idbfactory-open-opaque-origin.html (3371B)
1 <!DOCTYPE html> 2 <meta charset=utf-8> 3 <title>IDBFactory.open() and opaque origins</title> 4 <script src=/resources/testharness.js></script> 5 <script src=/resources/testharnessreport.js></script> 6 <script> 7 8 function load_iframe(src, sandbox) { 9 return new Promise(resolve => { 10 const iframe = document.createElement('iframe'); 11 iframe.onload = () => { resolve(iframe); }; 12 if (sandbox) 13 iframe.sandbox = sandbox; 14 iframe.srcdoc = src; 15 iframe.style.display = 'none'; 16 document.documentElement.appendChild(iframe); 17 }); 18 } 19 20 function wait_for_message(recipient, source) { 21 return new Promise(resolve => { 22 recipient.onmessage = function listener(e) { 23 if (e.source === source) { 24 resolve(e.data); 25 recipient.removeEventListener('message', listener); 26 } 27 }; 28 }) 29 } 30 31 const test_code = 32 ' const handler = (reply) => {' + 33 ' try {' + 34 ' indexedDB.deleteDatabase("opaque-origin-test");' + 35 ' } catch {}' + 36 ' try {' + 37 ' const r = indexedDB.open("opaque-origin-test");' + 38 ' r.onupgradeneeded = () => { r.transaction.abort(); };' + 39 ' reply({result: "no exception"});' + 40 ' } catch (ex) {' + 41 ' reply({result: ex.name});' + 42 ' };' + 43 ' };'; 44 45 const iframe_script = 46 '<script>' + 47 test_code + 48 ' window.onmessage = () => {' + 49 ' handler(msg => window.parent.postMessage(msg, "*"));' + 50 ' };' + 51 '<\/script>'; 52 53 promise_test(t => { 54 return load_iframe(iframe_script) 55 .then(iframe => { 56 iframe.contentWindow.postMessage({}, '*'); 57 return wait_for_message(self, iframe.contentWindow); 58 }) 59 .then(message => { 60 assert_equals(message.result, 'no exception', 61 'IDBFactory.open() should not throw'); 62 }); 63 }, 'IDBFactory.open() in non-sandboxed iframe should not throw'); 64 65 promise_test(t => { 66 return load_iframe(iframe_script, 'allow-scripts') 67 .then(iframe => { 68 iframe.contentWindow.postMessage({}, '*'); 69 return wait_for_message(self, iframe.contentWindow); 70 }) 71 .then(message => { 72 assert_equals(message.result, 'SecurityError', 73 'Exception should be SecurityError'); 74 }); 75 }, 'IDBFactory.open() in sandboxed iframe should throw SecurityError'); 76 77 const worker_script = ` 78 ${test_code} 79 // For dedicated workers: 80 self.addEventListener("message", () => handler(self.postMessage)); 81 // For shared workers: 82 self.addEventListener("connect", (e) => { 83 var port = e.ports[0]; 84 handler(msg => port.postMessage(msg)); 85 }); 86 `; 87 const worker_data_url = "data:,".concat(encodeURIComponent(worker_script)); 88 89 promise_test(async t => { 90 let worker = new Worker(worker_data_url); 91 t.add_cleanup(() => worker.terminate()); 92 worker.postMessage({}); 93 const message = await wait_for_message(worker, null); 94 assert_equals(message.result, 'SecurityError', 95 'Promise should be rejected with SecurityError'); 96 }, 'IDBFactory.open() in data URL dedicated workers should throw SecurityError'); 97 98 promise_test(async t => { 99 let worker = new SharedWorker(worker_data_url, 'idb_open_opaque'); 100 worker.port.postMessage({}); 101 const message = await wait_for_message(worker.port, null); 102 assert_equals(message.result, 'SecurityError', 103 'Promise should be rejected with SecurityError'); 104 }, 'IDBFactory.open() in data URL shared workers should throw SecurityError'); 105 </script>