Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 118 insertions, 0 deletions

diff --git a/testing/web-platform/tests/fenced-frame/disallowed-navigations.https.html b/testing/web-platform/tests/fenced-frame/disallowed-navigations.https.html
new file mode 100644
index 0000000000..5cde50d420
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/disallowed-navigations.https.html
@@ -0,0 +1,118 @@
+<!DOCTYPE html>
+<title>Fenced frame disallowed navigations</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
+<script src="resources/utils.js"></script>
+<script src="/fetch/local-network-access/resources/support.sub.js"></script>
+
+<body>
+
+<script>
+// Baseline tests:
+//   - Embedder can navigate iframe to blob: URL
+//   - Embedder can navigate iframe to data: URL
+//   - Same-origin embedder can navigate iframe to javascript: URL
+//   - Embedder can navigate iframe to http: URL
+// Fenced frame tests:
+//   - Embedder cannot navigate fenced frame to blob: URL
+//   - Embedder cannot navigate fenced frame to data: URL
+//   - Same-origin embedder cannot navigate fenced frame to
+//     javascript: URL
+//   - Embedder cannot navigate fenced frame to http: URL
+
+// Fenced frames are always put in the public IP address space which is the
+// least privileged. In case a navigation to a local data: URL or blob: URL
+// resource is allowed, they would only be able to fetch things that are *also*
+// in the public IP address space. So for the document described by these local
+// URLs, we'll set them up to only communicate back to the outer page via
+// resources obtained in the public address space.
+const kPublicUtils = resolveUrl("resources/utils.js", Server.HTTPS_PUBLIC);
+
+// These are just baseline tests asserting that this test's machinery to load
+// blob:, data:, and javascript: URLs work properly in contexts where they are
+// expected to.
+promise_test(async () => {
+  const key = token();
+  attachIFrame(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
+  const result = await nextValueFromServer(key);
+  assert_equals(result, "LOADED");
+}, "iframe data: URL");
+
+promise_test(async () => {
+  const key = token();
+  const blobURL = URL.createObjectURL(
+      new Blob([`${createLocalSource(key, kPublicUtils)}`],
+               {type: 'text/html'}));
+  attachIFrame(blobURL);
+  const result = await nextValueFromServer(key);
+  assert_equals(result, "LOADED");
+}, "iframe blob: URL");
+
+promise_test(async () => {
+  const iframe = attachIFrameContext();
+  iframe.src = "javascript:window.jsURLExecuted = true;"
+  await iframe.execute(async () => {
+    assert_equals(window.jsURLExecuted, true);
+  });
+}, "iframe javascript: URL");
+
+// The following tests ensure that an embedder cannot navigate a fenced frame
+// to:
+//   - data: URLs
+//   - blob: URLs
+//   - javascript: URLs
+//   - http: URLs
+function getTimeoutPromise(t) {
+  return new Promise(resolve =>
+      t.step_timeout(() => resolve("NOT LOADED"), 2000));
+}
+
+promise_test(async t => {
+  const key = token();
+  attachFencedFrame(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
+  const loaded_promise = nextValueFromServer(key);
+  const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
+  assert_equals(result, "NOT LOADED");
+}, `fenced frame data: URL`);
+
+promise_test(async t => {
+  const key = token();
+  const blobURL = URL.createObjectURL(
+      new Blob([`${createLocalSource(key, kPublicUtils)}`],
+               {type: 'text/html'}));
+  attachFencedFrame(blobURL);
+  const loaded_promise = nextValueFromServer(key);
+  const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
+  assert_equals(result, "NOT LOADED");
+}, `fenced frame blob: URL`);
+
+promise_test(async t => {
+  const fencedframe = attachFencedFrameContext();
+  fencedframe.src = "javascript:window.jsURLExecuted = true;"
+  // Just in case the javascript URL executes asynchronously, let's wait for
+  // it.
+  await getTimeoutPromise(t);
+  await fencedframe.execute(async () => {
+    assert_equals(window.jsURLExecuted, undefined);
+  });
+}, `fenced frame javascript: URL`);
+
+promise_test(async t => {
+  const key = token();
+  let http_url = new URL("resources/embeddee.html",
+      get_host_info().HTTP_ORIGIN + location.pathname);
+  http_url = generateURL(http_url, [key]);
+  assert_equals(http_url.protocol, "http:");
+  const fencedframe = attachFencedFrame(http_url);
+  const loaded_promise = nextValueFromServer(key);
+  const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
+  assert_equals(result, "NOT LOADED");
+}, `fenced frame http: URL`);
+
+</script>
+
+</body>