1 files changed, 86 insertions, 0 deletions

diff --git a/testing/web-platform/tests/file-system-access/opaque-origin.https.window.js b/testing/web-platform/tests/file-system-access/opaque-origin.https.window.js
new file mode 100644
index 0000000000..8f431a2406
--- /dev/null
+++ b/testing/web-platform/tests/file-system-access/opaque-origin.https.window.js
@@ -0,0 +1,86 @@
+'use strict';
+
+const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html';
+
+function add_iframe(test, src, sandbox) {
+  const iframe = document.createElement('iframe');
+  iframe.src = src;
+  if (sandbox !== undefined) {
+    iframe.sandbox = sandbox;
+  }
+  document.body.appendChild(iframe);
+  test.add_cleanup(() => {
+    iframe.remove();
+  });
+}
+
+// Creates a data URI iframe that uses postMessage() to provide its parent
+// with the test result. The iframe checks for the existence of
+// |property_name| on the window.
+async function verify_does_not_exist_in_data_uri_iframe(
+  test, property_name) {
+  const iframe_content =
+    '<script>' +
+    '  const is_property_name_defined = ' +
+    `    (self.${property_name} !== undefined);` +
+    '  parent.postMessage({is_property_name_defined}, "*")' +
+    '</script>';
+
+  const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`;
+  add_iframe(test, data_uri);
+
+  const event_watcher = new EventWatcher(test, self, 'message');
+  const message_event = await event_watcher.wait_for('message')
+
+  assert_false(message_event.data.is_property_name_defined,
+    `Data URI iframes must not define '${property_name}'.`);
+}
+
+// |kSandboxWindowUrl| sends two messages to this window. The first is the
+// result of showDirectoryPicker(). The second is the result of
+// navigator.storage.getDirectory(). For windows using sandbox='allow-scripts',
+// both results must produce rejected promises.
+async function verify_results_from_sandboxed_child_window(test) {
+  const event_watcher = new EventWatcher(test, self, 'message');
+
+  const first_message_event = await event_watcher.wait_for('message');
+  assert_equals(
+      first_message_event.data,
+      'showDirectoryPicker(): REJECTED: SecurityError');
+
+  const second_message_event = await event_watcher.wait_for('message');
+  assert_equals(second_message_event.data,
+    'navigator.storage.getDirectory(): REJECTED: SecurityError');
+}
+
+promise_test(async test => {
+  await verify_does_not_exist_in_data_uri_iframe(test, 'showDirectoryPicker');
+}, 'showDirectoryPicker() must be undefined for data URI iframes.');
+
+promise_test(async test => {
+  await verify_does_not_exist_in_data_uri_iframe(
+    test, 'FileSystemDirectoryHandle');
+}, 'FileSystemDirectoryHandle must be undefined for data URI iframes.');
+
+promise_test(
+    async test => {
+      add_iframe(test, kSandboxWindowUrl, /*sandbox=*/ 'allow-scripts');
+      await verify_results_from_sandboxed_child_window(test);
+    },
+    'navigator.storage.getDirectory() and ' +
+        'showDirectoryPicker() must reject in a sandboxed iframe.');
+
+promise_test(
+    async test => {
+      const child_window_url = kSandboxWindowUrl +
+          '?pipe=header(Content-Security-Policy, sandbox allow-scripts)';
+
+      const child_window = window.open(child_window_url);
+      test.add_cleanup(() => {
+        child_window.close();
+      });
+
+      await verify_results_from_sandboxed_child_window(test);
+    },
+    'navigator.storage.getDirectory() and ' +
+        'showDirectoryPicker() must reject in a sandboxed opened window.');