Update Web Platform Tests for Feature Policy integration into HTML spec.

Change-Id: Ibfcc3e8bc217aff8782d2aec4c1b73bb4a193e1e
web-platform-tests · May 11, 2018 · 47a3471 · 47a3471
1 parent 3676e24
commit 47a3471
Show file tree

Hide file tree

Showing 2 changed files with 115 additions and 8 deletions.
diff --git a/html/semantics/embedded-content/the-iframe-element/iframe-allow.html b/html/semantics/embedded-content/the-iframe-element/iframe-allow.html
@@ -0,0 +1,67 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Check processing of allow attribute in nested browsing context</title>
+<link rel="author" title="Google" href="https://www.google.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-allow">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object">
+<link rel="help" href="https://fullscreen.spec.whatwg.org/#fullscreen-enabled-flag">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<div id="log"></div>
+<script>
+  // This returns a data URL (cross-origin with the containing document) which
+  // advances a counter, and reports the counter value together with the
+  // document's fullscreenEnabled state, every time it receives a postMessage.
+  // Fullscreen itself is not important for this test, but the flag is a useful
+  // indicator of whether a policy-controlled-feature is allowed or denied.
+  function getSourceForCrossOriginPage(initial_count) {
+    var page_contents = "<html><body><script>var count="+initial_count+";window.addEventListener('message',function(){parent.postMessage({'count':count++,'fullscreenEnabled':document.fullscreenEnabled},'*');});</scr"+"ipt></body></html>";
+    return "data:text/html;base64,"+btoa(page_contents);
+  }
+
+  async_test(function(t) {
+    var iframe = document.createElement("iframe");
+    iframe.src = getSourceForCrossOriginPage(0);
+
+    iframe.addEventListener('load', function() {
+      // Request the fullscreenEnabled state whenever the frame loads
+      iframe.contentWindow.postMessage(true,"*");
+    });
+
+    window.addEventListener('message', this.step_func(function(msg) {
+      if (msg.data.count == 0) {
+        assert_false(msg.data.fullscreenEnabled, "Document inside cross-origin iframe without allow attribute should not have feature enabled");
+        iframe.setAttribute("allow", "fullscreen");
+        iframe.contentWindow.postMessage(true,"*"); // Request state again
+      } else if (msg.data.count == 1) {
+        assert_false(msg.data.fullscreenEnabled, "Feature should be denied when correct allow attribute is added, before reload");
+        iframe.src = getSourceForCrossOriginPage(2); // Reload the frame
+      } else if (msg.data.count == 2) {
+        assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when correct allow attribute is added, after reload");
+        iframe.removeAttribute("allow");
+        iframe.contentWindow.postMessage(true,"*"); // Request state again
+      } else if (msg.data.count == 3) {
+        assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when allow attribute is removed, before reload");
+        iframe.src = getSourceForCrossOriginPage(4); // Reload the frame
+      } else if (msg.data.count == 4) {
+        assert_false(msg.data.fullscreenEnabled, "Feature should be denied when allow attribute is removed, after reload");
+        iframe.setAttribute("allow", "payment");  // Set allow to an unrelated feature
+        iframe.src = getSourceForCrossOriginPage(5); // Reload the frame
+      } else if (msg.data.count == 5) {
+        assert_false(msg.data.fullscreenEnabled, "Feature should be denied with incorrect allow attribute");
+        iframe.setAttribute("allow", "payment;fullscreen");  // Include fullscreen again
+        iframe.src = getSourceForCrossOriginPage(6); // Reload the frame
+      } else if (msg.data.count == 6) {
+        assert_true(msg.data.fullscreenEnabled, "Feature should be allowed with complex allow attribute");
+        t.done();
+      }
+    }));
+
+    document.body.appendChild(iframe);
+    t.add_cleanup(function() {
+      document.body.removeChild(iframe);
+    });
+  }, "iframe-cross-origin-allow");
+
+</script>
diff --git a/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen.html b/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen.html
@@ -3,13 +3,21 @@
 <title>Check how allowfullscreen affects fullscreen enabled flag</title>
 <link rel="author" title="Xidorn Quan" href="https://www.upsuper.org">
 <link rel="author" title="Mozilla" href="https://www.mozilla.org">
-<link rel="help" href="https://html.spec.whatwg.org/multipage/browsers.html#initialise-the-document-object">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object">
 <link rel="help" href="https://fullscreen.spec.whatwg.org/#fullscreen-enabled-flag">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 
 <div id="log"></div>
 <script>
+  // This returns a data URL (cross-origin with the containing document) which
+  // advances a counter, and reports the counter value together with the
+  // document's fullscreenEnabled state, every time it receives a postMessage.
+  function getSourceForCrossOriginPage(initial_count) {
+    var page_contents = "<html><body><script>var count="+initial_count+";window.addEventListener('message',function(){parent.postMessage({'count':count++,'fullscreenEnabled':document.fullscreenEnabled},'*');});</scr"+"ipt></body></html>";
+    return "data:text/html;base64,"+btoa(page_contents);
+  }
+
   async_test(function(t) {
     var iframe = document.createElement("iframe");
     iframe.src = "support/blank.htm";
@@ -21,13 +29,45 @@
 
     assert_true(document.fullscreenEnabled, "Top level document has fullscreen enabled flag set");
     eventWatcher.wait_for("load").then(t.step_func_done(function() {
-      assert_false(iframe.contentDocument.fullscreenEnabled, "Document inside iframe without allowfullscreen attribute should not have fullscreen enabled flag set");
-      iframe.setAttribute("allowfullscreen", true);
-      assert_true(iframe.contentDocument.fullscreenEnabled, "Fullscreen should be allowed when allowfullscreen attribute is set");
-      iframe.removeAttribute("allowfullscreen");
-      assert_false(iframe.contentDocument.fullscreenEnabled, "Fullscreen should be denied when allowfullscreen attribute is removed");
+      assert_true(iframe.contentDocument.fullscreenEnabled, "Document inside same-origin iframe without allowfullscreen attribute should still have fullscreen enabled flag set");
     }));
-  }, "iframe-allowfullscreen");
+  }, "iframe-same-origin-allowfullscreen");
+
+  async_test(function(t) {
+    var iframe = document.createElement("iframe");
+    iframe.src = getSourceForCrossOriginPage(0);
+
+    iframe.addEventListener('load', function() {
+      // Request the fullscreenEnabled state whenever the frame loads
+      iframe.contentWindow.postMessage(true,"*");
+    });
+
+    window.addEventListener('message', this.step_func(function(msg) {
+      if (msg.data.count == 0) {
+        assert_false(msg.data.fullscreenEnabled, "Document inside cross-origin iframe without allowfullscreen attribute should not have fullscreen enabled flag set");
+        iframe.setAttribute("allowfullscreen", true);
+        iframe.contentWindow.postMessage(true,"*"); // Request state again
+      } else if (msg.data.count == 1) {
+        assert_false(msg.data.fullscreenEnabled, "Fullscreen should be denied when allowfullscreen attribute is added, before reload");
+        iframe.src = getSourceForCrossOriginPage(2); // Reload the frame
+      } else if (msg.data.count == 2) {
+        assert_true(msg.data.fullscreenEnabled, "Fullscreen should be allowed when allowfullscreen attribute is added, after reload");
+        iframe.removeAttribute("allowfullscreen");
+        iframe.contentWindow.postMessage(true,"*"); // Request state again
+      } else if (msg.data.count == 3) {
+        assert_true(msg.data.fullscreenEnabled, "Fullscreen should be allowed when allowfullscreen attribute is removed, before reload");
+        iframe.src = getSourceForCrossOriginPage(4); // Reload the frame
+      } else if (msg.data.count == 4) {
+        assert_false(msg.data.fullscreenEnabled, "Fullscreen should be denied when allowfullscreen attribute is removed, after reload");
+        t.done();
+      }
+    }));
+
+    document.body.appendChild(iframe);
+    t.add_cleanup(function() {
+      document.body.removeChild(iframe);
+    });
+  }, "iframe-cross-origin-allowfullscreen");
 
   /* Fullscreen enabled flag with about:blank */
 
@@ -41,7 +81,7 @@
 
   test(function() {
     test_allowfullscreen_noload(function() {}, function(doc) {
-      assert_false(doc.fullscreenEnabled, "Fullscreen should not be enabled without allowfullscreen attribute");
+      assert_true(doc.fullscreenEnabled, "Fullscreen should still be enabled in same-origin document without allowfullscreen attribute");
     });
   }, "iframe-noload-noallowfullscreen");