diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /testing/web-platform/tests/fenced-frame/disallowed-navigations-dangling-markup-urn.https.html | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fenced-frame/disallowed-navigations-dangling-markup-urn.https.html')
-rw-r--r-- | testing/web-platform/tests/fenced-frame/disallowed-navigations-dangling-markup-urn.https.html | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fenced-frame/disallowed-navigations-dangling-markup-urn.https.html b/testing/web-platform/tests/fenced-frame/disallowed-navigations-dangling-markup-urn.https.html new file mode 100644 index 0000000000..1a5720b034 --- /dev/null +++ b/testing/web-platform/tests/fenced-frame/disallowed-navigations-dangling-markup-urn.https.html @@ -0,0 +1,64 @@ +<!DOCTYPE html> +<title>Fenced frame disallowed navigations with potentially-dangling markup</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/dispatcher/dispatcher.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/common/utils.js"></script> +<script src="resources/utils.js"></script> +<script src="/fetch/local-network-access/resources/support.sub.js"></script> +<script src="resources/dangling-markup-helper.js"></script> + +<body> + +<script> +// These tests assert that fenced frames cannot be navigated to a urn:uuid URL +// that represents an HTTPS URLs with dangling markup. +for (const substring of kDanglingMarkupSubstrings) { + promise_test(async t => { + const key = token(); + + // Copied from from `generateURNFromFlege()`, since we have to modify the + // final URL that goes into `interestGroup.ads[0].renderUrl` for + // `navigator.joinAdInterestGroup()`. + const bidding_token = token(); + const seller_token = token(); + + let url_string = generateURL("resources/report-url.html?blocked", + [key]).toString(); + url_string = url_string.replace("blocked", substring); + + const interestGroup = { + name: 'testAd1', + owner: location.origin, + biddingLogicUrl: new URL(FLEDGE_BIDDING_URL, location.origin), + ads: [{renderUrl: url_string, bid: 1}], + userBiddingSignals: {biddingToken: bidding_token}, + trustedBiddingSignalsKeys: ['key1'], + adComponents: [], + }; + + // Pick an arbitrarily high duration to guarantee that we never leave the + // ad interest group while the test runs. + navigator.joinAdInterestGroup(interestGroup, /*durationSeconds=*/3000000); + + const auctionConfig = { + seller: location.origin, + interestGroupBuyers: [location.origin], + decisionLogicUrl: new URL(FLEDGE_DECISION_URL, location.origin), + auctionSignals: {biddingToken: bidding_token, sellerToken: seller_token}, + }; + + const urn = await navigator.runAdAuction(auctionConfig); + + const fencedframe = attachFencedFrame(urn); + const loaded_promise = nextValueFromServer(key); + const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]); + assert_equals(result, "NOT LOADED"); + }, `fenced frame opaque URN => https: URL with dangling markup '${substring}'`); +} + +</script> + +</body> |