1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
<!DOCTYPE html>
<title>Subframe loading from Web Bundles</title>
<link
rel="help"
href="https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md"
/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="../resources/test-helpers.js"></script>
<body>
<script>
setup(() => {
assert_true(HTMLScriptElement.supports("webbundle"));
});
promise_test(async (t) => {
const bundle_url = "../resources/wbn/uuid-in-package.wbn";
const frame_url = "uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae";
const iframe = await createWebBundleElementAndIframe(
t,
bundle_url,
frame_url
);
// The iframe is cross-origin. So accessing iframe.contentWindow.location
// should throw a SecurityError.
assert_throws_dom("SecurityError", () => {
iframe.contentWindow.location.href;
});
}, "The uuid-in-package: URL iframe must be cross-origin.");
uuid_iframe_test(
"location.href",
"uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae",
"location.href in opaque-origin iframe."
);
uuid_iframe_test(
"(" +
(() => {
try {
let result = window.localStorage;
return "no error";
} catch (e) {
return e.name;
}
}).toString() +
")()",
"SecurityError",
"Accesing window.localStorage should throw a SecurityError."
);
uuid_iframe_test(
"(" +
(() => {
try {
let result = window.sessionStorage;
return "no error";
} catch (e) {
return e.name;
}
}).toString() +
")()",
"SecurityError",
"Accesing window.sessionStorage should throw a SecurityError."
);
uuid_iframe_test(
"(" +
(() => {
try {
let result = document.cookie;
return "no error";
} catch (e) {
return e.name;
}
}).toString() +
")()",
"SecurityError",
"Accesing document.cookie should throw a SecurityError."
);
uuid_iframe_test(
"(" +
(() => {
try {
let request = window.indexedDB.open("db");
return "no error";
} catch (e) {
return e.name;
}
}).toString() +
")()",
"SecurityError",
"Opening an indexedDB should throw a SecurityError."
);
uuid_iframe_test(
"window.caches === undefined",
true,
"window.caches should be undefined."
);
function uuid_iframe_test(code, expected, name) {
promise_test(async (t) => {
const bundle_url = "../resources/wbn/uuid-in-package.wbn";
const frame_url =
"uuid-in-package:429fcc4e-0696-4bad-b099-ee9175f023ae";
const iframe = await createWebBundleElementAndIframe(
t,
bundle_url,
frame_url
);
assert_equals(await evalInIframe(iframe, code), expected);
}, name + "uuid-in-package");
}
async function createWebBundleElementAndIframe(t, bundle_url, frame_url) {
const element = createWebBundleElement(bundle_url, [frame_url]);
document.body.appendChild(element);
const iframe = document.createElement("iframe");
t.add_cleanup(() => {
document.body.removeChild(element);
document.body.removeChild(iframe);
});
iframe.src = frame_url;
const load_promise = new Promise((resolve) => {
iframe.addEventListener("load", resolve);
});
document.body.appendChild(iframe);
await load_promise;
return iframe;
}
</script>
</body>
|
