summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.js
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/html/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.js')
-rw-r--r--testing/web-platform/tests/html/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.js67
1 files changed, 67 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.js b/testing/web-platform/tests/html/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.js
new file mode 100644
index 0000000000..fbdeeab4ed
--- /dev/null
+++ b/testing/web-platform/tests/html/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.js
@@ -0,0 +1,67 @@
+// META: timeout=long
+// META: script=/common/get-host-info.sub.js
+// META: script=/common/utils.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
+
+const {ORIGIN, REMOTE_ORIGIN} = get_host_info();
+const control_iframe = document.createElement('iframe');
+const iframe_credentialless = document.createElement('iframe');
+
+promise_setup(async t => {
+ const createControlIframe = new Promise(async resolve => {
+ control_iframe.onload = resolve;
+ control_iframe.src = ORIGIN + `/common/blank.html`;
+ document.body.append(control_iframe);
+ });
+
+ const createIframeCredentialless = new Promise(async resolve => {
+ iframe_credentialless.onload = resolve;
+ iframe_credentialless.src = ORIGIN + `/common/blank.html`;
+ iframe_credentialless.credentialless = true;
+ document.body.append(iframe_credentialless);
+ });
+
+ await Promise.all([createControlIframe, createIframeCredentialless]);
+});
+
+// Create cross-origin popup from iframes. The opener should be blocked for
+// credentialless iframe and work for normal iframe.
+promise_test(async t => {
+ const control_token = token();
+ const control_src = REMOTE_ORIGIN + executor_path + `&uuid=${control_token}`;
+ const control_popup = control_iframe.contentWindow.open(control_src);
+ add_completion_callback(() => send(control_token, "close();"));
+ assert_equals(
+ control_popup.opener, control_iframe.contentWindow,
+ "Opener from normal iframe should be available.");
+
+ const credentialless_token = token();
+ const credentialless_src =
+ REMOTE_ORIGIN + executor_path + `&uuid=${credentialless_token}`;
+ const credentialless_popup =
+ iframe_credentialless.contentWindow.open(credentialless_src);
+ add_completion_callback(() => send(credentialless_token, "close();"));
+ assert_equals(credentialless_popup, null,
+ "Opener from credentialless iframe should be blocked.");
+}, 'Cross-origin popup from normal/credentiallessiframes.');
+
+// Create a same-origin popup from iframes. The opener should be blocked for
+// credentialless iframe and work for normal iframe.
+promise_test(async t => {
+ const control_token = token();
+ const control_src = ORIGIN + executor_path + `&uuid=${control_token}`;
+ const control_popup = control_iframe.contentWindow.open(control_src);
+ add_completion_callback(() => send(control_token, "close();"));
+ assert_equals(
+ control_popup.opener, control_iframe.contentWindow,
+ "Opener from normal iframe should be available.");
+
+ const credentialless_token = token();
+ const credentialless_src =
+ ORIGIN + executor_path + `&uuid=${credentialless_token}`;
+ const credentialless_popup = iframe_credentialless.contentWindow.open(credentialless_src);
+ add_completion_callback(() => send(credentialless_token, "close();"));
+ assert_equals(credentialless_popup, null,
+ "Opener from credentialless iframe should be blocked.");
+}, 'Same-origin popup from normal/credentialless iframes.');