summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/webstorage/localstorage-about-blank-3P-iframe-opens-3P-window.partitioned.tentative.html
blob: de94fb2cf435de13665e5d7aa0abc0ac2fcc035d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<!doctype html>
<meta charset=utf-8>
<title>localStorage: about:blank partitioning</title>
<meta name=help href="https://privacycg.github.io/storage-partitioning/">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/webstorage/resources/partitioning-utils.js"></script>
<body>
<script>
const path =
  "webstorage/resources/localstorage-about-blank-partitioned-win-open.html";
const crossSiteURL = `${get_host_info().HTTP_NOTSAMESITE_ORIGIN}/${path}`;
const sameSiteURL = `${get_host_info().HTTP_ORIGIN}/${path}`;
let firstPartyID = getOrCreateID("userID3");
let crossSiteIframeID;
let sameSiteIframeID;
let crossSiteIframe;
let crossSiteIframeAboutBlankID;
let frameMessageCount = 0;

promise_test(async t => {
  localStorage.clear();

  // Step 1. Add a cross-site iframe
  return addIframePromise(crossSiteURL).then(async crossSiteIframe => {
    return new Promise(resolve => {
      window.addEventListener("message", async e => {
        const payload = {
          command: "open about:blank window"
        }

        if (e.data.message === "window loaded") {
          // Step 2. cross-site iframe is loaded, capture reference to its ID
          crossSiteIframeID = e.data.userID;
          // Step 3. Ask the cross-site iframe to create an about:blank window
          crossSiteIframe.contentWindow.postMessage(payload, e.origin);
        }

        if (e.data.message === "about:blank frame ID") {
          // Step 4. capture reference to 3P iframe's about:blank window ID
          crossSiteIframeAboutBlankID = e.data.userID;
          crossSiteIframe.contentWindow.postMessage(
            {command: "close about:blank window"}, "*");
        }

        if (e.data.message === "about:blank window closed") {
          resolve({crossSiteIframeID, crossSiteIframeAboutBlankID});
        }
      });
    }).then(ids => {
      const {
        crossSiteIframeID,
        crossSiteIframeAboutBlankID
      } = ids;
      // Step 5. Assert some things
      for (let id in ids) {
        assert_true(id !== undefined, "id is not undefined");
      }
      // Note: we use assert_true, rather than assert_equals becuase we're
      // setting random numbers as IDs - this would mean expectations
      // files wouldn't work as intended.
      assert_true(crossSiteIframeAboutBlankID !== crossSiteIframeID,
        "about:blank window opened by 3P iframe does not inherit 3P iframe's StorageKey");
      assert_true(firstPartyID !== crossSiteIframeAboutBlankID,
        "about:blank window open by 3P iframe does not inherit 1P StorageKey");

      localStorage.clear();
    })
  });


}, "StorageKey: test 3P about:blank window opened from a 3P iframe");
</script>
</body>