disallowed-navigation-to-blob.https.html (1412B)
1 <!DOCTYPE html> 2 <title>Fenced frame disallowed navigations to blob: URL</title> 3 <meta name="timeout" content="long"> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="/common/utils.js"></script> 7 <script src="resources/utils.js"></script> 8 <script src="/fetch/local-network-access/resources/support.sub.js"></script> 9 10 <body> 11 <script> 12 const kPublicUtils = resolveUrl("resources/utils.js", Server.HTTPS_PUBLIC); 13 14 function getTimeoutPromise(t) { 15 return new Promise(resolve => 16 t.step_timeout(() => resolve("NOT LOADED"), 2000)); 17 } 18 19 // The following tests ensure that an embedder cannot navigate a 20 // `mode=opaque-ads` fenced frame to an opaque URN or a fenced frame config 21 // object that represents a blob: URL 22 for (const resolve_to_config of [true, false]) { 23 promise_test(async t => { 24 const key = token(); 25 const blobURL = URL.createObjectURL( 26 new Blob([`${createLocalSource(key, kPublicUtils)}`], 27 {type: 'text/html'})); 28 const select_url_result = await runSelectURL(blobURL); 29 attachFencedFrame(select_url_result); 30 const loaded_promise = nextValueFromServer(key); 31 const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]); 32 assert_equals(result, "NOT LOADED"); 33 }, "fenced frame " + (resolve_to_config ? "config" : "urn:uuid") + 34 " => blob: URL"); 35 } 36 </script> 37 </body>