iframe-all-local-schemes.sub.html (5972B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 5 <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> 6 7 <body> 8 9 <script> 10 function wait_for_error_from_frame(frame, test) { 11 window.addEventListener('message', test.step_func(e => { 12 if (e.source != frame.contentWindow) 13 return; 14 assert_equals(e.data, "error"); 15 frame.remove(); 16 test.done(); 17 })); 18 } 19 20 function wait_for_error_from_window(opened_window, test) { 21 window.addEventListener('message', test.step_func(e => { 22 if (e.source != opened_window) 23 return; 24 assert_equals(e.data, "error"); 25 opened_window.close(); 26 test.done(); 27 })); 28 } 29 30 async_test(t => { 31 var i = document.createElement('iframe'); 32 document.body.appendChild(i); 33 34 var img = document.createElement('img'); 35 img.onerror = t.step_func_done(_ => i.remove()); 36 img.onload = t.unreached_func(); 37 i.contentDocument.body.appendChild(img); 38 img.src = "{{location[server]}}/images/red-16x16.png"; 39 }, "<iframe>'s about:blank inherits policy."); 40 41 async_test(t => { 42 var w = window.open("about:blank"); 43 44 let then = t.step_func(() => { 45 then = () => {}; 46 var img = w.document.createElement('img'); 47 img.onerror = t.step_func_done(_ => w.close()); 48 img.onload = t.unreached_func(); 49 w.document.body.appendChild(img); 50 img.src = "{{location[server]}}/images/red-16x16.png"; 51 }); 52 53 // There are now interoperable way to wait for the initial about:blank 54 // document to load. Chrome loads it synchronously, hence we can't wait for 55 // w.onload. On the other side Firefox loads the initial empty document 56 // later and we can wait for the onload event. 57 w.onload = then; 58 setTimeout(then, 200); 59 60 // Navigations to about:blank happens synchronously. There is no need to 61 // wait for the document to load. 62 }, "window about:blank inherits policy."); 63 64 async_test(t => { 65 var i = document.createElement('iframe'); 66 i.srcdoc = ` 67 <img src='{{location[server]}}/images/red-16x16.png' 68 onload='window.top.postMessage("load", "*");' 69 onerror='window.top.postMessage("error", "*");' 70 > 71 `; 72 73 wait_for_error_from_frame(i, t); 74 75 document.body.appendChild(i); 76 }, "<iframe srcdoc>'s inherits policy."); 77 78 async_test(t => { 79 var i = document.createElement('iframe'); 80 var b = new Blob( 81 [` 82 <img src='{{location[server]}}/images/red-16x16.png' 83 onload='window.top.postMessage("load", "*");' 84 onerror='window.top.postMessage("error", "*");' 85 > 86 `], {type:"text/html"}); 87 i.src = URL.createObjectURL(b); 88 89 wait_for_error_from_frame(i, t); 90 91 document.body.appendChild(i); 92 }, "<iframe src='blob:...'>'s inherits policy."); 93 94 async_test(t => { 95 var b = new Blob( 96 [` 97 <img src='{{location[server]}}/images/red-16x16.png' 98 onload='window.opener.postMessage("load", "*");' 99 onerror='window.opener.postMessage("error", "*");' 100 > 101 `], {type:"text/html"}); 102 let url = URL.createObjectURL(b); 103 var w = window.open(url); 104 wait_for_error_from_window(w, t); 105 }, "window url='blob:...' inherits policy."); 106 107 async_test(t => { 108 var i = document.createElement('iframe'); 109 i.src = `data:text/html,<img src='{{location[server]}}/images/red-16x16.png' 110 onload='window.top.postMessage("load", "*");' 111 onerror='window.top.postMessage("error", "*");' 112 >`; 113 114 wait_for_error_from_frame(i, t); 115 116 document.body.appendChild(i); 117 }, "<iframe src='data:...'>'s inherits policy."); 118 119 // Opening a window toward a data-url isn't allowed anymore. Hence, it can't 120 // be tested. 121 122 async_test(t => { 123 var i = document.createElement('iframe'); 124 i.src = `javascript:"<img src='{{location[server]}}/images/red-16x16.png' 125 onload='window.top.postMessage(\\"load\\", \\"*\\");' 126 onerror='window.top.postMessage(\\"error\\", \\"*\\");' 127 >"`; 128 129 wait_for_error_from_frame(i, t); 130 131 document.body.appendChild(i); 132 }, "<iframe src='javascript:...'>'s inherits policy (static <img> is blocked)"); 133 134 async_test(t => { 135 let url = `javascript:"<img src='{{location[server]}}/images/red-16x16.png' 136 onload='window.opener.postMessage(\\"load\\", \\"*\\");' 137 onerror='window.opener.postMessage(\\"error\\", \\"*\\");' 138 >"`; 139 140 let w = window.open(url); 141 wait_for_error_from_window(w, t); 142 }, "window url='javascript:...'>'s inherits policy (static <img> is blocked)"); 143 144 // Same as the previous javascript-URL test, but instead of loading the <img> 145 // from the new document, this one is created from the initial empty document, 146 // while evaluating the javascript-url. 147 // See https://crbug.com/1064676 148 async_test(t => { 149 let url = `javascript: 150 let img = document.createElement('img'); 151 img.onload = () => window.top.postMessage('load', '*'); 152 img.onerror = () => window.top.postMessage('error', '*'); 153 img.src = '{{location[server]}}/images/red-16x16.png'; 154 document.body.appendChild(img); 155 `; 156 var i = document.createElement('iframe'); 157 i.src = encodeURI(url.replace(/\n/g, "")); 158 wait_for_error_from_frame(i, t); 159 160 document.body.appendChild(i); 161 }, "<iframe src='javascript:...'>'s inherits policy (dynamically inserted <img> is blocked)"); 162 163 async_test(t => { 164 var i = document.createElement('iframe'); 165 var b = new Blob( 166 [` 167 <img src='{{location[server]}}/images/red-16x16.png' 168 onload='window.top.postMessage("load", "*");' 169 onerror='window.top.postMessage("error", "*");' 170 > 171 `], {type:"text/html"}); 172 i.src = URL.createObjectURL(b); 173 i.sandbox = 'allow-scripts'; 174 175 wait_for_error_from_frame(i, t); 176 177 document.body.appendChild(i); 178 }, "<iframe sandbox src='blob:...'>'s inherits policy. (opaque origin sandbox)"); 179 180 </script>