From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../sandbox/iframe-inside-csp.sub.html             | 18 ++++++
 .../sandbox/meta-element.sub.html                  | 46 +++++++++++++++
 .../sandbox-allow-scripts-subframe.sub.html        | 22 +++++++
 .../sandbox/sandbox-allow-scripts.sub.html         | 22 +++++++
 .../sandbox/sandbox-empty-subframe.sub.html        | 23 ++++++++
 .../sandbox/sandbox-empty.sub.html                 | 25 ++++++++
 .../sandbox/service-worker-sandbox.https.html      | 67 ++++++++++++++++++++++
 .../sandbox/shared-worker-sandbox.html             | 18 ++++++
 .../sandbox/support/empty.html                     |  0
 .../sandbox/support/post-origin-on-load-worker.js  |  1 +
 .../sandbox/support/sandboxed-data-iframe.sub.html |  1 +
 .../sandboxed-data-iframe.sub.html.sub.headers     |  1 +
 .../sandbox/support/sandboxed-eval.sub.html        |  4 ++
 .../support/sandboxed-eval.sub.html.sub.headers    |  1 +
 .../support/sandboxed-post-message-to-parent.html  |  3 +
 .../support/sandboxed-post-property-to-opener.html |  3 +
 ...dboxed-post-property-to-opener.html.sub.headers |  1 +
 .../sandbox/support/sandboxed-service-worker.js    | 14 +++++
 .../support/sandboxed-service-worker.js.headers    |  1 +
 .../sandbox/support/sandboxed-shared-worker.js     |  3 +
 .../support/sandboxed-shared-worker.js.headers     |  1 +
 .../unsandboxed-post-property-to-opener.html       |  3 +
 .../sandbox/window-reuse-sandboxed.html            | 22 +++++++
 .../sandbox/window-reuse-unsandboxed.html          | 22 +++++++
 24 files changed, 322 insertions(+)
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/iframe-inside-csp.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/meta-element.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts-subframe.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty-subframe.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/service-worker-sandbox.https.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/shared-worker-sandbox.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/empty.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/post-origin-on-load-worker.js
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html.sub.headers
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html.sub.headers
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-message-to-parent.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html.sub.headers
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js.headers
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js.headers
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/support/unsandboxed-post-property-to-opener.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/window-reuse-sandboxed.html
 create mode 100644 testing/web-platform/tests/content-security-policy/sandbox/window-reuse-unsandboxed.html

(limited to 'testing/web-platform/tests/content-security-policy/sandbox')

diff --git a/testing/web-platform/tests/content-security-policy/sandbox/iframe-inside-csp.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/iframe-inside-csp.sub.html
new file mode 100644
index 0000000000..cd402bdba0
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/iframe-inside-csp.sub.html
@@ -0,0 +1,18 @@
+<html>
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' 'self'; connect-src 'self';">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["PASS (1/2): Script can execute","PASS (2/2): Eval works"]'></script>
+    <script src='../support/alertAssert.sub.js?alerts=[]'></script>
+</head>
+<body>
+  <script>
+    window.onmessage = function(e) {
+      log(e.data);
+    }
+  </script>
+  <iframe src="support/sandboxed-eval.sub.html"></iframe>
+</body>
+</html>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/meta-element.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/meta-element.sub.html
new file mode 100644
index 0000000000..cd8da8f14c
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/meta-element.sub.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<meta content="sandbox allow-scripts" http-equiv="Content-Security-Policy">
+<body>
+<iframe id="iframe"></iframe>
+<script>
+// According to
+// https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv-content-security-policy
+// `sandbox` directives must be ignored when delivered via `<meta>`.
+test(() => {
+  assert_equals(location.origin, "{{location[scheme]}}://{{location[host]}}");
+}, "Document shouldn't be sandboxed by <meta>");
+
+// Note: sandbox directive for workers are not yet specified.
+// https://github.com/w3c/webappsec-csp/issues/279
+// Anyway workers shouldn't be affected by sandbox directives in `<meta>`.
+async_test(t => {
+  const worker = new Worker("support/post-origin-on-load-worker.js");
+  worker.onerror = t.unreached_func("Worker construction failed");
+  worker.onmessage = t.step_func_done(e => {
+    assert_equals(e.data, "{{location[scheme]}}://{{location[host]}}");
+  });
+}, "Worker shouldn't be sandboxed by inheriting <meta>");
+
+parent.async_test(t => {
+  // Although <iframe about:blank> should inherit parent's CSP,
+  // sandbox directives in <meta> should be ignored in the first place,
+  // so workers created from such <iframe>s shouldn't also be sandboxed.
+  const iframeDocument = document.querySelector("#iframe").contentDocument;
+  const script = iframeDocument.createElement("script");
+  script.innerText = `
+    const worker = new Worker("support/post-origin-on-load-worker.js");
+    worker.onerror = () => parent.postMessage("onerror", "*");
+    worker.onmessage = (e) => parent.postMessage(e.data, "*");
+  `;
+  iframeDocument.body.appendChild(script);
+
+  // Receive message from <iframe>.
+  onmessage = t.step_func_done(e => {
+    assert_equals(e.data, "{{location[scheme]}}://{{location[host]}}");
+  });
+}, "Worker shouldn't be sandboxed when created <iframe> inheriting parent's CSP with sandbox <meta>");
+</script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts-subframe.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts-subframe.sub.html
new file mode 100644
index 0000000000..1d6db3cde7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts-subframe.sub.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["Message"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+</head>
+
+<body>
+    <script>
+       window.onmessage = function(e) {
+           log(e.data);
+       }
+    </script>
+
+    <iframe src="support/sandboxed-data-iframe.sub.html?sandbox=allow-scripts"></iframe>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts.sub.html
new file mode 100644
index 0000000000..e58402e4ba
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-allow-scripts.sub.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["Message"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+</head>
+
+<body>
+    <script>
+       window.onmessage = function(e) {
+           log(e.data);
+       }
+    </script>
+
+    <iframe src="support/sandboxed-post-message-to-parent.html?sandbox=allow-scripts"></iframe>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty-subframe.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty-subframe.sub.html
new file mode 100644
index 0000000000..3396e566b8
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty-subframe.sub.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["PASS2"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+</head>
+
+<body>
+    <script>
+       window.onmessage = function(e) {
+           log(e.data);
+       }
+    </script>
+
+    <iframe src="support/sandboxed-data-iframe.sub.html?sandbox="
+            onload="log('PASS2')"></iframe>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty.sub.html
new file mode 100644
index 0000000000..4703471020
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/sandbox-empty.sub.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src='../support/logTest.sub.js?logs=["PASS2"]'></script>
+    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
+</head>
+
+<body>
+    <p>This test passes if it does alert pass.</p>
+
+    <script>
+       window.onmessage = function(e) {
+           log(e.data);
+       }
+    </script>
+
+    <iframe src="support/sandboxed-post-message-to-parent.sub.html?sandbox="
+            onload="log('PASS2')"></iframe>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/service-worker-sandbox.https.html b/testing/web-platform/tests/content-security-policy/sandbox/service-worker-sandbox.https.html
new file mode 100644
index 0000000000..8b7d72e0ef
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/service-worker-sandbox.https.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+<body>
+<script>
+let frame = null;
+let worker = null;
+const scope = 'support/empty.html';
+const script = 'support/sandboxed-service-worker.js';
+
+// Currently, sandbox directives for workers are not specified
+// https://github.com/w3c/webappsec-csp/issues/279
+// and thus this test asserts that the origin of ServiceWorker is not sandboxed.
+
+// Global setup: this must be the first promise_test.
+promise_test(async (t) => {
+  const registration =
+      await service_worker_unregister_and_register(t, script, scope);
+  worker = registration.installing;
+  await wait_for_state(t, worker, 'activated');
+  frame = await with_iframe(scope);
+
+  // Global cleanup: the final promise_test.
+  promise_test(() => {
+    if (frame)
+      frame.remove();
+     return registration.unregister();
+  }, 'global cleanup');
+}, 'global setup');
+
+promise_test(async (t) => {
+  const r = await frame.contentWindow.fetch('/get-origin', {mode: 'cors'});
+  const j = await r.json();
+  assert_equals(j.origin, location.origin, 'Origin should not be sandboxed');
+}, 'Origin of service worker');
+
+promise_test(async (t) => {
+  const r = await frame.contentWindow.fetch('/get-origin',
+                                            {mode: 'same-origin'});
+  const j = await r.json();
+  assert_equals(j.origin, location.origin, 'Origin should not be opaque');
+}, 'Response generated by service worker can be fetched as same-origin');
+
+// Because the origin of service worker should be `location.origin`,
+// fetches from service worker to `location.origin` should be successful.
+for (const mode of ['same-origin', 'cors']) {
+  for (const hasACAOrigin of [true, false]) {
+    promise_test(async (t) => {
+      const final_url = new URL('/fetch/api/resources/', location);
+      final_url.pathname += hasACAOrigin ? 'cors-top.txt' : 'top.txt';
+      final_url.searchParams.set('hash', Math.random());
+
+      const url = new URL('/fetch', location);
+      url.searchParams.set('url', final_url);
+      url.searchParams.set('hash', Math.random());
+      const r = await frame.contentWindow.fetch(url, {mode});
+      const text = await r.text();
+      assert_equals(text, 'top');
+    }, 'Origin used in fetch on service worker (mode: ' +
+       mode +
+       (hasACAOrigin ? ', with ACAOrigin' : '') +
+       ')');
+  }
+}
+</script>
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/shared-worker-sandbox.html b/testing/web-platform/tests/content-security-policy/sandbox/shared-worker-sandbox.html
new file mode 100644
index 0000000000..86b39b9ad4
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/shared-worker-sandbox.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+// Currently, sandbox directives for workers are not specified
+// https://github.com/w3c/webappsec-csp/issues/279
+// and thus this test asserts that the origin of SharedWorker is not sandboxed.
+async_test(t => {
+  const worker = new SharedWorker("support/sandboxed-shared-worker.js?" + Math.random());
+  worker.onerror = t.unreached_func("SharedWorker construction failed");
+  worker.port.onmessage = t.step_func_done(e => {
+    assert_equals(e.data, location.origin, "Origin should not be sandboxed");
+  });
+}, "sandbox directive for SharedWorker");
+</script>
+</body>
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/empty.html b/testing/web-platform/tests/content-security-policy/sandbox/support/empty.html
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/post-origin-on-load-worker.js b/testing/web-platform/tests/content-security-policy/sandbox/support/post-origin-on-load-worker.js
new file mode 100644
index 0000000000..21ce5748ab
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/post-origin-on-load-worker.js
@@ -0,0 +1 @@
+postMessage(self.origin);
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html
new file mode 100644
index 0000000000..fafd4dc770
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html
@@ -0,0 +1 @@
+<iframe src="data:text/html,&lt;script&gt;window.top.postMessage(&apos;Message&apos;,&apos;*&apos;);&lt;/script&gt;"></iframe>
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html.sub.headers
new file mode 100644
index 0000000000..a7ea308208
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-data-iframe.sub.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox {{GET[sandbox]}};
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html
new file mode 100644
index 0000000000..9480e521de
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html
@@ -0,0 +1,4 @@
+<script>
+  window.parent.postMessage('PASS (1/2): Script can execute', '*');
+  eval("window.parent.postMessage('PASS (2/2): Eval works', '*')");
+</script>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html.sub.headers b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html.sub.headers
new file mode 100644
index 0000000000..c7e4e7cc5b
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-eval.sub.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-scripts
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-message-to-parent.html b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-message-to-parent.html
new file mode 100644
index 0000000000..ef4b1a0b95
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-message-to-parent.html
@@ -0,0 +1,3 @@
+<script>
+  window.top.postMessage("Message", "*");
+</script>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html
new file mode 100644
index 0000000000..ebbb54d36d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html
@@ -0,0 +1,3 @@
+<script>
+  window.opener.postMessage(window.testProperty, "*");
+</script>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html.sub.headers b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html.sub.headers
new file mode 100644
index 0000000000..a7ea308208
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-post-property-to-opener.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox {{GET[sandbox]}};
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js
new file mode 100644
index 0000000000..d4971266f5
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js
@@ -0,0 +1,14 @@
+self.addEventListener('fetch', function(event) {
+    const url = new URL(event.request.url);
+    if (url.pathname.indexOf('get-origin') != -1) {
+      event.respondWith(new Promise(function(resolve) {
+        resolve(new Response(JSON.stringify({
+            origin: self.origin
+          })));
+        }));
+    }
+    else if (url.pathname.indexOf('fetch') != -1) {
+      event.respondWith(fetch(url.searchParams.get('url'),
+                              {mode: event.request.mode}));
+    }
+  });
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js.headers b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js.headers
new file mode 100644
index 0000000000..1efcf8c226
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-service-worker.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-scripts
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js
new file mode 100644
index 0000000000..eb85eb41b4
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js
@@ -0,0 +1,3 @@
+self.onconnect = e => {
+  e.ports[0].postMessage(self.origin);
+};
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js.headers b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js.headers
new file mode 100644
index 0000000000..1efcf8c226
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/sandboxed-shared-worker.js.headers
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-scripts
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/support/unsandboxed-post-property-to-opener.html b/testing/web-platform/tests/content-security-policy/sandbox/support/unsandboxed-post-property-to-opener.html
new file mode 100644
index 0000000000..ebbb54d36d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/support/unsandboxed-post-property-to-opener.html
@@ -0,0 +1,3 @@
+<script>
+  window.opener.postMessage(window.testProperty, "*");
+</script>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/window-reuse-sandboxed.html b/testing/web-platform/tests/content-security-policy/sandbox/window-reuse-sandboxed.html
new file mode 100644
index 0000000000..a7a080daf7
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/window-reuse-sandboxed.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <script>
+      var t = async_test("Window object should not be reused");
+
+      window.onmessage = t.step_func_done(function(e) {
+        assert_equals(e.data, undefined);
+      });
+
+      w = window.open("support/sandboxed-post-property-to-opener.html?sandbox=allow-scripts","","width=400,height=400");
+      w.testProperty = "test";
+    </script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/testing/web-platform/tests/content-security-policy/sandbox/window-reuse-unsandboxed.html b/testing/web-platform/tests/content-security-policy/sandbox/window-reuse-unsandboxed.html
new file mode 100644
index 0000000000..dd69c41354
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/sandbox/window-reuse-unsandboxed.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <script>
+      var t = async_test("Window object should be reused");
+
+      window.onmessage = t.step_func_done(function(e) {
+        assert_equals(e.data, "test");
+      });
+
+      w = window.open("support/unsandboxed-post-property-to-opener.html","","width=400,height=400");
+      w.testProperty = "test";
+    </script>
+</body>
+
+</html>
\ No newline at end of file
-- 
cgit v1.2.3