tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

federatedcredential-framed-get.sub.https.html (2986B)

      1 <!DOCTYPE html>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <script>
      5 assert_implements('FederatedCredential' in window, "`FederatedCredential` is supported.");
      6 
      7 // Ensure that the check is "same origin", not "same origin-domain".
      8 document.domain = window.location.hostname;
      9 
     10 function create_iframe_test(origin, expectation) {
     11    return function (t) {
     12        window.addEventListener("load", _ => {
     13            var iframe = document.createElement("iframe");
     14            iframe.src = origin + "/credential-management/support/federatedcredential-get.html";
     15            window.addEventListener("message", t.step_func(e => {
     16                if (e.source == iframe.contentWindow) {
     17                    if (expectation == "blocked") {
     18                      assert_equals(e.data.exception, "NotAllowedError");
     19                    } else {
     20                      if (e.data.exception)
     21                        assert_not_equals(e.data.exception, "NotAllowedError");
     22                    }
     23                    t.done();
     24                }
     25            }));
     26            document.body.appendChild(iframe);
     27        });
     28    };
     29 }
     30 
     31 function create_nested_iframe_test(outerOrigin, innerOrigin, expectation) {
     32    return function (t) {
     33        window.addEventListener("load", _ => {
     34            var iframe = document.createElement("iframe");
     35            iframe.src = outerOrigin + "/credential-management/support/echoing-nester.html?origin=" + innerOrigin + "&file=federatedcredential-get.html";
     36            window.addEventListener("message", t.step_func(e => {
     37                if (e.source == iframe.contentWindow) {
     38                    if (expectation == "blocked") {
     39                      assert_equals(e.data.exception, "NotAllowedError");
     40                    } else {
     41                      assert_equals(e.data.exception, null);
     42                    }
     43                    t.done();
     44                }
     45            }));
     46            document.body.appendChild(iframe);
     47        });
     48    };
     49 }
     50 
     51 const SAME_ORIGIN = window.origin;
     52 const CROSS_ORIGIN = "https://{{domains[élève]}}:{{ports[https][0]}}";
     53 
     54 async_test(
     55    create_iframe_test(SAME_ORIGIN, "allowed"),
     56    "Same-origin IFrame does not throw.");
     57 async_test(
     58    create_iframe_test(CROSS_ORIGIN, "blocked"),
     59    "Cross-origin IFrame throws 'NotAllowedError'.");
     60 
     61 async_test(
     62    create_nested_iframe_test(SAME_ORIGIN, SAME_ORIGIN, "allowed"),
     63    "Same-origin IFrame in same-origin IFrame does not throw.");
     64 
     65 async_test(
     66    create_nested_iframe_test(SAME_ORIGIN, CROSS_ORIGIN, "blocked"),
     67    "Same-origin IFrame in same-origin IFrame throws 'NotAllowedError'.");
     68 
     69 async_test(
     70    create_nested_iframe_test(CROSS_ORIGIN, SAME_ORIGIN, "blocked"),
     71    "Cross-origin IFrame in same-origin IFrame throws 'NotAllowedError'.");
     72 
     73 async_test(
     74    create_nested_iframe_test(CROSS_ORIGIN, CROSS_ORIGIN, "blocked"),
     75    "Cross-origin IFrame in same-cross-origin throws 'NotAllowedError'.");
     76 </script>