowA);
            }, "Can't Stamp (maybe cross-origin) exotic WindowProxy");
            assert_equals(Stamper.hasX(windowA), false, "Didn't stamp on WindowProxy");
        } catch (e) {
            reject(e);
            return;
        }

        iframe.src = b_src;
        iframe.onload = () => {
            const windowB = iframe.contentWindow;
            try {
                assert_equals(windowA == windowB, true, "Window is same")
                assert_throws_js(TypeError, () => {
                    new Stamper(windowA);
                }, "Can't Stamp (maybe cross-origin) exotics on WindowProxy");
                assert_equals(Stamper.hasX(windowB), false, "Didn't stamp on WindowProxy");
            } catch (e) {
                reject(e);
                return;
            }
            resolve();
        }
    };

    return promise;
}


function test_iframe_location(a_src, b_src) {
    const iframe = document.body.appendChild(document.createElement("iframe"));

    var resolve, reject;
    var promise = new Promise((res, rej) => {
        resolve = res;
        reject = rej
    });

    iframe.src = a_src;
    iframe.onload = () => {
        const locA = iframe.contentWindow.location;
        try {
            assert_throws_js(TypeError, () => {
                new Stamper(locA);
            }, "Can't Stamp (maybe cross-origin) exotic Location");
            assert_equals(Stamper.hasX(locA), false, "Didn't stamp on Location");
        } catch (e) {
            reject(e);
            return;
        }

        iframe.src = b_src;
        iframe.onload = () => {
            const locB = iframe.contentWindow.location
            try {
                assert_throws_js(TypeError, () => {
                    new Stamper(locB);
                }, "Can't Stamp cross-origin exotic Location");
                assert_equals(Stamper.hasX(locB), false, "Didn't stamp on Location");
            } catch (e) {
                reject(e);
                return;
            }
            resolve();
        }
    };

    return promise;
}

promise_test(() => test_iframe_window(host_info.HTTP_ORIGIN, host_info.HTTP_ORIGIN), "Same Origin: WindowProxy")
promise_test(() => test_iframe_window(host_info.HTTP_ORIGIN, host_info.HTTP_ORIGIN_WITH_DIFFERENT_PORT), "Cross Origin (port): WindowProxy")
promise_test(() => test_iframe_window(host_info.HTTP_ORIGIN, host_info.HTTP_REMOTE_ORIGIN), "Cross Origin (remote): WindowProxy")
promise_test(() => test_iframe_window(path, path_setdomain), "Same Origin + document.domain WindowProxy")


promise_test(() => test_iframe_location(host_info.HTTP_ORIGIN, host_info.HTTP_ORIGIN), "Same Origin: Location")
promise_test(() => test_iframe_location(host_info.HTTP_ORIGIN, host_info.HTTP_ORIGIN_WITH_DIFFERENT_PORT), "Cross Origin (remote): Location")
promise_test(() => test_iframe_location(host_info.HTTP_ORIGIN, host_info.HTTP_REMOTE_ORIGIN), "Cross Origin: Location")
promise_test(() => test_iframe_location(path, path_setdomain), "Same Origin + document.domain: Location")

// We can do this because promise_test promises to queue tests
// https://web-platform-tests.org/writing-tests/testharness-api.html#promise-tests

promise_test(async () => document.domain = document.domain, "Set document.domain");

promise_test(() => test_iframe_location(path, path_setdomain), "(After document.domain set) Same Origin + document.domain: Location")
promise_test(() => test_iframe_window(path, path_setdomain), "(After document.domain set) Same Origin + document.domain WindowProxy does carry private fields after navigation")

promise_test(() => test_iframe_location(path_setdomain, path_setdomain), "(After document.domain set) Local navigation (setdomain) Location")
promise_test(() => test_iframe_window(path_setdomain, path_setdomain), "(After document.domain set) Local navigation (setdomain) WindowProxy does carry private fields after navigation")
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 07:46:08 +0000