testing/web-platform/tests/referrer-policy/generic/inheritance/iframe-inheritance-javascript-child.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

<!doctype html>
<title>Referrer Policy: iframes with javascript url reuse referrer policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/make-html-script.js"></script>
<meta name="referrer" content="unsafe-url">
<div id="log"></div>
<script>
[
  {
    srcDocPolicy: ``,
    expected: location.origin + "/custom"
  },
  {
    srcDocPolicy: `<meta name="referrer" content="no-referrer">`,
    expected: undefined
  }
].forEach(({ srcDocPolicy, expected }) => {
  promise_test(t => {
    return new Promise(resolve => {
      window.addEventListener("message", t.step_func(msg => {
        assert_equals(msg.data.referrer, expected);
        resolve();
      }), { once:true });

      const iframe = document.createElement("iframe");
      t.add_cleanup(() => iframe.remove());
      iframe.srcdoc = `${srcDocPolicy}<body><h1>Outer iframe</h1></body>`;
      iframe.onload = t.step_func(() => {
        iframe.onload = null;
        const iframeChild =  iframe.contentDocument.createElement("iframe");
        // We add a custom referrer to the fetch request. Otherwise,
        // since the frame's URL is "about:blank", the Referer header will
        // always be empty:
        // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
        iframeChild.src = `javascript:'${createScriptString(get_host_info().REMOTE_ORIGIN, location.origin+"/custom")}'`;
        iframe.contentDocument.body.appendChild(iframeChild);
      });
      document.body.appendChild(iframe);
    });
  });
});

[
  {
    srcDocPolicy: ``,
    expected: location.href  // Executing javascript does not change the document url.
                             // Since the algorithm for computing the referrer in a srcdoc
                             // iframe defers recursively to the parent, the expected
                             // referrer should be the full url of the main document.
  },
  {
    srcDocPolicy: `<meta name="referrer" content="no-referrer">`,
    expected: undefined
  }
].forEach(({ srcDocPolicy, expected }) => {
  promise_test(t => {
    return new Promise(resolve => {
      window.addEventListener("message", t.step_func(msg => {
        assert_equals(msg.data.referrer, expected);
        resolve();
      }), { once:true });

      const iframe = document.createElement("iframe");
      t.add_cleanup(() => iframe.remove());
      iframe.srcdoc = `${srcDocPolicy}<body><h1>Outer iframe</h1></body>`;
      iframe.onload = t.step_func(() => {
        iframe.onload = null;
        iframe.contentWindow.location = `javascript:'${createScriptString(get_host_info().REMOTE_ORIGIN)}'`;
      });
      document.body.appendChild(iframe);
    });
  });
});

</script>