diff options
Diffstat (limited to 'testing/web-platform/tests/html/browsers/origin/inheritance')
10 files changed, 175 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/about-blank-iframe.html b/testing/web-platform/tests/html/browsers/origin/inheritance/about-blank-iframe.html new file mode 100644 index 0000000000..fabde327a1 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/about-blank-iframe.html @@ -0,0 +1,28 @@ +<!doctype html> +<html> + <head> + <title>about:blank in child browsing context aliases security origin</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <script> + test(() => { + let iframe = document.createElement('iframe'); + document.body.appendChild(iframe); + // Should not throw: srcdoc should always be same-origin. + iframe.contentWindow.document.body.innerHTML = '<p>Hello world!</p>'; + + // Explicitly set `domain` component of origin: any other same-origin + // browsing contexts are now cross-origin unless they also explicitly + // set document.domain to the same value. + document.domain = document.domain; + // Should not throw: the origin should be aliased, so setting + // document.domain in one Document should affect both Documents. + assert_equals( + iframe.contentWindow.document.body.textContent, + 'Hello world!'); + }); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/about-blank-window.html b/testing/web-platform/tests/html/browsers/origin/inheritance/about-blank-window.html new file mode 100644 index 0000000000..cc3177f943 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/about-blank-window.html @@ -0,0 +1,25 @@ +<!doctype html> +<html> + <head> + <title>about:blank in auxiliary browsing context aliases security origin</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <script> + test(() => { + let newWindow = window.open(); + // Should not throw: the newly-opened window should be same-origin. + newWindow.document.body.innerHTML = '<p>Hello world!</p>'; + + // Explicitly set `domain` component of origin: any other same-origin + // browsing contexts are now cross-origin unless they also explicitly + // set document.domain to the same value. + document.domain = document.domain; + // Should not throw: the origin should be aliased, so setting + // document.domain in one Document should affect both Documents. + assert_equals(newWindow.document.body.textContent, 'Hello world!'); + }); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html b/testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html new file mode 100644 index 0000000000..971811ee66 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/about-srcdoc.html @@ -0,0 +1,29 @@ +<!doctype html> +<html> + <head> + <title>about:srcdoc aliases security origin</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <script> + test(() => { + let iframe = document.createElement('iframe'); + iframe.srcdoc = '<body></body>'; + document.body.appendChild(iframe); + // Should not throw: srcdoc should always be same-origin. + iframe.contentWindow.document.body.innerHTML = '<p>Hello world!</p>'; + + // Explicitly set `domain` component of origin: any other same-origin + // browsing contexts are now cross-origin unless they also explicitly + // set document.domain to the same value. + document.domain = document.domain; + // Should not throw: the origin should be aliased, so setting + // document.domain in one Document should affect both Documents. + assert_equals( + iframe.contentWindow.document.body.textContent, + 'Hello world!'); + }); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/document-write.https.window.js b/testing/web-platform/tests/html/browsers/origin/inheritance/document-write.https.window.js new file mode 100644 index 0000000000..39dc3b1cc2 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/document-write.https.window.js @@ -0,0 +1,10 @@ +// META: script=/common/get-host-info.sub.js + +// To use document.domain, we need to start from a subdomain. +// +// For document.domain setter to work, some web browser require the +// |Origin-Agent-Cluster: ?0| header to be set uniformly on the origin. +const origin = get_host_info().OTHER_ORIGIN; +const openee = window.open( + origin + '/html/browsers/origin/inheritance/resources/document-write.html') +fetch_tests_from_window(openee); diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/document-write.https.window.js.headers b/testing/web-platform/tests/html/browsers/origin/inheritance/document-write.https.window.js.headers new file mode 100644 index 0000000000..e007de4d7b --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/document-write.https.window.js.headers @@ -0,0 +1 @@ +Origin-Agent-Cluster: ?0 diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/javascript-url.html b/testing/web-platform/tests/html/browsers/origin/inheritance/javascript-url.html new file mode 100644 index 0000000000..7dfb1130ce --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/javascript-url.html @@ -0,0 +1,33 @@ +<!doctype html> +<html> + <head> + <title>javascript: aliases security origin</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + </head> + <body> + <script> + promise_test(t => { + let iframe = document.createElement('iframe'); + document.body.appendChild(iframe); + // Should not throw: srcdoc should always be same-origin. + iframe.contentDocument; + + iframe.contentWindow.location = 'javascript:"Hello world!"'; + return new Promise(resolve => { + iframe.addEventListener('load', resolve); + }).then(() => { + // Explicitly set `domain` component of origin: any other same-origin + // browsing contexts are now cross-origin unless they also explicitly + // set document.domain to the same value. + document.domain = document.domain; + // Should not throw: the origin should be aliased, so setting + // document.domain in one Document should affect both Documents. + assert_equals( + iframe.contentWindow.document.body.textContent, + 'Hello world!'); + }); + }); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/resources/document-write.html b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/document-write.html new file mode 100644 index 0000000000..7a6ff3118e --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/document-write.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> + <head> + <script src="/resources/testharness.js"></script> + <script src="/common/get-host-info.sub.js"></script> + </head> + <body></body> + <script> + const domain_start = document.domain; + const domain_new = domain_start.replace(/^[^.]+\./,''); + + async_test(test => { + const iframe = document.createElement('iframe'); + iframe.src = './iframe-with-about-blank-iframe.html'; + iframe.onload = test.step_func_done(() => { + const doc0 = frames[0].frames[0].document; + const doc1 = frames[0].frames[1].document; + + assert_equals(doc0.domain, domain_start); + assert_equals(doc1.domain, domain_start); + + doc0.open(); + doc1.open(); + assert_equals(doc0.domain, domain_start); + assert_equals(doc1.domain, domain_start); + + document.domain = domain_new; + assert_equals(doc0.domain, domain_start); + assert_equals(doc1.domain, domain_start); + + doc0.close(); + doc1.close(); + assert_equals(doc0.domain, domain_start); + assert_equals(doc1.domain, domain_start); + }); + document.body.appendChild(iframe); + }, "document.open() do not make the callee's origin to alias the caller's" + + " one"); + </script> +</html> diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/resources/document-write.html.headers b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/document-write.html.headers new file mode 100644 index 0000000000..e007de4d7b --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/document-write.html.headers @@ -0,0 +1 @@ +Origin-Agent-Cluster: ?0 diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/resources/iframe-with-about-blank-iframe.html b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/iframe-with-about-blank-iframe.html new file mode 100644 index 0000000000..b3f5125233 --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/iframe-with-about-blank-iframe.html @@ -0,0 +1,7 @@ +<!DOCTYPE html> +<html> + <body> + <iframe src="about:blank"></iframe> + <iframe src=""></iframe> + </body> +</html> diff --git a/testing/web-platform/tests/html/browsers/origin/inheritance/resources/iframe-with-about-blank-iframe.html.headers b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/iframe-with-about-blank-iframe.html.headers new file mode 100644 index 0000000000..e007de4d7b --- /dev/null +++ b/testing/web-platform/tests/html/browsers/origin/inheritance/resources/iframe-with-about-blank-iframe.html.headers @@ -0,0 +1 @@ +Origin-Agent-Cluster: ?0 |