Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 83 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html
new file mode 100644
index 0000000000..0cdc03ce92
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+<title>about:blank in popup inherits CSPs from the navigation initiator</title>
+<body>
+
+<script>
+  const message_from = (source_token, w) => {
+    return new Promise(resolve => {
+      window.addEventListener('message', msg => {
+        if (msg.data.token === source_token)
+          resolve(msg.data.msg);
+      });
+    });
+  };
+
+  const testCases = [
+    {
+      previous_origin: window.origin,
+      name: "Popup being navigated to about:blank was same-origin.",
+    },
+    {
+      previous_origin: "http://{{hosts[alt][]}}:{{ports[http][0]}}",
+      name: "Popup being navigated to about:blank was cross-origin.",
+    },
+  ];
+
+  testCases.forEach(testCase => {
+    promise_test(async t => {
+      // Create a popup and navigate it.
+      const popup_token = token();
+      // const popup = window.open("about:blank", testCase.name);
+      const loaded = message_from(popup_token);
+      const popup = window.open(
+        testCase.previous_origin +
+          "/content-security-policy/inheritance/support" +
+          `/postmessage-opener.html?token=${popup_token}`,
+        testCase.name);
+      t.add_cleanup(() => popup.close());
+
+      assert_equals(await loaded, "ready");
+
+      // Navigate the popup to "about:blank".
+      window.open("about:blank", testCase.name);
+      await t.step_wait(
+        condition = () => {
+          try {
+            return popup.location.href == "about:blank";
+          } catch {}
+          return false;
+        },
+        description = "Wait for the popup to navigate.",
+        timeout=3000,
+        interval=50);
+
+      // Now create an img in the popup and check if it is blocked by CSPs.
+      const script = popup.document.createElement('script');
+      script.innerText = `
+        function messageBack(msg) {
+          opener.postMessage(msg ,"*");
+        }
+      `;
+      popup.document.head.appendChild(script);
+      const div = popup.document.createElement('div');
+
+      const img_token = token();
+      const img_url = window.origin + "/content-security-policy/support/fail.png";
+      div.innerHTML = `
+        <img src="${img_url}"
+             onload="messageBack({msg: 'img loaded', token: '${img_token}'});"
+             onerror="messageBack({msg: 'img blocked', token: '${img_token}'});"
+        >
+      `;
+
+      const msg = message_from(img_token);
+      popup.document.body.appendChild(div);
+      assert_equals(await msg, "img blocked");
+    }, testCase.name);
+  });
+</script>