summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/cross-origin-embedder-policy/header-parsing.https.html
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-embedder-policy/header-parsing.https.html')
-rw-r--r--testing/web-platform/tests/html/cross-origin-embedder-policy/header-parsing.https.html85
1 files changed, 85 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-embedder-policy/header-parsing.https.html b/testing/web-platform/tests/html/cross-origin-embedder-policy/header-parsing.https.html
new file mode 100644
index 0000000000..7a25eed51f
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/header-parsing.https.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html>
+<html>
+ <meta charset="utf-8">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+'use strict';
+function createIframe(t, values) {
+ const parent = document.createElement('iframe');
+ const child = document.createElement('iframe');
+ const params = values.map((value) => {
+ const percentEncodedValue = typeof value === "object" ? value.percentEncoded : encodeURIComponent(value);
+ return `value=${percentEncodedValue}`;
+ });
+ parent.setAttribute('src', `resources/empty-coep.py?${params.join("&")}`);
+ document.body.appendChild(parent);
+ t.add_cleanup(() => parent.remove());
+
+ return new Promise((resolve, reject) => {
+ parent.onload = resolve;
+ parent.onerror = () =>
+ reject(new Error(`failed to load from ${parent.src}`));
+ })
+ .then(() => {
+ child.setAttribute('src', '/common/blank.html');
+ parent.contentDocument.body.appendChild(child);
+ return new Promise((resolve) => {
+ child.onload = resolve;
+ child.onerror = () =>
+ reject(new Error(`failed to load from ${child.src}`));
+ });
+ })
+ .then(() => child);
+}
+
+[
+ [],
+ [''],
+ ['jibberish'],
+ [{ percentEncoded: 'require%FFcorp' }], // non-ASCII byte
+ ['require-corp;'],
+ ['\u000brequire-corp\u000b'], // vertical tab
+ ['\u000crequire-corp\u000c'], // form feed
+ ['\u000drequire-corp\u000d'], // carriage return
+ ['Require-corp'],
+ ['"require-corp"'], // HTTP structured header "string" item
+ [':cmVxdWlyZS1jb3Jw:'], // HTTP structured header "byte sequence" item
+ ['require-corp;\tfoo=bar'],
+ ['require-corp require-corp'],
+ ['require-corp,require-corp'],
+ ['require-corp', 'require-corp'],
+ ['', 'require-corp'],
+ ['require-corp', ''],
+].forEach((values) => {
+ promise_test((t) => {
+ return createIframe(t, values)
+ .then((child) => {
+ assert_not_equals(child.contentDocument, null);
+ });
+ }, 'navigation allowed for ' + JSON.stringify(values));
+});
+
+[
+ ['require-corp'],
+ [' require-corp '],
+ ['\trequire-corp\t'], // leading and trailing OWS is not part of the field-value per HTTP
+ [' \trequire-corp'],
+ ['require-corp\t '],
+ ['require-corp; foo=bar'],
+ ['require-corp;require-corp'],
+ ['require-corp; report-to="data:', '"'], // `require-corp; report-to="data:, "`
+
+].forEach((values) => {
+ promise_test((t) => {
+ return createIframe(t, values)
+ .then((child) => {
+ assert_equals(child.contentDocument, null);
+ });
+ }, 'navigation blocked for ' + JSON.stringify(values));
+});
+</script>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 20:44:55 +0000