blob: de94fb2cf435de13665e5d7aa0abc0ac2fcc035d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
<!doctype html>
<meta charset=utf-8>
<title>localStorage: about:blank partitioning</title>
<meta name=help href="https://privacycg.github.io/storage-partitioning/">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/webstorage/resources/partitioning-utils.js"></script>
<body>
<script>
const path =
"webstorage/resources/localstorage-about-blank-partitioned-win-open.html";
const crossSiteURL = `${get_host_info().HTTP_NOTSAMESITE_ORIGIN}/${path}`;
const sameSiteURL = `${get_host_info().HTTP_ORIGIN}/${path}`;
let firstPartyID = getOrCreateID("userID3");
let crossSiteIframeID;
let sameSiteIframeID;
let crossSiteIframe;
let crossSiteIframeAboutBlankID;
let frameMessageCount = 0;
promise_test(async t => {
localStorage.clear();
// Step 1. Add a cross-site iframe
return addIframePromise(crossSiteURL).then(async crossSiteIframe => {
return new Promise(resolve => {
window.addEventListener("message", async e => {
const payload = {
command: "open about:blank window"
}
if (e.data.message === "window loaded") {
// Step 2. cross-site iframe is loaded, capture reference to its ID
crossSiteIframeID = e.data.userID;
// Step 3. Ask the cross-site iframe to create an about:blank window
crossSiteIframe.contentWindow.postMessage(payload, e.origin);
}
if (e.data.message === "about:blank frame ID") {
// Step 4. capture reference to 3P iframe's about:blank window ID
crossSiteIframeAboutBlankID = e.data.userID;
crossSiteIframe.contentWindow.postMessage(
{command: "close about:blank window"}, "*");
}
if (e.data.message === "about:blank window closed") {
resolve({crossSiteIframeID, crossSiteIframeAboutBlankID});
}
});
}).then(ids => {
const {
crossSiteIframeID,
crossSiteIframeAboutBlankID
} = ids;
// Step 5. Assert some things
for (let id in ids) {
assert_true(id !== undefined, "id is not undefined");
}
// Note: we use assert_true, rather than assert_equals becuase we're
// setting random numbers as IDs - this would mean expectations
// files wouldn't work as intended.
assert_true(crossSiteIframeAboutBlankID !== crossSiteIframeID,
"about:blank window opened by 3P iframe does not inherit 3P iframe's StorageKey");
assert_true(firstPartyID !== crossSiteIframeAboutBlankID,
"about:blank window open by 3P iframe does not inherit 1P StorageKey");
localStorage.clear();
})
});
}, "StorageKey: test 3P about:blank window opened from a 3P iframe");
</script>
</body>
|
