diff options
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-opener-policy/coop-coep-sandbox.https.html')
| -rw-r--r-- | testing/web-platform/tests/html/cross-origin-opener-policy/coop-coep-sandbox.https.html | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/coop-coep-sandbox.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/coop-coep-sandbox.https.html new file mode 100644 index 0000000000..4b94435119 --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-opener-policy/coop-coep-sandbox.https.html @@ -0,0 +1,59 @@ +<!doctype html> +<title>Sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel --> +<div id=log> +<script> +[ + "allow-popups allow-scripts allow-same-origin", + "allow-popups allow-scripts", +].forEach(sandboxValue => { + async_test(t => { + const frame = document.createElement("iframe"); + const channel = new BroadcastChannel(token()); + channel.onmessage = t.unreached_func("A COOP popup was created from a sandboxed frame"); + t.add_cleanup(() => frame.remove()); + frame.sandbox = sandboxValue; + frame.srcdoc = `<script> + const popup = window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}"); + <\/script>`; + document.body.append(frame); + addEventListener('load', t.step_func(() => { + // This uses a timeout to give some time for incorrect implementations to broadcast. A + // theoretical testdriver.js API for browsing contexts could be used to speed this up. + t.step_timeout(() => { + t.done() + }, 1500); + })); + }, `<iframe sandbox="${sandboxValue}"> ${document.title}`); +}); + +// Verify that the popup does not have sandboxing flags set +async_test(t => { + const frame = document.createElement("iframe"); + const channel = new BroadcastChannel(token()); + channel.onmessage = t.step_func_done(); + t.add_cleanup(() => frame.remove()); + frame.sandbox = "allow-popups allow-scripts allow-popups-to-escape-sandbox"; + frame.srcdoc = `<script> +window.open("resources/coop-coep.py?coop=same-origin&coep=require-corp&channel=${channel.name}"); +<\/script>`; + document.body.append(frame); +}, `<iframe sandbox="allow-popups allow-scripts allow-popups-to-escape-sandbox"> ${document.title}`); + +async_test(t => { + const frame = document.createElement("iframe"); + const channel = new BroadcastChannel(token()); + frame.sandbox = "allow-scripts allow-same-origin"; + frame.name = `iframe-${channel.name}`; + frame.src = `resources/coop-coep.py?coop=same-origin&coep=require-corp&channel=${channel.name}`; + channel.onmessage = t.step_func( event => { + const payload = event.data; + assert_equals(payload.name, frame.name, "name"); + t.done(); + }); + t.add_cleanup(() => frame.remove()); + document.body.append(frame); +}, `Iframe with sandbox and COOP must load.`); +</script> |