idbfactory-deleteDatabase-opaque-origin.html (3286B)
1 <!DOCTYPE html> 2 <meta charset=utf-8> 3 <title>IDBFactory.deleteDatabase() and opaque origins</title> 4 <script src=/resources/testharness.js></script> 5 <script src=/resources/testharnessreport.js></script> 6 <script> 7 8 function load_iframe(src, sandbox) { 9 return new Promise(resolve => { 10 const iframe = document.createElement('iframe'); 11 iframe.onload = () => { resolve(iframe); }; 12 if (sandbox) 13 iframe.sandbox = sandbox; 14 iframe.srcdoc = src; 15 iframe.style.display = 'none'; 16 document.documentElement.appendChild(iframe); 17 }); 18 } 19 20 function wait_for_message(recipient, source) { 21 return new Promise(resolve => { 22 recipient.onmessage = function listener(e) { 23 if (e.source === source) { 24 resolve(e.data); 25 recipient.removeEventListener('message', listener); 26 } 27 }; 28 }) 29 } 30 31 const test_code = 32 ' const handler = (reply) => {' + 33 ' try {' + 34 ' const r = indexedDB.deleteDatabase("opaque-origin-test");' + 35 ' reply({result: "no exception"});' + 36 ' } catch (ex) {' + 37 ' reply({result: ex.name});' + 38 ' };' + 39 ' };'; 40 41 const iframe_script = 42 '<script>' + 43 test_code + 44 ' window.onmessage = () => {' + 45 ' handler(msg => window.parent.postMessage(msg, "*"));' + 46 ' };' + 47 '<\/script>'; 48 49 promise_test(t => { 50 return load_iframe(iframe_script) 51 .then(iframe => { 52 iframe.contentWindow.postMessage({}, '*'); 53 return wait_for_message(self, iframe.contentWindow); 54 }) 55 .then(message => { 56 assert_equals(message.result, 'no exception', 57 'IDBFactory.deleteDatabase() should not throw'); 58 }); 59 }, 'IDBFactory.deleteDatabase() in non-sandboxed iframe should not throw'); 60 61 promise_test(t => { 62 return load_iframe(iframe_script, 'allow-scripts') 63 .then(iframe => { 64 iframe.contentWindow.postMessage({}, '*'); 65 return wait_for_message(self, iframe.contentWindow); 66 }) 67 .then(message => { 68 assert_equals(message.result, 'SecurityError', 69 'Exception should be SecurityError'); 70 }); 71 }, 'IDBFactory.deleteDatabase() in sandboxed iframe should throw SecurityError'); 72 73 const worker_script = ` 74 ${test_code} 75 // For dedicated workers: 76 self.addEventListener("message", () => handler(self.postMessage)); 77 // For shared workers: 78 self.addEventListener("connect", (e) => { 79 var port = e.ports[0]; 80 handler(msg => port.postMessage(msg)); 81 }); 82 `; 83 const worker_data_url = "data:,".concat(encodeURIComponent(worker_script)); 84 85 promise_test(async t => { 86 let worker = new Worker(worker_data_url); 87 t.add_cleanup(() => worker.terminate()); 88 worker.postMessage({}); 89 const message = await wait_for_message(worker, null); 90 assert_equals(message.result, 'SecurityError', 91 'Promise should be rejected with SecurityError'); 92 }, 'IDBFactory.deleteDatabase() in data URL dedicated worker should throw SecurityError'); 93 94 promise_test(async t => { 95 let worker = new SharedWorker(worker_data_url, 'idb_deleteDatabase_opaque'); 96 worker.port.postMessage({}); 97 const message = await wait_for_message(worker.port, null); 98 assert_equals(message.result, 'SecurityError', 99 'Promise should be rejected with SecurityError'); 100 }, 'IDBFactory.deleteDatabase() in data URL shared worker should throw SecurityError'); 101 </script>