<!doctype html> <title>Navigating to text fragment directives in iframes</title> <meta charset=utf-8> <link rel="help" href="https://wicg.github.io/ScrollToTextFragment/"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <script> function getResult(iframe) { return new Promise((resolve) => { window.addEventListener('message', (e) => { resolve(e.data); }, {once: true}); iframe.contentWindow.postMessage('getResult', '*'); }); } function reset(iframe) { return new Promise((resolve) => { window.addEventListener('message', (e) => { resolve(); }, {once: true}); iframe.contentWindow.postMessage('reset', '*'); }); } function runTests() { const attribute_iframe = document.getElementById('srcattrib'); const sameorigin_iframe = document.getElementById('sameorigin'); const crossorigin_iframe = document.getElementById('crossorigin'); // Check behavior that occurs when a text fragment is specified directly in // an iframe's src attribute. We expect the text fragment to be blocked. promise_test(t => new Promise(async resolve => { // No reset since we're checking the hash specified in the `src` attribute. const data = await getResult(attribute_iframe); resolve(data); }).then( data => { assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.'); assert_equals(data.scrollPosition, 'top', 'Should not scroll to text fragment'); }), 'Text fragment specified in iframe.src'); // Check behavior when we set a text fragment using script from a // same-origin parent. The text fragment should be allowed because this is // a same-document navigation initiated by an origin that's same-origin // with the current document. promise_test(t => new Promise(async resolve => { await reset(sameorigin_iframe); sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#:~:text=Target`; const data = await getResult(sameorigin_iframe); resolve(data); }).then( data => { assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.'); assert_equals(data.scrollPosition, 'target', 'Should scroll to text fragment'); }), 'Navigate same-origin iframe via window.location'); // Check behavior when we set a text fragment using script from a // cross-origin parent. The text fragment should be blocked because the // initiating origin is not same-origin with the current document. promise_test(t => new Promise(async resolve => { await reset(crossorigin_iframe); crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#:~:text=Target`; const data = await getResult(crossorigin_iframe); resolve(data); }).then( data => { assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.'); assert_equals(data.scrollPosition, 'top', 'Should not to scroll to text fragment.'); }), 'Navigate cross-origin iframe via window.location'); // Check the element-id fallback behavior when the text is not found. We // should fallback to a regular element-id hash navigation. promise_test(t => new Promise(async resolve => { await reset(sameorigin_iframe); sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#elementid:~:text=NonExistentText`; const data = await getResult(sameorigin_iframe); resolve(data); }).then( data => { assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.'); }), 'Non-matching text with element-id fallback'); // Check the element-id fallback behaviour when used across origins. The // text fragment should be blocked across origins but the element id hash // should not. promise_test(t => new Promise(async resolve => { await reset(crossorigin_iframe); crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#elementid:~:text=Target%20Text`; const data = await getResult(crossorigin_iframe); resolve(data); }).then( data => { assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.'); }), 'Cross-origin with element-id fallback'); } </script> <style> iframe { width: 100px; height: 100px; } </style> <body onload="runTests()"> <div> Same-Origin with text fragment in src attribute: <iframe id="srcattrib" src="iframe-target.html#:~:text=Target"></iframe> </div> <div> Same-Origin: <iframe id="sameorigin" src="iframe-target.html"></iframe> </div> <div> Cross-Origin: <iframe id="crossorigin" src="http://{{hosts[][www]}}:{{ports[http][0]}}/scroll-to-text-fragment/iframe-target.html"></iframe> </div> </body>