'use strict';

const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html';

function add_iframe(test, src, sandbox) {
  const iframe = document.createElement('iframe');
  iframe.src = src;
  if (sandbox !== undefined) {
    iframe.sandbox = sandbox;
  }
  document.body.appendChild(iframe);
  test.add_cleanup(() => {
    iframe.remove();
  });
}

// Creates a data URI iframe that uses postMessage() to provide its parent
// with the test result. The iframe checks for the existence of
// |property_name| on the window.
async function verify_does_not_exist_in_data_uri_iframe(
  test, property_name) {
  const iframe_content =
    '<script>' +
    '  const is_property_name_defined = ' +
    `    (self.${property_name} !== undefined);` +
    '  parent.postMessage({is_property_name_defined}, "*")' +
    '</script>';

  const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`;
  add_iframe(test, data_uri);

  const event_watcher = new EventWatcher(test, self, 'message');
  const message_event = await event_watcher.wait_for('message')

  assert_false(message_event.data.is_property_name_defined,
    `Data URI iframes must not define '${property_name}'.`);
}

// |kSandboxWindowUrl| sends two messages to this window. The first is the
// result of showDirectoryPicker(). The second is the result of
// navigator.storage.getDirectory(). For windows using sandbox='allow-scripts',
// both results must produce rejected promises.
async function verify_results_from_sandboxed_child_window(test) {
  const event_watcher = new EventWatcher(test, self, 'message');

  const first_message_event = await event_watcher.wait_for('message');
  assert_equals(
      first_message_event.data,
      'showDirectoryPicker(): REJECTED: SecurityError');

  const second_message_event = await event_watcher.wait_for('message');
  assert_equals(second_message_event.data,
    'navigator.storage.getDirectory(): REJECTED: SecurityError');
}

promise_test(async test => {
  await verify_does_not_exist_in_data_uri_iframe(test, 'showDirectoryPicker');
}, 'showDirectoryPicker() must be undefined for data URI iframes.');

promise_test(async test => {
  await verify_does_not_exist_in_data_uri_iframe(
    test, 'FileSystemDirectoryHandle');
}, 'FileSystemDirectoryHandle must be undefined for data URI iframes.');

promise_test(
    async test => {
      add_iframe(test, kSandboxWindowUrl, /*sandbox=*/ 'allow-scripts');
      await verify_results_from_sandboxed_child_window(test);
    },
    'navigator.storage.getDirectory() and ' +
        'showDirectoryPicker() must reject in a sandboxed iframe.');

promise_test(
    async test => {
      const child_window_url = kSandboxWindowUrl +
          '?pipe=header(Content-Security-Policy, sandbox allow-scripts)';

      const child_window = window.open(child_window_url);
      test.add_cleanup(() => {
        child_window.close();
      });

      await verify_results_from_sandboxed_child_window(test);
    },
    'navigator.storage.getDirectory() and ' +
        'showDirectoryPicker() must reject in a sandboxed opened window.');