1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
<!doctype html>
<title>Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy: blob URL popup</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/get-host-info.sub.js></script>
<script src=../cross-origin-embedder-policy/resources/script-factory.js></script>
<script>
["window.open()", "<a>", "<a rel=noopener>"].forEach(type => {
promise_test(t => {
const origins = get_host_info();
const id = `tut mir leid ${type}`;
const blob = new Blob([`<script>${createScript(origins.ORIGIN, origins.HTTPS_REMOTE_ORIGIN, "channel", id)}<\/script>`], {type: "text/html"});
const blobURL = URL.createObjectURL(blob);
const bc = new BroadcastChannel(id);
if (type === "window.open()") {
const popup = window.open(blobURL);
t.add_cleanup(() => popup.close());
popup.onload = t.step_func(() => {
assert_equals(popup.opener, window);
assert_equals(popup.location.href, blobURL);
assert_equals(popup.document.URL, blobURL);
assert_equals(popup.origin, window.origin);
});
} else {
const a = document.createElement("a");
a.target = type;
if (type === "<a rel=noopener>") {
a.rel = "noopener";
}
a.href = blobURL;
a.click();
}
return new Promise(resolve => {
bc.onmessage = t.step_func(({ data }) => {
assert_equals(data.id, id);
assert_equals(data.origin, window.origin);
assert_true(data.sameOriginNoCORPSuccess, "Same-origin without CORP did not succeed");
assert_true(data.crossOriginNoCORPFailure, "Cross-origin without CORP did not fail");
if (type === "<a rel=noopener>") {
assert_false(data.opener, 'opener');
} else {
assert_true(data.opener, 'opener');
}
resolve();
});
});
}, `COOP+COEP blob URL popup: ${type}`);
});
</script>
|
