-
Notifications
You must be signed in to change notification settings - Fork 54
/
opaque-origin.https.window.js
82 lines (67 loc) · 2.96 KB
/
opaque-origin.https.window.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
'use strict';
const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html';
function add_iframe(test, src, sandbox) {
const iframe = document.createElement('iframe');
iframe.src = src;
if (sandbox !== undefined) {
iframe.sandbox = sandbox;
}
document.body.appendChild(iframe);
test.add_cleanup(() => {
iframe.remove();
});
}
// Creates a data URI iframe that uses postMessage() to provide its parent
// with the test result. The iframe checks for the existence of
// |property_name| on the window.
async function verify_does_not_exist_in_data_uri_iframe(
test, property_name) {
const iframe_content =
'<script>' +
' const is_property_name_defined = ' +
` (self.${property_name} !== undefined);` +
' parent.postMessage({is_property_name_defined}, "*")' +
'</script>';
const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`;
add_iframe(test, data_uri);
const event_watcher = new EventWatcher(test, self, 'message');
const message_event = await event_watcher.wait_for('message')
assert_false(message_event.data.is_property_name_defined,
`Data URI iframes must not define '${property_name}'.`);
}
// |kSandboxWindowUrl| sends two messages to this window. The first is the
// result of chooseFileSystemEntries(). The second is the result of
// getSystemDirectory(). For windows using sandbox='allow-scripts',
// both results must produce rejected promises.
async function verify_results_from_sandboxed_child_window(test) {
const event_watcher = new EventWatcher(test, self, 'message');
const first_message_event = await event_watcher.wait_for('message');
assert_equals(first_message_event.data,
'chooseFileSystemEntries(): REJECTED: SecurityError');
const second_message_event = await event_watcher.wait_for('message');
assert_equals(second_message_event.data,
'getSystemDirectory(): REJECTED: SecurityError');
}
promise_test(async test => {
await verify_does_not_exist_in_data_uri_iframe(
test, 'chooseFileSystemEntries');
}, 'chooseFileSystemEntries() must be undefined for data URI iframes.');
promise_test(async test => {
await verify_does_not_exist_in_data_uri_iframe(
test, 'FileSystemDirectoryHandle');
}, 'FileSystemDirectoryHandle must be undefined for data URI iframes.');
promise_test(async test => {
add_iframe(test, kSandboxWindowUrl, /*sandbox=*/'allow-scripts');
await verify_results_from_sandboxed_child_window(test);
}, 'FileSystemDirectoryHandle.getSystemDirectory() and ' +
'chooseFileSystemEntries() must reject in a sandboxed iframe.');
promise_test(async test => {
const child_window_url = kSandboxWindowUrl +
'?pipe=header(Content-Security-Policy, sandbox allow-scripts)';
const child_window = window.open(child_window_url);
test.add_cleanup(() => {
child_window.close();
});
await verify_results_from_sandboxed_child_window(test);
}, 'FileSystemDirectoryHandle.getSystemDirectory() and '
+ 'chooseFileSystemEntries() must reject in a sandboxed opened window.');