grandparent_location_aboutsrcdoc.sub.window.js (3709B)
1 // META: script=./resources/testharness.js 2 // META: script=./resources/testharnessreport.js 3 4 function run_test(cross_origin, same_doc, sandbox, name) { 5 promise_test(async t => { 6 const child_frame = document.createElement('iframe'); 7 8 const child_relative_path = './resources/child_with_srcdoc_subframe.window.html'; 9 if (cross_origin) { 10 const new_origin = new URL('http://{{hosts[][www]}}:{{ports[http][1]}}'); 11 const child_url_same_site = new URL(child_relative_path, location.href); 12 child_frame.src = new_origin.origin + child_url_same_site.pathname; 13 } else { 14 child_frame.src = child_relative_path; 15 } 16 const iframe_load = new Promise(resolve => { 17 child_frame.onload = resolve; 18 }); 19 document.body.appendChild(child_frame); 20 await iframe_load; 21 22 let load_count = 0; 23 const test_finished = new Promise(resolve => { 24 window.onmessage = (e) => { 25 load_count++; 26 if (load_count == 1) { 27 assert_equals(e.data, "about:srcdoc"); 28 // Allow the main frame to try and set the grand child's location. 29 if (same_doc) { 30 if (!sandbox) { 31 // If `sandbox` is set, the child will self-navigate, otherwise 32 // the main frame initiates the same-document navigation. 33 frames[0][0].location = "about:srcdoc#the_anchor"; 34 } 35 } else { 36 frames[0][0].location = "about:srcdoc"; 37 } 38 } else if (load_count == 2) { 39 if (same_doc) { 40 // The result for same_doc is the same whether cross_origin is set 41 // or not. 42 assert_equals(e.data, "about:srcdoc#the_anchor"); 43 } else if (cross_origin) { 44 const child_url = new URL(child_frame.src); 45 const expected_data = "SecurityError: " + 46 "Failed to read a named property 'href' from 'Location': " + 47 "Blocked a frame with origin \"" + child_url.origin + 48 "\" from accessing a cross-origin frame." 49 assert_equals(String(e.data), expected_data); 50 } else { 51 assert_equals(e.data, "about:srcdoc"); 52 } 53 resolve(); 54 } 55 } 56 }); 57 let cmd_str = "load grandchild"; 58 if (sandbox) { 59 cmd_str += " sandbox"; 60 } 61 child_frame.contentWindow.postMessage(cmd_str, "*"); 62 await test_finished; 63 64 t.add_cleanup(() => child_frame.remove()) 65 }, name); 66 } 67 68 onload = () => { 69 // A cross-origin frame cannot set about:srcdoc but can do same-doc navigations. 70 run_test(cross_origin = true, same_doc = false, sandbox = false, name = 71 "cross-origin grandparent sets location to about:srcdoc"); 72 run_test(cross_origin = true, same_doc = true, sandbox = false, name = 73 "cross-origin grandparent sets location in same-doc navigation"); 74 75 // A same-origin frame can set about:srcdoc and also do same-doc navigations. 76 run_test(cross_origin = false, same_doc = false, sandbox = false, name = 77 "same-origin grandparent sets location to about:srcdoc"); 78 run_test(cross_origin = false, same_doc = true, sandbox = false, name = 79 "same-origin grandparent sets location in same-doc navigation"); 80 81 // For the sandboxed srcdoc cases, the srcdoc will be cross-origin to 82 // everything but itself, but it should be able to navigate itself same- 83 // document. 84 run_test(cross_origin = false, same_doc = true, sandbox = true, name = 85 "same-origin grandparent with sandboxed srcdoc grandchild that self navigates"); 86 run_test(cross_origin = true, same_doc = true, sandbox = true, name = 87 "cross-origin grandparent with sandboxed srcdoc grandchild that self navigate"); 88 };