diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js | |
parent | Initial commit. (diff) | |
download | thunderbird-upstream.tar.xz thunderbird-upstream.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js new file mode 100644 index 0000000000..6e816e89b3 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js @@ -0,0 +1,147 @@ +var SAME_ORIGIN = true; +var CROSS_ORIGIN = false; + +var EXPECT_BLOCK = true; +var EXPECT_LOAD = false; + +var SAMEORIGIN_ORIGIN = "{{location[scheme]}}://{{location[host]}}"; +var CROSSORIGIN_ORIGIN = "http://{{domains[www1]}}:{{ports[http][1]}}"; + +var test; + +function endTest(failed, message) { + if (typeof test === 'undefined') return; + + if (failed) { + test.step(function() { + assert_unreached(message); + test.done(); + }); + } + else test.done({message: message}); +} + +window.addEventListener("message", function (e) { + if (window.parent != window) + window.parent.postMessage(e.data, "*"); + else + if (e.data.type === 'test_result') + endTest(e.data.failed, "Inner IFrame msg: " + e.data.message); +}); + +function injectNestedIframe(policy, parent, child, expectation, isSandboxed) { + var iframe = document.createElement("iframe"); + + var url = "/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html" + + "?policy=" + policy + + "&parent=" + parent + + "&child=" + child + + "&expectation=" + expectation; + url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url; + + iframe.src = url; + + if (isSandboxed) + iframe.sandbox = 'allow-scripts'; + + document.body.appendChild(iframe); +} + +let timer; +function pollForLoadCompletion({iframe, expectBlock}) { + let fn = iframeLoaded({expectBlock, isPoll: true}); + timer = test.step_timeout(() => fn({target: iframe}), 10); +} + +function injectIFrame(policy, sameOrigin, expectBlock) { + var iframe = document.createElement("iframe"); + iframe.addEventListener("load", iframeLoaded({expectBlock, isPoll: false})); + iframe.addEventListener("error", iframeLoaded({expectBlock, isPoll: false})); + + var url = "/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html?policy=" + policy; + if (sameOrigin) + url = SAMEORIGIN_ORIGIN + url; + else + url = CROSSORIGIN_ORIGIN + url; + + iframe.src = url; + document.body.appendChild(iframe); + pollForLoadCompletion({iframe, expectBlock}); +} + +function iframeLoaded({isPoll, expectBlock}) { + return function(ev) { + clearTimeout(timer); + var failed = true; + var message = ""; + try { + let url = ev.target.contentWindow.location.href; + if (isPoll && (url === "about:blank" || ev.target.contentDocument.readyState !== "complete")) { + pollForLoadCompletion({iframe: ev.target, expectBlock}); + return; + } + if (expectBlock) { + message = "The IFrame should have been blocked (or cross-origin). It wasn't."; + failed = true; + } else { + message = "The IFrame should not have been blocked. It wasn't."; + failed = false; + } + } catch (ex) { + if (expectBlock) { + message = "The IFrame should have been blocked (or cross-origin). It was."; + failed = false; + } else { + message = "The IFrame should not have been blocked. It was."; + failed = true; + } + } + if (window.parent != window) + window.parent.postMessage({type: 'test_result', failed: failed, message: message}, '*'); + else + endTest(failed, message); + }; +} + +function originFrameShouldBe(child, expectation, policy) { + if (child == "cross" && expectation == "blocked") crossOriginFrameShouldBeBlocked(policy); + if (child == "same" && expectation == "blocked") sameOriginFrameShouldBeBlocked(policy); + if (child == "cross" && expectation == "allowed") crossOriginFrameShouldBeAllowed(policy); + if (child == "same" && expectation == "allowed") sameOriginFrameShouldBeAllowed(policy); +} + +function crossOriginFrameShouldBeBlocked(policy) { + window.onload = function () { + injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK); + }; +} + +function crossOriginFrameShouldBeAllowed(policy) { + window.onload = function () { + injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD); + }; +} + +function sameOriginFrameShouldBeBlocked(policy) { + window.onload = function () { + injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK); + }; +} + +function sameOriginFrameShouldBeAllowed(policy) { + window.onload = function () { + injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD); + }; +} + +function testNestedIFrame(policy, parent, child, expectation) { + window.onload = function () { + injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", false /* isSandboxed */); + }; +} + +function testNestedSandboxedIFrame(policy, parent, child, expectation) { + window.onload = function () { + injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", true /* isSandboxed */); + }; +} |