summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/fenced-frame/disallowed-navigation-to-data.https.html
blob: 99c2e05bee3b491fe6f67976899527ec7bd1fa23 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<!DOCTYPE html>
<title>Fenced frame disallowed navigations to data: URL</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="resources/utils.js"></script>
<script src="/fetch/private-network-access/resources/support.sub.js"></script>

<body>
<script>
const kPublicUtils = resolveUrl("resources/utils.js", Server.HTTPS_PUBLIC);

function getTimeoutPromise(t) {
  return new Promise(resolve =>
      t.step_timeout(() => resolve("NOT LOADED"), 2000));
}

// The following tests ensure that an embedder cannot navigate a
// `mode=opaque-ads` fenced frame to an opaque URN or a fenced frame config
// object that represents a data: URL
for (const resolve_to_config of [true, false]) {
  promise_test(async t => {
    const key = token();
    const select_url_result = await
        runSelectURL(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
    attachFencedFrame(select_url_result);
    const loaded_promise = nextValueFromServer(key);
    const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
    assert_equals(result, "NOT LOADED");
  }, "fenced frame " + (resolve_to_config ? "config" : "urn:uuid") +
     " => data: URL");
}
</script>
</body>