From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../opaque-origin.https.window.js | 86 ++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 testing/web-platform/tests/file-system-access/opaque-origin.https.window.js (limited to 'testing/web-platform/tests/file-system-access/opaque-origin.https.window.js') diff --git a/testing/web-platform/tests/file-system-access/opaque-origin.https.window.js b/testing/web-platform/tests/file-system-access/opaque-origin.https.window.js new file mode 100644 index 0000000000..8f431a2406 --- /dev/null +++ b/testing/web-platform/tests/file-system-access/opaque-origin.https.window.js @@ -0,0 +1,86 @@ +'use strict'; + +const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html'; + +function add_iframe(test, src, sandbox) { + const iframe = document.createElement('iframe'); + iframe.src = src; + if (sandbox !== undefined) { + iframe.sandbox = sandbox; + } + document.body.appendChild(iframe); + test.add_cleanup(() => { + iframe.remove(); + }); +} + +// Creates a data URI iframe that uses postMessage() to provide its parent +// with the test result. The iframe checks for the existence of +// |property_name| on the window. +async function verify_does_not_exist_in_data_uri_iframe( + test, property_name) { + const iframe_content = + ''; + + const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`; + add_iframe(test, data_uri); + + const event_watcher = new EventWatcher(test, self, 'message'); + const message_event = await event_watcher.wait_for('message') + + assert_false(message_event.data.is_property_name_defined, + `Data URI iframes must not define '${property_name}'.`); +} + +// |kSandboxWindowUrl| sends two messages to this window. The first is the +// result of showDirectoryPicker(). The second is the result of +// navigator.storage.getDirectory(). For windows using sandbox='allow-scripts', +// both results must produce rejected promises. +async function verify_results_from_sandboxed_child_window(test) { + const event_watcher = new EventWatcher(test, self, 'message'); + + const first_message_event = await event_watcher.wait_for('message'); + assert_equals( + first_message_event.data, + 'showDirectoryPicker(): REJECTED: SecurityError'); + + const second_message_event = await event_watcher.wait_for('message'); + assert_equals(second_message_event.data, + 'navigator.storage.getDirectory(): REJECTED: SecurityError'); +} + +promise_test(async test => { + await verify_does_not_exist_in_data_uri_iframe(test, 'showDirectoryPicker'); +}, 'showDirectoryPicker() must be undefined for data URI iframes.'); + +promise_test(async test => { + await verify_does_not_exist_in_data_uri_iframe( + test, 'FileSystemDirectoryHandle'); +}, 'FileSystemDirectoryHandle must be undefined for data URI iframes.'); + +promise_test( + async test => { + add_iframe(test, kSandboxWindowUrl, /*sandbox=*/ 'allow-scripts'); + await verify_results_from_sandboxed_child_window(test); + }, + 'navigator.storage.getDirectory() and ' + + 'showDirectoryPicker() must reject in a sandboxed iframe.'); + +promise_test( + async test => { + const child_window_url = kSandboxWindowUrl + + '?pipe=header(Content-Security-Policy, sandbox allow-scripts)'; + + const child_window = window.open(child_window_url); + test.add_cleanup(() => { + child_window.close(); + }); + + await verify_results_from_sandboxed_child_window(test); + }, + 'navigator.storage.getDirectory() and ' + + 'showDirectoryPicker() must reject in a sandboxed opened window.'); -- cgit v1.2.3