diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
| commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
| tree | f435a8308119effd964b339f76abb83a57c29483 /testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js | |
| parent | Initial commit. (diff) | |
| download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip | |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js')
| -rw-r--r-- | testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js b/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js new file mode 100644 index 0000000000..1ad04321db --- /dev/null +++ b/testing/web-platform/tests/storage-access-api/requestStorageAccess-insecure.sub.window.js @@ -0,0 +1,82 @@ +// META: script=helpers.js +// META: script=/resources/testdriver.js +// META: script=/resources/testdriver-vendor.js +'use strict'; + +// Document-level test config flags: +// +// testPrefix: Prefix each test case with an indicator so we know what context +// they are run in if they are used in multiple iframes. +// +// topLevelDocument: Keep track of if we run these tests in a nested context, we +// don't want to recurse forever. +const {testPrefix, topLevelDocument} = processQueryParams(); + +// Common tests to run in all frames. +promise_test(async () => { + assert_not_equals(document.requestStorageAccess, undefined); +}, "[" + testPrefix + "] document.requestStorageAccess() should exist on the document interface"); + +promise_test(t => { + return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(), + "document.requestStorageAccess() call without user gesture"); +}, "[" + testPrefix + "] document.requestStorageAccess() should be rejected in insecure context"); + +// Logic to load test cases within combinations of iFrames. +if (topLevelDocument) { + // This specific test will run only as a top level test (not as a worker). + // Specific requestStorageAccess() scenarios will be tested within the context + // of various iFrames + promise_test(t => { + const description = "document.requestStorageAccess() call in a detached frame"; + // Can't use `promise_rejects_dom` here, since the error comes from the wrong global. + return CreateDetachedFrame().requestStorageAccess() + .then(t.unreached_func("Should have rejected: " + description), (e) => { + assert_equals(e.name, 'InvalidStateError', description); + t.done(); + }); + }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached frame"); + + promise_test(t => { + return promise_rejects_dom(t, 'InvalidStateError', CreateDocumentViaDOMParser().requestStorageAccess(), + "document.requestStorageAccess() in a detached DOMParser result"); + }, "[non-fully-active] document.requestStorageAccess() should reject when run in a detached DOMParser document"); + + // Create a test with a single-child same-origin iframe. + const sameOriginFramePromise = RunTestsInIFrame( + 'resources/requestStorageAccess-iframe.html?testCase=same-origin-frame'); + + // Create a test with a single-child cross-origin iframe. + const crossOriginFramePromise = RunTestsInIFrame( + 'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=cross-origin-frame'); + + // Validate the nested-iframe scenario where the same-origin frame + // containing the tests is not the first child. + const nestedSameOriginFramePromise = RunTestsInNestedIFrame( + 'resources/requestStorageAccess-iframe.html?testCase=nested-same-origin-frame'); + + // Validate the nested-iframe scenario where the cross-origin frame + // containing the tests is not the first child. + const nestedCrossOriginFramePromise = RunTestsInNestedIFrame( + 'http://{{domains[www]}}:{{ports[http][0]}}/storage-access-api/resources/requestStorageAccess-iframe.html?testCase=nested-cross-origin-frame'); + + // Because the iframe tests expect no user activation, and because they + // load asynchronously, we want to first run those tests before simulating + // clicks on the page. + const testsWithoutUserActivation = [ + sameOriginFramePromise, + crossOriginFramePromise, + nestedSameOriginFramePromise, + nestedCrossOriginFramePromise, + ]; + + promise_test(async t => { + await Promise .all(testsWithoutUserActivation); + await RunCallbackWithGesture(() => { + return promise_rejects_dom(t, "NotAllowedError", document.requestStorageAccess(), + "should reject in insecure context"); + }); + }, + '[' + testPrefix + + '] document.requestStorageAccess() should be rejected when called with a user gesture in insecure context'); +} |