diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
| commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
| tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html | |
| parent | Initial commit. (diff) | |
| download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip | |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html')
| -rw-r--r-- | testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html new file mode 100644 index 0000000000..412b3ac346 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/history-iframe.sub.html @@ -0,0 +1,178 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/utils.js"></script> + +<meta http-equiv="Content-Security-Policy" content="img-src 'none'"> +<body> +<script> + let message_from = (source_token, starts_with) => { + return new Promise(resolve => { + window.addEventListener('message', msg => { + if (msg.data.token === source_token) { + if (!starts_with || msg.data.msg.startsWith(starts_with)) + resolve(msg.data.msg); + } + }); + }); + }; + + const img_url = window.origin + "/content-security-policy/support/fail.png"; + + const img_tag_string = img_token => ` + <img src="${img_url}" + onload="top.postMessage( + {msg: 'img loaded', token: '${img_token}'}, '*');" + onerror="top.postMessage( + {msg: 'img blocked', token: '${img_token}'}, '*');" + > + `; + + const html_test_payload = img_token => ` + <!doctype html> + <script> + function add_image() { + let img = document.createElement('img'); + img.onload = () => top.postMessage( + {msg: 'img loaded', token: '${img_token}'}, '*'); + img.onerror = () => top.postMessage( + {msg: 'img blocked', token: '${img_token}'}, '*'); + img.src = '${img_url}'; + document.body.appendChild(img); + } + </scr`+`ipt> + <body onpageshow="add_image();"></body> + `; + let blob_url = blob_token => URL.createObjectURL( + new Blob([html_test_payload(blob_token)], { type: 'text/html' })); + + let write_img_to_about_blank = async (t, iframe, img_token) => { + await t.step_wait( + condition = () => { + try { + return iframe.contentWindow.location.href == "about:blank"; + } catch {} + return false; + }, + description = "Wait for the iframe to navigate.", + timeout=6000, + interval=50); + + let div = iframe.contentDocument.createElement('div'); + div.innerHTML = img_tag_string(img_token); + iframe.contentDocument.body.appendChild(div); + }; + + let testCases = [ + test_token => ({ + token: test_token, + url: "about:blank", + add_img_function: (t, iframe) => + write_img_to_about_blank(t, iframe, test_token), + other_origin: window.origin, + name: '"about:blank" document is navigated back from history same-origin.', + }), + test_token => ({ + token: test_token, + url: "about:blank", + add_img_function: (t, iframe) => + write_img_to_about_blank(t, iframe, test_token), + other_origin: "http://{{hosts[alt][]}}:{{ports[http][0]}}", + name: '"about:blank" document is navigated back from history cross-origin.', + }), + test_token => ({ + token: test_token, + url: blob_url(test_token), + other_origin: window.origin, + name: 'blob URL document is navigated back from history same-origin.', + }), + test_token => ({ + token: test_token, + url: blob_url(test_token), + other_origin: "http://{{hosts[alt][]}}:{{ports[http][0]}}", + name: 'blob URL document is navigated back from history cross-origin.', + }), + test_token => ({ + token: test_token, + url: `data:text/html,${html_test_payload(test_token)}`, + other_origin: window.origin, + name: 'data URL document is navigated back from history same-origin.', + }), + test_token => ({ + token: test_token, + url: `data:text/html,${html_test_payload(test_token)}`, + other_origin: "http://{{hosts[alt][]}}:{{ports[http][0]}}", + name: 'data URL document is navigated back from history cross-origin.', + }), + test_token => ({ + token: test_token, + srcdoc: `${html_test_payload(test_token)}`, + other_origin: window.origin, + name: 'srcdoc iframe is navigated back from history same-origin.', + }), + test_token => ({ + token: test_token, + srcdoc: `${html_test_payload(test_token)}`, + other_origin: "http://{{hosts[alt][]}}:{{ports[http][0]}}", + name: 'srcdoc iframe is navigated back from history cross-origin.', + }), + ].map(f => f(token())); + + testCases.forEach(testCase => { + promise_test(async t => { + // Create an iframe. + let iframe = document.createElement('iframe'); + document.body.appendChild(iframe); + + // Perform a real navigation in the iframe. This is needed because the + // initial empty document is not stored in history (so there is no way of + // navigating back to it and test history inheritance). + const token_1 = token(); + let loaded_1 = message_from(token_1); + iframe.contentWindow.location = testCase.other_origin + + "/content-security-policy/inheritance/support" + + `/postmessage-top.html?token=${token_1}`; + assert_equals(await loaded_1, "ready", + "Could not navigate iframe."); + + // Navigate to the local scheme document. + let message = message_from(testCase.token); + if (testCase.url) + iframe.contentWindow.location = testCase.url; + else + iframe.srcdoc = testCase.srcdoc; + + // If the local scheme document is "about:blank", we need to write its + // content now. + if (testCase.add_img_function) { + testCase.add_img_function(t, iframe); + } + + // Check that the local scheme document inherits CSP from the initiator. + assert_equals(await message, "img blocked", + "Image should be blocked by CSP inherited from navigation initiator."); + + // Navigate to another page, which will navigate back. + const token_2 = token(); + let loaded_2 = message_from(token_2, "ready"); + let message_2 = message_from(testCase.token, "img"); + iframe.contentWindow.location = testCase.other_origin + + "/content-security-policy/inheritance/support" + + `/message-top-and-navigate-back.html?token=${token_2}`; + assert_equals(await loaded_2, "ready", + "Could not navigate iframe."); + + // If the local scheme document is "about:blank", we need to write its + // content again. + if (testCase.add_img_function) { + testCase.add_img_function(t, iframe); + } + + // Check that the local scheme document reloaded from history still has + // the original CSPs. + assert_equals(await message_2, "img blocked", + "Image should be blocked by CSP reloaded from history."); + }, "History navigation in iframe: " + testCase.name); + }); +</script> +</body> |