commit ffd61027c8b258b8ef160c12c2e1c3db893c3c6f
parent 625cc68b41ae3d258ecab6ff725e21ad3d7067cb
Author: Mike West <mkwst@chromium.org>
Date: Wed, 15 Oct 2025 09:14:10 +0000
Bug 1994258 [wpt PR 55427] - [OriginAPI] Pass origin objects through `postMessage()` mojo calls., a=testonly
Automatic update from web-platform-tests
[OriginAPI] Pass origin objects through `postMessage()` mojo calls.
This CL adjusts the `LocalFrame::PostMessageEvent` and
`RemoteFrame::RouteMessageEvent` mojo methods to accept
`url.mojom.Origin` objects rather than strings to represent the
message's sender and acceptable targets.
This is one in a series of patches aiming to shift `MessageEvent` to
hold the correct `SecurityOrigin` rather than a string:
1. https://crrev.com/c/7003817 Remove `MessageEvent::origin()`
2. https://crrev.com/c/7003199 Shift to `SecurityOrigin`
3. https://crrev.com/c/7013689 [You are here.]
Bug: 449581913
Change-Id: I90cf29f380b5f04ee1d1b2f1d6305c01cf95e391
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7013689
Reviewed-by: Antonio Rivera <antoniori@google.com>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: David Dorwin <ddorwin@chromium.org>
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1529610}
--
wpt-commits: d5a12c0feac3953eceb3c2d56b2c3c26788e2414
wpt-pr: 55427
Diffstat:
1 file changed, 68 insertions(+), 0 deletions(-)
diff --git a/testing/web-platform/tests/html/browsers/origin/tentative/api/origin-from-messageevent-opaque.window.js b/testing/web-platform/tests/html/browsers/origin/tentative/api/origin-from-messageevent-opaque.window.js
@@ -0,0 +1,68 @@
+// META: title=`Origin.from(MessageEvent)` from opaque origins.
+// META: script=/common/get-host-info.sub.js
+
+async_test(t => {
+ const el = document.createElement('iframe');
+ el.sandbox = "allow-scripts";
+ el.srcdoc = `<script>window.top.postMessage("Hi.", "*");<\/script>`;
+ window.addEventListener("message", t.step_func(e => {
+ if (e.source === el.contentWindow) {
+ const origin = Origin.from(e);
+ assert_true(!!origin);
+ assert_true(origin.opaque);
+ t.done();
+ }
+ }));
+ document.body.appendChild(el);
+}, `Origin.from(MessageEvent) returns an opaque origin for a sandboxed frame.`);
+
+async_test(t => {
+ const el = document.createElement('iframe');
+ el.sandbox = "allow-scripts";
+ el.srcdoc = `
+ <script>
+ window.top.postMessage("Hi.", "*");
+ window.top.postMessage("Bye.", "*");
+ <\/script>`;
+ let eventOrigin = null;
+ window.addEventListener("message", t.step_func(e => {
+ if (e.source === el.contentWindow) {
+ const origin = Origin.from(e);
+ assert_true(!!origin);
+ assert_true(origin.opaque);
+ if (eventOrigin) {
+ assert_true(eventOrigin.isSameOrigin(origin));
+ t.done();
+ } else {
+ eventOrigin = origin;
+ }
+ }
+ }));
+ document.body.appendChild(el);
+}, `Origin.from(MessageEvent) returns the same opaque origin for each message from a sandboxed frame.`);
+
+async_test(t => {
+ const el = document.createElement('iframe');
+ el.sandbox = "allow-scripts";
+ el.srcdoc = `
+ <script>
+ window.top.postMessage("Hi.", "*");
+ window.addEventListener("message", e => { navigation.reload(); });
+ <\/script>`;
+ let eventOrigin = null;
+ window.addEventListener("message", t.step_func(e => {
+ if (e.source === el.contentWindow) {
+ const origin = Origin.from(e);
+ assert_true(!!origin);
+ assert_true(origin.opaque);
+ if (eventOrigin) {
+ assert_false(eventOrigin.isSameOrigin(origin));
+ t.done();
+ } else {
+ eventOrigin = origin;
+ e.source.postMessage("Reload thyself.", "*");
+ }
+ }
+ }));
+ document.body.appendChild(el);
+}, `Origin.from(MessageEvent) returns distinct opaque origins for each message from a reloaded sandboxed frame.`);
