diff options
Diffstat (limited to 'testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe-allow.html')
| -rw-r--r-- | testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe-allow.html | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe-allow.html b/testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe-allow.html new file mode 100644 index 0000000000..9e67314923 --- /dev/null +++ b/testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe-allow.html @@ -0,0 +1,66 @@ +<!doctype html> +<meta charset=utf-8> +<title>Check processing of allow attribute in nested browsing context</title> +<link rel="author" title="Google" href="https://www.google.com"> +<link rel="help" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-allow"> +<link rel="help" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object"> +<link rel="help" href="https://fullscreen.spec.whatwg.org/#fullscreen-enabled-flag"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> + +<div id="log"></div> +<script> + // This returns a data URL (cross-origin with the containing document) which + // advances a counter, and reports the counter value together with the + // document's fullscreenEnabled state, every time it receives a postMessage. + // Fullscreen itself is not important for this test, but the flag is a useful + // indicator of whether a policy-controlled-feature is allowed or denied. + function getSourceForCrossOriginPage(initial_count) { + var page_contents = "<html><body><script>var count="+initial_count+";window.addEventListener('message',function(){parent.postMessage({'count':count++,'fullscreenEnabled':document.fullscreenEnabled},'*');});</scr"+"ipt></body></html>"; + return "data:text/html;base64,"+btoa(page_contents); + } + + async_test(function(t) { + var iframe = document.createElement("iframe"); + iframe.src = getSourceForCrossOriginPage(0); + + iframe.addEventListener('load', function() { + // Request the fullscreenEnabled state whenever the frame loads + iframe.contentWindow.postMessage(true,"*"); + }); + + window.addEventListener('message', this.step_func(function(msg) { + if (msg.data.count == 0) { + assert_false(msg.data.fullscreenEnabled, "Document inside cross-origin iframe without allow attribute should not have feature enabled"); + iframe.setAttribute("allow", "fullscreen"); + iframe.contentWindow.postMessage(true,"*"); // Request state again + } else if (msg.data.count == 1) { + assert_false(msg.data.fullscreenEnabled, "Feature should be denied when correct allow attribute is added, before reload"); + iframe.src = getSourceForCrossOriginPage(2); // Reload the frame + } else if (msg.data.count == 2) { + assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when correct allow attribute is added, after reload"); + iframe.removeAttribute("allow"); + iframe.contentWindow.postMessage(true,"*"); // Request state again + } else if (msg.data.count == 3) { + assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when allow attribute is removed, before reload"); + iframe.src = getSourceForCrossOriginPage(4); // Reload the frame + } else if (msg.data.count == 4) { + assert_false(msg.data.fullscreenEnabled, "Feature should be denied when allow attribute is removed, after reload"); + iframe.setAttribute("allow", "payment"); // Set allow to an unrelated feature + iframe.src = getSourceForCrossOriginPage(5); // Reload the frame + } else if (msg.data.count == 5) { + assert_false(msg.data.fullscreenEnabled, "Feature should be denied with incorrect allow attribute"); + iframe.setAttribute("allow", "payment;fullscreen"); // Include fullscreen again + iframe.src = getSourceForCrossOriginPage(6); // Reload the frame + } else if (msg.data.count == 6) { + assert_true(msg.data.fullscreenEnabled, "Feature should be allowed with complex allow attribute"); + t.done(); + } else { + assert_unreached(); + } + })); + + document.body.appendChild(iframe); + }, "iframe-cross-origin-allow"); + +</script> |