testing/web-platform/tests/html/semantics/forms/the-select-element/show-picker-cross-origin-iframe.tentative.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

<!DOCTYPE html>
<title>Test showPicker() called from cross-origin iframe</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<body>
<iframe id="iframe1"></iframe>
<iframe id="iframe2"></iframe>
<iframe id="iframe3"></iframe>
<iframe id="iframe4"></iframe>
</body>
<script>
    function waitForSecurityErrors() {
        return new Promise((resolve) => {
            window.addEventListener("message", (event) => resolve(event.data), {
                once: true,
            });
        });
    }

    promise_test(async (t) => {
        iframe1.src =
            new URL("resources/", self.location).pathname +
            "show-picker-child-iframe.html";

        // Wait for the iframe to report security errors when calling showPicker().
        const securityErrors = await waitForSecurityErrors();
        assert_equals(
            securityErrors,
            "",
            "In same-origin iframes, showPicker() does not throw a SecurityError."
        );
    });

    promise_test(async (t) => {
        iframe2.src =
            get_host_info().HTTP_NOTSAMESITE_ORIGIN +
            new URL("resources/", self.location).pathname +
            "show-picker-child-iframe.html";

        // Wait for the iframe to report security errors when calling showPicker().
        const securityErrors = await waitForSecurityErrors();
        assert_equals(
            securityErrors,
            "select",
            "In cross-origin iframes, showPicker() throws a SecurityError."
        );
    });

    promise_test(async (t) => {
        iframe3.src =
            new URL("resources/", self.location).pathname +
            "show-picker-child-iframe.html?documentDomain=" + get_host_info().ORIGINAL_HOST;

        // Wait for the iframe to report security errors when calling showPicker().
        const securityErrors = await waitForSecurityErrors();
        assert_equals(
            securityErrors,
            "",
            "In same-origin but cross-origin-domain iframes, showPicker() does not throw a SecurityError."
        );
    });

    promise_test(async (t) => {
        document.domain = get_host_info().ORIGINAL_HOST;
        iframe4.src =
            get_host_info().HTTP_REMOTE_ORIGIN +
            new URL("resources/", self.location).pathname +
            "show-picker-child-iframe.html?documentDomain=" + get_host_info().ORIGINAL_HOST;

        // Wait for the iframe to report security errors when calling showPicker().
        const securityErrors = await waitForSecurityErrors();
        assert_equals(
            securityErrors,
            "select",
            "In cross-origin but same-origin-domain iframes, showPicker() throws a SecurityError."
        );
    });
</script>