1 files changed, 147 insertions, 0 deletions

diff --git a/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js
new file mode 100644
index 0000000000..6e816e89b3
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js
@@ -0,0 +1,147 @@
+var SAME_ORIGIN = true;
+var CROSS_ORIGIN = false;
+
+var EXPECT_BLOCK = true;
+var EXPECT_LOAD = false;
+
+var SAMEORIGIN_ORIGIN = "{{location[scheme]}}://{{location[host]}}";
+var CROSSORIGIN_ORIGIN = "http://{{domains[www1]}}:{{ports[http][1]}}";
+
+var test;
+
+function endTest(failed, message) {
+    if (typeof test === 'undefined') return;
+
+    if (failed) {
+        test.step(function() {
+            assert_unreached(message);
+            test.done();
+        });
+    }
+    else test.done({message: message});
+}
+
+window.addEventListener("message", function (e) {
+    if (window.parent != window)
+        window.parent.postMessage(e.data, "*");
+    else
+        if (e.data.type === 'test_result')
+            endTest(e.data.failed, "Inner IFrame msg: " + e.data.message);
+});
+
+function injectNestedIframe(policy, parent, child, expectation, isSandboxed) {
+    var iframe = document.createElement("iframe");
+
+    var url = "/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html"
+              + "?policy=" + policy
+              + "&parent=" + parent
+              + "&child=" + child
+              + "&expectation=" + expectation;
+    url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;
+
+    iframe.src = url;
+
+    if (isSandboxed)
+        iframe.sandbox = 'allow-scripts';
+
+    document.body.appendChild(iframe);
+}
+
+let timer;
+function pollForLoadCompletion({iframe, expectBlock}) {
+    let fn = iframeLoaded({expectBlock, isPoll: true});
+    timer = test.step_timeout(() => fn({target: iframe}), 10);
+}
+
+function injectIFrame(policy, sameOrigin, expectBlock) {
+    var iframe = document.createElement("iframe");
+    iframe.addEventListener("load", iframeLoaded({expectBlock, isPoll: false}));
+    iframe.addEventListener("error", iframeLoaded({expectBlock, isPoll: false}));
+
+    var url = "/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html?policy=" + policy;
+    if (sameOrigin)
+        url = SAMEORIGIN_ORIGIN + url;
+    else
+        url = CROSSORIGIN_ORIGIN + url;
+
+    iframe.src = url;
+    document.body.appendChild(iframe);
+    pollForLoadCompletion({iframe, expectBlock});
+}
+
+function iframeLoaded({isPoll, expectBlock}) {
+    return function(ev) {
+        clearTimeout(timer);
+        var failed = true;
+        var message = "";
+        try {
+            let url = ev.target.contentWindow.location.href;
+            if (isPoll && (url === "about:blank" || ev.target.contentDocument.readyState !== "complete")) {
+                pollForLoadCompletion({iframe: ev.target, expectBlock});
+                return;
+            }
+            if (expectBlock) {
+                message = "The IFrame should have been blocked (or cross-origin). It wasn't.";
+                failed = true;
+            } else {
+                message = "The IFrame should not have been blocked. It wasn't.";
+                failed = false;
+            }
+        } catch (ex) {
+            if (expectBlock) {
+                message = "The IFrame should have been blocked (or cross-origin). It was.";
+                failed = false;
+            } else {
+                message = "The IFrame should not have been blocked. It was.";
+                failed = true;
+            }
+        }
+        if (window.parent != window)
+            window.parent.postMessage({type: 'test_result', failed: failed, message: message}, '*');
+        else
+            endTest(failed, message);
+    };
+}
+
+function originFrameShouldBe(child, expectation, policy) {
+    if (child == "cross" && expectation == "blocked") crossOriginFrameShouldBeBlocked(policy);
+    if (child == "same" && expectation == "blocked") sameOriginFrameShouldBeBlocked(policy);
+    if (child == "cross" && expectation == "allowed") crossOriginFrameShouldBeAllowed(policy);
+    if (child == "same" && expectation == "allowed") sameOriginFrameShouldBeAllowed(policy);
+}
+
+function crossOriginFrameShouldBeBlocked(policy) {
+    window.onload = function () {
+        injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
+    };
+}
+
+function crossOriginFrameShouldBeAllowed(policy) {
+    window.onload = function () {
+        injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
+    };
+}
+
+function sameOriginFrameShouldBeBlocked(policy) {
+    window.onload = function () {
+        injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
+    };
+}
+
+function sameOriginFrameShouldBeAllowed(policy) {
+    window.onload = function () {
+        injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
+    };
+}
+
+function testNestedIFrame(policy, parent, child, expectation) {
+    window.onload = function () {
+        injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", false /* isSandboxed */);
+    };
+}
+
+function testNestedSandboxedIFrame(policy, parent, child, expectation) {
+    window.onload = function () {
+        injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", true /* isSandboxed */);
+    };
+}