Prerender: Allow prerendering pages to create blob URL

Previously, prerendering pages cannot create blob URLs, as this API uses a sync IPC to communicate, and we would cancel prerendering by default in this case to ensure prerendering is safe. After auditing it (see reasoning), we think creating an object URL seems safe, and we can grant it during prerendering. Reasoning: - The blob url should be same-origin as the prerendering origin, so we do not touch other origins. - The security concerns should be addressed by this API. https://w3c.github.io/FileAPI/#security-discussion Bug: 1406125 Change-Id: I3c94e45fe59adb7227a71a702a4793ee8281b395 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4583910 Commit-Queue: Lingqi Chi <lingqi@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/main@{#1152423}
web-platform-tests · Jul 11, 2023 · 1043306 · 1043306
1 parent ddc6745
commit 1043306
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/speculation-rules/prerender/blob_object_url.html b/speculation-rules/prerender/blob_object_url.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<title>Same-origin prerendering page can create a url for the given
+objects</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="resources/utils.js"></script>
+<body>
+<script>
+
+setup(() => assertSpeculationRulesIsSupported());
+
+promise_test(async t => {
+  const {exec} = await create_prerendered_page(t);
+
+  const result = await exec(async () => {
+    const blob_contents = "test blob contents";
+    const blob = new Blob([blob_contents]);
+    const url = URL.createObjectURL(blob);
+    const fetched_content = await fetch(url).then(response => response.text());
+    URL.revokeObjectURL(url);
+    return fetched_content === blob_contents ? "PASS" : "FAIL";
+  });
+
+  // Start prerendering a page that attempts to create a url for a blob.
+  assert_equals(
+    result, "PASS",
+    'prerendering page should be able to create a url for blob and fetch it.');
+}, 'prerendering page should be able create url');
+
+</script>
+</body>