diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/html/anonymous-iframe/fenced-frame-bypass.tentative.https.window.js | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/html/anonymous-iframe/fenced-frame-bypass.tentative.https.window.js')
-rw-r--r-- | testing/web-platform/tests/html/anonymous-iframe/fenced-frame-bypass.tentative.https.window.js | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/anonymous-iframe/fenced-frame-bypass.tentative.https.window.js b/testing/web-platform/tests/html/anonymous-iframe/fenced-frame-bypass.tentative.https.window.js new file mode 100644 index 0000000000..354abffb9c --- /dev/null +++ b/testing/web-platform/tests/html/anonymous-iframe/fenced-frame-bypass.tentative.https.window.js @@ -0,0 +1,63 @@ +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js +// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js +// META: script=./resources/common.js +// META: timeout=long + +setup(() => { + assert_implements(window.HTMLFencedFrameElement, + "HTMLFencedFrameElement is not supported."); +}) + +// 4 actors: +// A (this document) +// ┌─────────────────────┴───────┐ +// ┌─┼────────────────────────┐ D (credentialless-iframe) +// │ B (fenced-frame) │ +// │ │ │ +// │ C (credentialless-iframe)│ +// └──────────────────────────┘ +// +// This test whether the two credentialless iframe can communicate and bypass the +// fencedframe boundary. This shouldn't happen. +promise_test(async test => { + const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; + const msg_queue = token(); + + // Create the the 3 actors. + const iframe_credentialless_1 = newIframeCredentialless(cross_origin); + const fenced_frame = newFencedFrame(cross_origin); + send(fenced_frame, ` + const importScript = ${importScript}; + await importScript("/common/utils.js"); + await importScript("/html/cross-origin-embedder-policy/credentialless" + + "/resources/common.js"); + await importScript("/html/anonymous-iframe/resources/common.js"); + const support_loading_mode_fenced_frame = + "|header(Supports-Loading-Mode,fenced-frame)"; + const iframe_credentialless_2 = newIframeCredentialless("${cross_origin}", + support_loading_mode_fenced_frame); + send("${msg_queue}", iframe_credentialless_2); + `); + const iframe_credentialless_2 = await receive(msg_queue); + + // Try to communicate using BroadCastChannel, in between the credentialless + // iframes. + const bc_key = token(); + send(iframe_credentialless_1, ` + const bc = new BroadcastChannel("${bc_key}"); + bc.onmessage = event => send("${msg_queue}", event.data); + send("${msg_queue}", "BroadcastChannel registered"); + `); + assert_equals(await receive(msg_queue), "BroadcastChannel registered"); + await send(iframe_credentialless_2, ` + const bc = new BroadcastChannel("${bc_key}"); + bc.postMessage("Can communicate"); + `); + test.step_timeout(() => { + send(msg_queue, "Cannot communicate"); + }, 4000); + + assert_equals(await receive(msg_queue), "Cannot communicate"); +}) |