diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html new file mode 100644 index 0000000000..4621c57d45 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/inheritance/inheritance-from-initiator.sub.html @@ -0,0 +1,173 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> + +<meta http-equiv="Content-Security-Policy" content="img-src http://{{hosts[][www]}}:{{ports[http][0]}}"> +<body> + <script> + let message_from = w => { + return new Promise(resolve => { + window.addEventListener('message', msg => { + if (msg.source == w) { + resolve(msg.data); + } + }); + }); + }; + + // `iframe_a` and `iframe_b` are two helper iframes with different + // CSPs. + let iframe_a, iframe_b; + + // Setup `iframe_a` and `iframe_b`. + promise_setup(async () => { + iframe_a = document.createElement('iframe'); + iframe_a.src = "./support/iframe-do.sub.html?" + + "img-src=http://{{hosts[][www1]}}:{{ports[http][0]}}"; + document.body.appendChild(iframe_a); + await message_from(iframe_a.contentWindow); + + iframe_b = document.createElement('iframe'); + iframe_b.id = 'iframe_b'; + iframe_b.src = "./support/iframe-do.sub.html?" + + "img-src=http://{{hosts[][www2]}}:{{ports[http][0]}}"; + document.body.appendChild(iframe_b); + await message_from(iframe_b.contentWindow); + }); + + let test_iframe_id_counter = 0; + + // Helper function to create the target iframe of a navigation. + let create_test_iframe = async () => { + let test_iframe = document.createElement('iframe'); + test_iframe.id = "test_iframe_" + test_iframe_id_counter++; + test_iframe.name = test_iframe.id; + document.body.appendChild(test_iframe); + return test_iframe; + } + + // The following code will try loading several images and check + // whether CSP has been inherited by the parent ("p"), `iframe_a` + // ("a") or `iframe_b` ("b"). It will post a message to the top + // with the result. + let data_payload = ` + <body><script> + new Promise(async (resolve, reject) => { + const img_path = "/content-security-policy/support/pass.png"; + + let img_loaded = (origin) => new Promise(resolve => { + let img = document.createElement('img'); + img.onerror = () => resolve(false); + img.onload = () => resolve(true); + img.src = origin + img_path; + document.body.appendChild(img); + }); + + inherited_from_p = await img_loaded( + "http://{{hosts[][www]}}:{{ports[http][0]}}"); + inherited_from_a = await img_loaded( + "http://{{hosts[][www1]}}:{{ports[http][0]}}"); + inherited_from_b = await img_loaded( + "http://{{hosts[][www2]}}:{{ports[http][0]}}"); + + if (inherited_from_a + inherited_from_b + + inherited_from_p !== 1) { + reject("Exactly one CSP should be inherited"); + } + if (inherited_from_a) resolve("a"); + if (inherited_from_b) resolve("b"); + if (inherited_from_p) resolve("p"); + }).then(from => top.postMessage(from, '*'), + error => top.postMessage(error, '*')); + </scr`+`ipt></body> + `; + + let data_url = "data:text/html;base64," + btoa(data_payload); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + iframe_a.contentWindow.postMessage( + `parent.document.getElementById('${test_iframe.id}').src = '${data_url}'`); + + assert_equals(await message_from(test_iframe.contentWindow), "p"); + }, "Setting src inherits from parent."); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + iframe_a.contentWindow.postMessage( + `parent.document.getElementById('${test_iframe.id}').contentWindow.location = '${data_url}'`); + + assert_equals(await message_from(test_iframe.contentWindow), "a"); + }, "Changing contentWindow.location inherits from who changed it."); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + window.navigate_test_iframe = () => { + test_iframe.contentWindow.location = data_url; + }; + iframe_a.contentWindow.postMessage(`parent.navigate_test_iframe();`); + assert_equals(await message_from(test_iframe.contentWindow), "p"); + }, "Changing contentWindow.location indirectly inherits from who changed it directly."); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + iframe_a.contentWindow.postMessage( + `window.open('${data_url}', "${test_iframe.name}")`); + + assert_equals(await message_from(test_iframe.contentWindow), "a"); + }, "window.open() inherits from caller."); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + let a = iframe_b.contentDocument.createElement('a'); + a.id = 'a'; + a.href = data_url; + a.target = test_iframe.name; + iframe_b.contentDocument.body.appendChild(a); + + iframe_a.contentWindow.postMessage( + `parent.document.getElementById('iframe_b').contentDocument.getElementById('a').click();`); + + assert_equals(await message_from(test_iframe.contentWindow), "b"); + iframe_b.contentDocument.body.removeChild(a); + }, "Click on anchor inherits from owner of the anchor."); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + let form = iframe_b.contentDocument.createElement('form'); + form.id = 'form'; + form.action = data_url; + form.target = test_iframe.name; + form.method = "POST"; + iframe_b.contentDocument.body.appendChild(form); + + iframe_a.contentWindow.postMessage( + `parent.document.getElementById('iframe_b').contentDocument.getElementById('form').submit();`); + + assert_equals(await message_from(test_iframe.contentWindow), "b"); + iframe_b.contentDocument.body.removeChild(form); + }, "Form submission through submit() inherits from owner of form."); + + promise_test(async t => { + let test_iframe = await create_test_iframe(); + let form = iframe_b.contentDocument.createElement('form'); + form.id = 'form'; + form.action = data_url; + form.target = test_iframe.name; + form.method = "POST"; + iframe_b.contentDocument.body.appendChild(form); + let button = iframe_b.contentDocument.createElement('button'); + button.type = "submit"; + button.value = "submit"; + button.id = "button"; + form.appendChild(button); + + iframe_a.contentWindow.postMessage( + `parent.document.getElementById('iframe_b').contentDocument.getElementById('button').click();`); + + assert_equals(await message_from(test_iframe.contentWindow), "b"); + iframe_b.contentDocument.body.removeChild(form); + }, "Form submission through button click inherits from owner of form."); + + </script> +</body> |