diff options
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-opener-policy/coop-sandbox-cuts-opener.https.html')
-rw-r--r-- | testing/web-platform/tests/html/cross-origin-opener-policy/coop-sandbox-cuts-opener.https.html | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-opener-policy/coop-sandbox-cuts-opener.https.html b/testing/web-platform/tests/html/cross-origin-opener-policy/coop-sandbox-cuts-opener.https.html new file mode 100644 index 0000000000..47e6d0d6fe --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-opener-policy/coop-sandbox-cuts-opener.https.html @@ -0,0 +1,66 @@ +<!doctype html> +<title> + Sandboxed Cross-Origin-Opener-Policy popup should cut the opener if necessary +</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/dispatcher/dispatcher.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/common/utils.js"></script> +<script src="resources/common.js"></script> +<body> +<script> +const executor_path = "/common/dispatcher/executor.html?pipe="; +const coop_same_origin_header = + '|header(Cross-Origin-Opener-Policy,same-origin)'; +const coop_unsafe_none_header = + '|header(Cross-Origin-Opener-Policy,unsafe-none)'; + +function getExecutorPath(uuid, origin, coop_header) { + return origin.origin + executor_path + coop_header + `&uuid=${uuid}`; +} + +[ + "allow-popups allow-scripts allow-same-origin", + "allow-popups allow-scripts", +].forEach(sandboxValue => { + async_test(t => { + // Set up dispatcher communications. + const iframe_token = token(); + const popup_token = token(); + const main_frame_token_for_popup = token(); + const main_frame_token_for_iframe = token(); + + // Create a sandboxed iframe. + const iframe = document.createElement("iframe"); + iframe.sandbox = sandboxValue; + iframe.src = getExecutorPath(iframe_token, SAME_ORIGIN, + coop_unsafe_none_header); + document.body.append(iframe); + t.add_cleanup(() => iframe.remove()); + + // Open a COOP popup from the sandboxed iframe. + const popup_url = getExecutorPath(popup_token, + SAME_ORIGIN, + coop_same_origin_header); + send(iframe_token, `window.popup = window.open('${popup_url}')`); + + // This should fail. We ping the popup, if we get an answer it loaded. + send(popup_token, ` + send('${main_frame_token_for_popup}', 'Popup loaded'); + `); + receive(main_frame_token_for_popup) + .then(t.unreached_func("A COOP popup was created from a sandboxed frame")); + + // We delay probing the popup.closed property to give it time to settle. + t.step_timeout(() => { + send(iframe_token, + `send('${main_frame_token_for_iframe}', window.popup.closed);`); + }, 1500); + receive(main_frame_token_for_iframe) + .then(t.step_func_done(data => assert_equals(data, "true"))); + + }, `<iframe sandbox="${sandboxValue}"> ${document.title}`); +}); +</script> +</body> |