blob: 6f250c1b0920808f519ee1278920215981fcd5e6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<!doctype html>
<title>Sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
<div id=log>
<script>
[
"allow-popups allow-scripts allow-same-origin",
"allow-popups allow-scripts",
].forEach(sandboxValue => {
async_test(t => {
const frame = document.createElement("iframe");
const channel = new BroadcastChannel(token());
channel.onmessage = t.unreached_func("A COOP popup was created from a sandboxed frame");
t.add_cleanup(() => frame.remove());
frame.sandbox = sandboxValue;
frame.srcdoc = `<script>
const popup = window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}");
<\/script>`;
document.body.append(frame);
addEventListener('load', t.step_func(() => {
// This uses a timeout to give some time for incorrect implementations to broadcast. A
// theoretical testdriver.js API for browsing contexts could be used to speed this up.
t.step_timeout(() => {
t.done()
}, 1500);
}));
}, `<iframe sandbox="${sandboxValue}"> ${document.title}`);
});
// Verify that the popup does not have sandboxing flags set
async_test(t => {
const frame = document.createElement("iframe");
const channel = new BroadcastChannel(token());
channel.onmessage = t.step_func_done();
t.add_cleanup(() => frame.remove());
frame.sandbox = "allow-popups allow-scripts allow-popups-to-escape-sandbox";
frame.srcdoc = `<script>
window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}");
<\/script>`;
document.body.append(frame);
}, `<iframe sandbox="allow-popups allow-scripts allow-popups-to-escape-sandbox"> ${document.title}`);
async_test(t => {
const frame = document.createElement("iframe");
const channel = new BroadcastChannel(token());
frame.sandbox = "allow-scripts allow-same-origin";
frame.name = `iframe-${channel.name}`;
frame.src = `resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
channel.onmessage = t.step_func( event => {
const payload = event.data;
assert_equals(payload.name, frame.name, "name");
t.done();
});
t.add_cleanup(() => frame.remove());
document.body.append(frame);
}, `Iframe with sandbox and COOP must load.`);
</script>
|
